CyberheistNews Vol 16 #24 [FBI Alert] Lock Down Your Microsoft 365 Device Code Flows Now
ID: 127017de-5dc9-52a6-a147-d6b2dc5f755e
STIX ID: report--127017de-5dc9-52a6-a147-d6b2dc5f755e
Feed Name: KnowBe4 Blog
The CyberheistNews newsletter highlights an FBI alert that a phishing‑as‑a‑service named "Kali365" is targeting Microsoft 365 device code flows to capture OAuth access and refresh tokens, enabling persistent account access without credentials or MFA; the Bureau advises organizations to lock down device code flows and train employees. The issue also covers rising AI‑enabled social‑engineering and social media phishing trends (APWG), and FBI/Malwarebytes reporting nearly $900M in AI‑powered scam losses in 2025, while containing vendor event/promotional content.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
