FBI warns of Kali phishing scam hitting Microsoft OAuth tokens — warns 'Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures'
The FBI has issued a warning about a new phishing kit called Kali365 that targets Microsoft 365 accounts. This kit, available on Telegram, allows low-skilled attackers to steal OAuth tokens and bypass multi-factor authentication. Users are advised to implement various security measures to mitigate the risks associated with this phishing scheme.
- ▪Kali365 is a phishing kit sold on Telegram that steals Microsoft 365 OAuth tokens.
- ▪Victims are tricked into entering device codes on legitimate Microsoft pages, unknowingly granting attackers access.
- ▪The FBI recommends restricting device code flow and enforcing conditional access policies to mitigate risks.
Opening excerpt (first ~120 words) tap to expand
Pro Security FBI warns of Kali phishing scam hitting Microsoft OAuth tokens — warns 'Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures' News By Sead Fadilpašić published 25 May 2026 A new phishing kit is being offered on Telegram When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: weerapatkiatdumrong / Getty Images) Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter FBI flags Kali365, a phishing kit sold on Telegram which steals Microsoft 365 OAuth tokens and bypasses MFAVictims are tricked into entering device codes…
Excerpt limited to ~120 words for fair-use compliance. The full article is at TechRadar.
Discussion
0 commentsMore from TechRadar
