The FBI has issued a warning about Kali365, a new Phishing-as-a-Service platform that enables attackers to steal Microsoft 365 OAuth tokens and bypass MFA. This platform lowers the barrier for cybercriminals with AI-generated lures and automated campaign tools. Users are advised to restrict device code flow and implement conditional access policies to protect their accounts.
The FBI has issued a warning about Kali365, a new Phishing-as-a-Service platform that enables attackers to steal Microsoft 365 OAuth tokens and bypass MFA. This platform lowers the barrier for cybercriminals with AI-generated lures and automated campaign tools. Users are advised to restrict device code flow and implement conditional access policies to protect their accounts.