FBI Warns: ‘Kali365’ Phishing Service Targets Microsoft 365 Accounts

The FBI warned that Kali365 can hijack Microsoft 365 accounts by abusing device code authentication and capturing OAuth ...
Windows Report

FBI Warns Kali365 Can Bypass Microsoft 365 MFA Using OAuth Tokens

The FBI warns that Kali365 phishing attacks can bypass Microsoft 365 MFA by stealing OAuth session tokens through device code phishing.

FBI warns of Kali phishing scam hitting Microsoft OAuth tokens

A new phishing kit is being offered on Telegram allowing even newbie hackers an easy way to grab OAuth tokens.
Infosecurity Magazine

FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens

A new phishing-as-a-service (PhaaS) platform called Kali365 is being distributed in the wild, primarily via Telegram, the FBI has warned. First detected in April 2026, Kali365 provides cyber threat ...

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

The FBI has issued a public service announcement warning about a new phishing kit that's stealing Microsoft OAuth tokens at ...