CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions

**CalPhishing campaign:** Cybercriminals send malicious .ics calendar invites that auto-create meetings and present HTML landing pages (via Cloudflare redirects) mimicking Microsoft/DocuSign pages; attackers use ConsentFix/device-code phishing and the EvilTokens kit to steal session tokens (bypassing MFA), with invites persisting on calendars and AI automation used to scale the attacks.