Signal

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-25 05:17 UTCUpdated 2026-05-26 02:50 UTC
rss
cveexploitsmalwarethreat_actorssecurity_toolingincident_response
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.
4 top sources shown
Overview

The FBI has issued a warning about Kali365, a phishing-as-a-service platform that targets Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA).

Entities
MicrosoftFBIGoogleKali365EvilTokens
Score total
1.41
Momentum 24h
4
Posts
4
Origins
4
Source types
1
Duplicate ratio
0%
Why now
  • FBI recently issued a warning highlighting Kali365’s capabilities and risks.
  • Phishing-as-a-service platforms are rapidly evolving with AI and automation.
  • Enterprises must reassess their reliance on MFA given emerging token theft threats.
Why it matters
  • Kali365 lowers the technical barrier for attackers to hijack Microsoft 365 accounts.
  • Phishing campaigns are increasingly able to bypass MFA, a key security control.
  • Real-time token interception techniques represent a new challenge for enterprise security.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • Kali365 phishing-as-a-service platform hijacks Microsoft 365 accounts by stealing OAuth tokens and bypassing MFA
  • Phishing services are evolving to use real-time interception of authentication tokens to bypass MFA
How sources frame it
  • FBI: neutral
  • Security Experts: neutral
All evidence
All evidence
Security experts caution MFA alone can no longer stop threat actors
CSO Online · csoonline.com · 2026-05-26 02:50 UTC
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
bleepingcomputer_all · bleepingcomputer.com · 2026-05-25 12:45 UTC
FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens
Infosecurity Magazine · infosecurity-magazine.com · 2026-05-25 09:30 UTC
2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services
Mandiant Blog · cloud.google.com · 2026-05-25 05:17 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
  • CSO Online (1)
  • bleepingcomputer_all (1)
  • Infosecurity Magazine (1)
  • Mandiant Blog (1)
Top origin domains (this list)
  • csoonline.com (1)
  • bleepingcomputer.com (1)
  • infosecurity-magazine.com (1)
  • cloud.google.com (1)