The FBI is warning organizations about Kali365, a phishing-as-a-service platform that hijacks Microsoft 365 accounts by abusing OAuth device code authentication, as Bleeping Computer writes. The platform reportedly bypasses MFA protections by stealing authenticated session tokens instead of passwords. According to the report, Kali365 first appeared in April 2026 and is actively promoted through Telegram [...]
FBI Warns Kali365 Can Bypass Microsoft 365 MFA Using OAuth Tokens
