// Alert

Microsoft 365 threat report

The FBI has issued an advisory regarding Kali365, a Telegram-based phishing-as-a-service platform first observed in April 2026 that targets Microsoft 365 accounts. According to the advisory, Kali365 enables cybercriminals to capture OAuth tokens and establish persistent access to Microsoft 365 tenants without stealing passwords or bypassing multi-factor authentication. The token-theft technique sidesteps common identity protections, allowing intruders to maintain access even after password resets. Organizations using Microsoft 365 are advised to review OAuth application consents, monitor for anomalous token use, and revoke suspicious sessions.

// Get alerts for Microsoft 365