FBI Warns Microsoft 365 Users Of New Hacking Tool That Is Scamming Thousands: Here's All You Need To Know

The FBI has warned about a phishing tool called Kali365 that can bypass two-factor authentication on Microsoft 365 accounts.

FBI Warns: ‘Kali365’ Phishing Service Targets Microsoft 365 Accounts

The FBI warned that Kali365 can hijack Microsoft 365 accounts by abusing device code authentication and capturing OAuth tokens.
WeLiveSecurity

EvilTokens: A phishing attack that doesn’t steal your password

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...
Memeburn

FBI Warns Microsoft 365 Users About Dangerous Phishing Tool

Kali365 targets Microsoft 365 users’ accounts, using a phishing service that doesn’t require password theft despite bypassing the MFA process.
Dark Reading

Beware of Device Code Phishing

Device codes are alphanumeric or numeric codes employed for authenticating an account on a device that does not have a standard login interface, such as a browser or input-limited devices, where it is ...
Windows Report

FBI Warns Kali365 Can Bypass Microsoft 365 MFA Using OAuth Tokens

The FBI warns that Kali365 phishing attacks can bypass Microsoft 365 MFA by stealing OAuth session tokens through device code phishing.