Signal
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-05-25 05:17 UTCUpdated 2026-05-26 02:50 UTC
rss
cveexploitsmalwarethreat_actorssecurity_toolingincident_response
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
The FBI has issued a warning about Kali365, a phishing-as-a-service platform that targets Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA).
Entities
MicrosoftFBIGoogleKali365EvilTokens
Score total
1.41
Momentum 24h
4
Posts
4
Origins
4
Source types
1
Duplicate ratio
0%
Why now
- FBI recently issued a warning highlighting Kali365’s capabilities and risks.
- Phishing-as-a-service platforms are rapidly evolving with AI and automation.
- Enterprises must reassess their reliance on MFA given emerging token theft threats.
Why it matters
- Kali365 lowers the technical barrier for attackers to hijack Microsoft 365 accounts.
- Phishing campaigns are increasingly able to bypass MFA, a key security control.
- Real-time token interception techniques represent a new challenge for enterprise security.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- Kali365 phishing-as-a-service platform hijacks Microsoft 365 accounts by stealing OAuth tokens and bypassing MFA
- Phishing services are evolving to use real-time interception of authentication tokens to bypass MFA
How sources frame it
- FBI: neutral
- Security Experts: neutral
All evidence
All evidence
Security experts caution MFA alone can no longer stop threat actors
CSO Online · csoonline.com · 2026-05-26 02:50 UTC
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
bleepingcomputer_all · bleepingcomputer.com · 2026-05-25 12:45 UTC
FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens
Infosecurity Magazine · infosecurity-magazine.com · 2026-05-25 09:30 UTC
2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services
Mandiant Blog · cloud.google.com · 2026-05-25 05:17 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
- CSO Online (1)
- bleepingcomputer_all (1)
- Infosecurity Magazine (1)
- Mandiant Blog (1)
Top origin domains (this list)
- csoonline.com (1)
- bleepingcomputer.com (1)
- infosecurity-magazine.com (1)
- cloud.google.com (1)