// Alert

Microsoft Azure threat report

The FBI has issued a public warning about Kali365, a phishing-as-a-service platform first observed in April 2026 that targets Microsoft 365 users through device code phishing to bypass multi-factor authentication. Operators distribute the kit via Telegram and provide AI-generated phishing lures, automated campaign templates, real-time victim tracking dashboards, and OAuth token capture tooling, lowering the technical bar for attackers. Victims are lured into entering an attacker-supplied device code on a legitimate Microsoft verification page, which authorizes the attacker's device and yields OAuth access and refresh tokens for services such as Outlook, Teams, and OneDrive without requiring the user's password or further MFA prompts. The stolen tokens enable persistent access to Microsoft 365 and Entra ID-protected resources until they are revoked. The FBI has published guidance for users and organizations on defending against device code phishing.

// Get alerts for Microsoft Azure