The FBI has warned that a new phishing‑as‑a‑service platform, Kali365, is being used to hijack Microsoft 365 access tokens. First seen in April 2026 and distributed via Telegram, the kit allows threat actors to capture OAuth tokens and bypass multi‑factor authentication without intercepting user credentials. Subscribers receive AI‑generated phishing lures, automated campaign templates, real‑time tracking dashboards, and token‑capture tools, lowering the barrier for less‑technical attackers. The attacker then captures OAuth access and refresh tokens, giving them persistent access to Outlook, Teams and OneDrive without passwords or MFA challenges. To protect against this, users can restrict device code flow, create conditional access policies, audit usage, block authentication transfer, and exclude emergency accounts. Affected users are advised to file complaints with the Internet Crime Complaint Center (IC3) and consult the Cybersecurity & Infrastructure Security Agency’s phishing guidance.
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.