Signal
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-05-25 05:17 UTCUpdated 2026-05-25 12:45 UTC
rss
cveexploitsmalwarethreat_actorssecurity_toolingincident_response
Trend in the last 24h
Current brief openSource links open
This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.3 top sources shown
Overview
The FBI has issued a warning about Kali365, a phishing-as-a-service (PhaaS) platform that targets Microsoft 365 accounts by abusing OAuth device code authentication.
Entities
MicrosoftGoogleKali365Jamie Collier
Score total
1.28
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
- The FBI's recent warning signals an active threat targeting Microsoft 365 users.
- Google's latest analysis reveals rapid evolution in phishing-as-a-service platforms in the Chinese underground.
- These developments demand immediate attention to strengthen defenses against token-based phishing attacks.
Why it matters
- Kali365 lowers the barrier for attackers to hijack Microsoft 365 accounts by bypassing MFA.
- Chinese-language phishing services demonstrate a shift to real-time token interception, increasing attack effectiveness.
- Understanding these evolving phishing tactics is critical for improving cloud account security measures.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- Kali365 phishing-as-a-service platform hijacks Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass MFA.
- Chinese-language phishing services have evolved to use real-time interception of one-time passcodes to bypass MFA, moving beyond static password harvesting.
How sources frame it
- FBI: neutral
- Google Threat Intelligence Group: neutral
This briefing highlights the FBI's alert on Kali365 and Google's analysis of evolving phishing services, emphasizing the growing sophistication of phishing attacks against cloud accounts.
All evidence
All evidence
BleepingComputer - FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
bleepingcomputer.com · bleepingcomputer.com · 2026-05-25 12:45 UTC
FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens
Infosecurity Magazine · infosecurity-magazine.com · 2026-05-25 09:30 UTC
2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services
Mandiant Blog · cloud.google.com · 2026-05-25 05:17 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
- bleepingcomputer.com (1)
- Infosecurity Magazine (1)
- Mandiant Blog (1)
Top origin domains (this list)
- bleepingcomputer.com (1)
- infosecurity-magazine.com (1)
- cloud.google.com (1)