// Microsoft 365HIGH
The FBI has issued an advisory regarding Kali365, a Telegram-based phishing-as-a-service platform first observed in April 2026 that targets Microsoft 365 accounts. According to the advisory, Kali365 enables cybercriminals to capture OAuth tokens and establish persistent access to Microsoft 365 tenants without stealing passwords or bypassing multi-factor authentication. The token-theft technique sidesteps common identity protections, allowing intruders to maintain access even after password resets. Organizations using Microsoft 365 are advised to review OAuth application consents, monitor for anomalous token use, and revoke suspicious sessions.
- FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tok(opens in a new tab)
- FBI Warns of Kali365 Phishing-as-a-Service Platform After April (opens in a new tab)
- FBI warns about PhaaS platform used to access Microsoft 365 envi(opens in a new tab)
- This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Clu(opens in a new tab)
// Get alerts for Microsoft 365