// Microsoft 365HIGH
FBI warned of active Kali365 phishing campaign targeting Microsoft 365 users since April 2026. The platform leverages Microsoft's legitimate device code sign-in process to bypass passwords and multi-factor authentication, capturing OAuth tokens to gain unauthorized access to Outlook, Teams, and OneDrive accounts. Campaign distributed via Telegram with AI-generated phishing templates.
- Hackers found new way to bypass existing Microsoft security laye(opens in a new tab)
- The ARToken phishing panel targets Microsoft 365 accounts - Help(opens in a new tab)
// Get alerts for Microsoft 365