FBI Alerts on Kali365 Phishing Service Targeting Microsoft 365

The FBI has issued a warning about Kali365, a phishing-as-a-service platform exploiting Microsoft 365 users. The service leverages OAuth device code authentication to compromise accounts and steal session tokens, effectively bypassing multi-factor authentication (MFA) protections. This phishing service poses a significant threat to organizations and individuals relying on Microsoft 365 for business operations. Users are advised to remain vigilant against suspicious authentication attempts and review account access logs regularly. Organizations should implement additional security measures beyond standard MFA to protect against such sophisticated attacks. Source: FBI.