Times of India | FBI warns of hacking campaign stealing Microsoft 365 accounts without passwords

AI generated summary, Read the full article for complete information.

The FBI issued a public warning about a new Phishing‑as‑a‑Service toolkit called Kali365 that enables hackers to hijack Microsoft 365 accounts—including Outlook, Teams and OneDrive—without ever needing a password, by exploiting Microsoft’s “device code flow” to bypass multi‑factor authentication. Victims receive a convincing phishing email that directs them to a legitimate Microsoft verification page, where they enter a short security code; because this occurs on an authentic site and passes MFA, Microsoft issues an OAuth access token that the attacker captures, granting them a persistent backdoor to the account. Distributed mainly via Telegram, Kali365 lowers the technical barrier for criminals by providing AI‑generated phishing lures, automated campaign templates, and real‑time tracking dashboards. To mitigate the threat, the FBI advises organizations to restrict or block device code flow through conditional‑access policies, audit existing usage, limit authentication transfers, and report any incidents to the Internet Crime Complaint Center (IC3).

Read more: https://timesofindia.indiatimes.com/technology/tech-news/fbi-warns-of-hacking-campaign-stealing-microsoft-365-accounts-without-passwords/articleshow/131446721.cms

#FBI #Microsoft #Kali365 #IC3 #MFA

⚠️ #Kali365 is weaponizing MFA bypass against businesses via Microsoft 365. Expect data theft and operational disruption.

🚨 Attackers get persistent access to your Outlook, Teams, and OneDrive. Hundreds of organizations hit already. How to detect: https://any.run/malware-trends/kali365/?utm_source=mastodon&utm_medium=post&utm_campaign=kali365_mtt&utm_term=010626&utm_content=linktomtt

#infosec

🔥 TRENDING

📢 Kali365-Phishing-Kit: Angreifer umgehen MFA seit April 2026 - Börse Express

🔗 https://news.google.com/rss/articles/CBMirwFBVV95cUxOc3BFUkpUeTc2MENkb2tVblBqMlV5X3c0YmlCYS1WU29NQkk3bDR4alk1cVF0a1hPbUl2N3RETWkwRHhyek1HaVVRSVplSWFZdjBYbnpMdXg2eHFDdTVHZWo4VmdSSlhaSGw3bldQbHBoSjA0MnJmX3Vxa0VpaTB3RmhpTEhfNlB2MTlRZlRBNXlEeVVubDVVZ2NUNTNHZnFyOGd5UjhqRGRyTWJOU3dv?oc=5

#Kali365-phishing-kit #Angreifer #April #Börse #GlobalFeed #News #DE

*Automatisch gepostet von Global Feed Bot*

This Week in Security: Ubiquiti Fixes, and FreeBSD Joins the Club you Don’t Want to Join

https://fed.brid.gy/r/https://hackaday.com/2026/05/29/this-week-in-security-ubiquiti-fixes-and-freebsd-joins-the-club-you-dont-want-to-join/

🔥 TRENDING

📢 Kali365: FBI warnt vor Phishing-Plattform, die MFA umgeht - BornCity

🔗 https://news.google.com/rss/articles/CBMiigFBVV95cUxOWXZmMVc4WmNoZ0FMYXExMHJSbHdZUUVQOGp1eVpSQi14SXIzSExRODlDSDJtcGhvcDZ1RTE3VDNwSHZtOGR1bVpRS0lJdXE4LXo1anRoZGRIT18xenBYd2p4TzE1ZFVkdVhmTkFWM3BvOUpydUxpM2s1aDBGb1dYT1puUlI0d2RJbFE?oc=5

#Kali365 #Phishing-plattform #Borncity #GlobalFeed #News #DE

*Automatisch gepostet von Global Feed Bot*

🚨 #𝗞𝗮𝗹𝗶𝟯𝟲𝟱 𝗔𝗰𝘁𝗶𝘃𝗶𝘁𝘆 𝗦𝘂𝗿𝗴𝗲𝘀: 𝗗𝗲𝘃𝗶𝗰𝗲 𝗖𝗼𝗱𝗲 𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗜𝘀 𝗦𝗰𝗮𝗹𝗶𝗻𝗴 𝗙𝗮𝘀𝘁
We’re seeing a growing Device Code #phishing activity, with Kali365 emerging as one of the most active PhaaS. In the last 24 hours alone, #ANYRUN recorded 100+ related analysis sessions.

⚠️ The attack abuses legitimate Microsoft device authentication flows. Victims are shown a user code and instructed to enter it into a real Microsoft device auth page, allowing attackers to capture OAuth access tokens instead of passwords. The risk shifts from credential theft to token abuse, while significantly reducing the number of traditional phishing indicators typically used for detection and triage.

❗️ Deobfuscated Kali365 JavaScript revealed that after a verification gate, the lure deploys a phishing page, launches a legitimate Microsoft device authentication flow, and then polls /api/status/<session_id> for session states such as captured, expired, and declined.

📌 The code also contains lure-template generators for OneDrive, SharePoint, Teams, Outlook, and Voicemail, and a separate Google device-code authentication flow.

⚡️ #ANYRUN lets analysts safely reconstruct the flow, validate suspicious OAuth activity faster, and identify related phishing infrastructure before campaigns scale further, helping SOC teams reduce investigation time, improve detection accuracy, and lower MTTR.

👨‍💻 See the full phishing flow, validate detection logic, and collect #IOCs: https://app.any.run/tasks/d078f430-c3cc-44e8-a809-5506205049c3?utm_source=mastodon&utm_medium=post&utm_campaign=kali365_activity_surges&utm_content=linktoservice&utm_term=270526

🔍 Track Kali365 activity using this TI Lookup search query: https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=kali365_activity_surges&utm_content=linktotilookup&utm_term=270526#%7B%2522query%2522:%2522threatName:%255C%2522kali365%255C%2522%2522,%2522dateRange%2522:7%7D%20

🚀 Scale your SOC’s triage and response with solutions trusted by 74 Fortune 100 companies and detect business risks earlier. Get an exclusive 10th anniversary deal for your team: https://app.any.run/plans/?utm_source=mastodon&utm_medium=post&utm_campaign=kali365_activity_surges&utm_content=linktoplans&utm_term=270526

#cybersecurity #infosec

FBI warns of #Kali365 #phishing service targeting #Microsoft365 accounts

https://www.bleepingcomputer.com/news/security/fbi-warns-of-kali365-phishing-service-targeting-microsoft-365-accounts/

#cybersecurity

The whole industry has been screaming at you to enable MFA. Microsoft turned it into a mandate. So you complied. And now there's a subscription service selling access to exactly those "protected" accounts, using a legitimate Microsoft authentication flow they never bothered to retire.

https://blog.ppb1701.com/the-failsafe-that-isnt-microsofts-mfa-problem

#microsoft #microsoft365 #phishing #cybersecurity #mfa #kali365 #bigtechwaronusers #security #infosec #privacy #blog