FBI warns about fast-growing phishing kit targeting Microsoft 365 users

## Executive Summary The FBI and multiple security vendors warn about Kali365, a rapidly growing phishing-as-a-service platform that automates OAuth device-code phishing to capture Microsoft 365 access and refresh tokens, bypass MFA, and provide persistent account access to affiliates; the platform is being distributed on Telegram, sold via subscription, and has been observed in multiple large-scale campaigns.