FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

The FBI and security researchers warn of Kali365, a phishing-as-a-service that automates device-code phishing and an adversary-in-the-middle 'Cookie Link' mode to capture OAuth tokens and authenticated sessions, enabling attackers to bypass MFA and fully compromise Microsoft 365/Entra accounts; the platform is being distributed via Telegram, used in global campaigns, and offers features (AI lures, dashboards, token capture) that lower the skill barrier for attackers, with guidance to block device code flows, audit device registrations, and report incidents.