FBI Warns Kali365 PhaaS Bypasses MFA on Microsoft 365

May 25, 2026 at 04:36 PM

•

1 min read

FBI Warns Kali365 PhaaS Bypasses MFA on Microsoft 365 — Photo: BleepingComputer

TL;DR Summary

The FBI issued a PSA about Kali365, a phishing‑as‑a‑service that exploits Microsoft’s OAuth device-code flow to hijack Entra and Microsoft 365 accounts, stealing session tokens and bypassing MFA. Kali365, distributed via Telegram, provides AI‑generated phishing lures, automated campaigns, and real‑time dashboards, with two attack modes: device‑code phishing and a Cookie Link adversary‑in‑the‑middle. Arctic Wolf observed global campaigns targeting Microsoft 365 environments, including creating malicious inbox rules and registering new devices. The FBI urges blocking device‑code authentication with Conditional Access, auditing usage, reporting incidents to IC3, and preserving phishing emails and suspicious activity. Device-code phishing has surged in 2026, with other PhaaS tools like EvilTokens and Tycoon2FA using similar methods.

Topics:technology #cybersecurity #device-code #kali365 #mfa-bypass #microsoft-365 #phishing

Share this article

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts BleepingComputer
Microsoft 365 users targeted by new phishing threat that bypasses MFA Help Net Security
The New Phishing Click: How OAuth Consent Bypasses MFA The Hacker News
ASD warns of device code phishing as Proofpoint tracks growing criminal toolkits Australian Cyber Security Magazine
FBI Warns Microsoft Users—New Attack Gains Access To Accounts Forbes

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

88%

885 → 109 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights