Storyline

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

The FBI has issued a warning about Kali365, a phishing-as-a-service platform that targets Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA).

Published 2026-05-22 17:51 UTCUpdated 2026-05-26 02:50 UTC

Current brief openSource links open

This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Security experts caution MFA alone can no longer stop threat actors

CSO Online · News · csoonline.com · 2026-05-26 02:50 UTC

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

bleepingcomputer_all · News · bleepingcomputer.com · 2026-05-25 12:45 UTC

FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens

Infosecurity Magazine · News · infosecurity-magazine.com · 2026-05-25 09:30 UTC

2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services

Mandiant Blog · News · cloud.google.com · 2026-05-25 05:17 UTC

View all evidence

Overview

Score total

1.41

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

FBI recently issued a warning highlighting Kali365’s capabilities and risks.
Phishing-as-a-service platforms are rapidly evolving with AI and automation.
Enterprises must reassess their reliance on MFA given emerging token theft threats.

Why it matters

Kali365 lowers the technical barrier for attackers to hijack Microsoft 365 accounts.
Phishing campaigns are increasingly able to bypass MFA, a key security control.
Real-time token interception techniques represent a new challenge for enterprise security.

Continuity snapshot