FBI Warns Kali365 Phishing Kit Is Stealing Microsoft 365 Tokens and Bypassing MFA at Scale
The FBI has issued a public service announcement about Kali365, a Phishing-as-a-Service platform first seen in April 2026 that captures Microsoft 365 OAuth tokens via the device code flow, rendering standard multi-factor authentication ineffective.
