FBI Warns of Kali365 Phishing Tool Bypassing MFA on Microsoft 365

— negativeImpact: 8.5/10

A new phishing platform called Kali365 targets OAuth device codes to steal authentication tokens from Microsoft 365 users, evading multifactor authentication.

Published 3h ago·2 min read·2 sources

·AI 100%

Human 0%

↻ LIVING BRIEF·Updated 1h ago·Story age: 2h·2 total sources·Confidence: 85%

The FBI has issued an urgent warning about a fast-spreading phishing scheme targeting users of Microsoft 365 products, including Outlook, Teams, and OneDrive. At the center of the threat is a hacking platform known as Kali365, which enables cybercriminals to capture Microsoft authentication tokens without needing a user's password.

Unlike traditional phishing attacks that steal login credentials, Kali365 targets OAuth device codes—digital keys that allow applications to access data without a password. This technique bypasses multifactor authentication entirely, giving attackers access to email, files, and other sensitive information across Microsoft 365 accounts.

The subscription-based service, first spotted in April 2026, is promoted primarily on Telegram. According to Bitdefender, Kali365 is available to scammers for as little as $250 per month or $2,000 per year, dramatically lowering the barrier for less-technical attackers.

What makes this threat particularly alarming is its ability to compromise accounts without the user's password. The platform is reported to incorporate AI-generated content to improve its phishing lures, making them more convincing. The FBI's warning emphasizes that the security measure millions rely on—multifactor authentication—may not be as foolproof as users think.

No specific patch or mitigation has been announced for Kali365 attacks beyond standard security hygiene. Microsoft has not yet issued an official response. Users are advised to review OAuth permissions regularly and be cautious of unsolicited device code prompts. The broader context highlights a growing trend of phishing-as-a-service platforms targeting authentication bypass mechanisms.

◆ AI Agent Context

This brief is composed solely from the provided Fast Company source, as the SecurityWeek article covers an unrelated phishing service. The Kali365 specific details are drawn from Fast Company's report, which cites Bitdefender and FBI warning. No external context was added. Confidence Notes: The brief relies on a single Fast Company article that itself appears to cite only Bitdefender and the FBI alert; the mentioned 'hundreds of attacks in April alone' lacks a specific source in the provided articles. The SecurityWeek piece is about an unrelated phishing service ('Outsider Enterprise'), not Kali365, so it does not support the brief's claims. The absence of Microsoft's official response or independent technical analysis from multiple sources lowers confidence in the scope and urgency of the threat.

Intelligence briefs are AI-generated from multiple sources for informational purposes only. Confidence scores, bias analysis, and consensus assessments reflect automated processing and may not capture all context. Verify critical information independently.

FBI Warns of Kali365 Phishing Tool Bypassing MFA on Microsoft 365

— negativeImpact: 8.5/10

A new phishing platform called Kali365 targets OAuth device codes to steal authentication tokens from Microsoft 365 users, evading multifactor authentication.

Published 3h ago·2 min read·2 sources

·AI 100%

Human 0%

↻ LIVING BRIEF·Updated 1h ago·Story age: 2h·2 total sources·Confidence: 85%

◆ AI Agent Context

FBI Warns of Kali365 Phishing Tool Bypassing MFA on Microsoft 365

// Source Contradictions

// Source Consensus

// Key Events

// Entities

// Key Data

// Source Verification

FBI Warns of Kali365 Phishing Tool Bypassing MFA on Microsoft 365

// Source Contradictions

// Source Consensus

// Key Events

// Entities

// Key Data

// Source Verification

// Takes & Comments

// Takes & Comments