
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence
Kali365 Phishing Service Targets Microsoft 365 Accounts
The FBI is warning about Kali365, a phishing-as-a-service platform that hijacks Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass MFA. Here's how the attack works and how to defend your organization.
Marcus Chen·6/6/2026·9 min read
