THE FBI has issued a warning about a new phishing-as-a-service platform called Kali365, discovered in April 2026, which primarily operates on Telegram. This tool allows cybercriminals to use AI-generated phishing methods to capture Microsoft 365 OAuth tokens, enabling them to bypass multifactor authentication. The attack involves sending a phishing email that misleads victims into authorizing access to their Microsoft accounts without realizing it. To combat these attacks, the FBI suggests implementing conditional access policies and restricting device code flows.
FBI alerts on Kali365 AI phishing stealing Microsoft 365 tokens
CyberSIXT Evidence Panel
Primary Source
ic3.gov
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Kali365 Device Code Phishing Hits AWS, Okta, Russian Apps
darkreading.com
-
Kali365 phishing kit defeats MFA, steals Microsoft credentials
malwarebytes.com
-
MFA bypass by Kali365 exposes Azure flaws before World Cup 2026
thehackernews.com
-
FBI warns of Kali365 phishing kit stealing Microsoft 365 tokens
-
FBI warns of Kali365 phishing tool bypassing MFA in cloud firms
securityonline.info
-
FBI alerts on Kali365 AI phishing stealing Microsoft 365 tokens
www.infosecurity-magazine.com