FBI Warns of Kali365 Phishing Kit Targeting Microsoft 365 Users, Raising Cybersecurity Concerns
The FBI has issued a warning about the Kali365 phishing-as-a-service platform, which is increasingly targeting Microsoft 365 users. This toolkit bypasses multi-factor authentication and exploits OAuth device code authorizations, allowing cybercriminals to gain access to Microsoft 365 accounts. The platform, which is distributed on Telegram, provides attackers with AI-generated phishing lures and automated campaign templates. It charges affiliates $250 for 30 days of service or $2,000 for a full year. Kali365 is part of a growing trend of device-code phishing tools that are becoming more popular due to their effectiveness in circumventing security controls. These tools allow attackers to impersonate users, steal data, and commit fraud without needing passwords or additional MFA requests. 
