Mastodawn

🔥 TRENDING

📢 Kali365-Phishing-Kit: Angreifer umgehen MFA seit April 2026 - Börse Express

🔗 https://news.google.com/rss/articles/CBMirwFBVV95cUxOc3BFUkpUeTc2MENkb2tVblBqMlV5X3c0YmlCYS1WU29NQkk3bDR4alk1cVF0a1hPbUl2N3RETWkwRHhyek1HaVVRSVplSWFZdjBYbnpMdXg2eHFDdTVHZWo4VmdSSlhaSGw3bldQbHBoSjA0MnJmX3Vxa0VpaTB3RmhpTEhfNlB2MTlRZlRBNXlEeVVubDVVZ2NUNTNHZnFyOGd5UjhqRGRyTWJOU3dv?oc=5

#Kali365-phishing-kit #Angreifer #April #Börse #GlobalFeed #News #DE

*Automatisch gepostet von Global Feed Bot*

Before you continue

Hackaday [Unofficial]1d ago

This Week in Security: Ubiquiti Fixes, and FreeBSD Joins the Club you Don’t Want to Join

https://fed.brid.gy/r/https://hackaday.com/2026/05/29/this-week-in-security-ubiquiti-fixes-and-freebsd-joins-the-club-you-dont-want-to-join/

13 1d ago

This Week in Security: Ubiquiti Fixes, and FreeBSD Joins the Club you Don’t Want to Join https://hackaday.com/2026/05/29/this-week-in-security-ubiquiti-fixes-and-freebsd-joins-the-club-you-dont-want-to-join/
#HackadayColumns #SecurityHacks #Botnet #C #Fbi #Frost #Github #GlassWorm #Kali365 #Microsoft #Phishing #Security #Spyware #ThisWeekinSecurity #Ubiquiti #Unifi

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities range…

Hackaday

Global Feed 3d ago

🔥 TRENDING

📢 Kali365: FBI warnt vor Phishing-Plattform, die MFA umgeht - BornCity

🔗 https://news.google.com/rss/articles/CBMiigFBVV95cUxOWXZmMVc4WmNoZ0FMYXExMHJSbHdZUUVQOGp1eVpSQi14SXIzSExRODlDSDJtcGhvcDZ1RTE3VDNwSHZtOGR1bVpRS0lJdXE4LXo1anRoZGRIT18xenBYd2p4TzE1ZFVkdVhmTkFWM3BvOUpydUxpM2s1aDBGb1dYT1puUlI0d2RJbFE?oc=5

#Kali365 #Phishing-plattform #Borncity #GlobalFeed #News #DE

*Automatisch gepostet von Global Feed Bot*

Before you continue

ANY.RUN 3d ago

🚨 #𝗞𝗮𝗹𝗶𝟯𝟲𝟱 𝗔𝗰𝘁𝗶𝘃𝗶𝘁𝘆 𝗦𝘂𝗿𝗴𝗲𝘀: 𝗗𝗲𝘃𝗶𝗰𝗲 𝗖𝗼𝗱𝗲 𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗜𝘀 𝗦𝗰𝗮𝗹𝗶𝗻𝗴 𝗙𝗮𝘀𝘁
We’re seeing a growing Device Code #phishing activity, with Kali365 emerging as one of the most active PhaaS. In the last 24 hours alone, #ANYRUN recorded 100+ related analysis sessions.

⚠️ The attack abuses legitimate Microsoft device authentication flows. Victims are shown a user code and instructed to enter it into a real Microsoft device auth page, allowing attackers to capture OAuth access tokens instead of passwords. The risk shifts from credential theft to token abuse, while significantly reducing the number of traditional phishing indicators typically used for detection and triage.

❗️ Deobfuscated Kali365 JavaScript revealed that after a verification gate, the lure deploys a phishing page, launches a legitimate Microsoft device authentication flow, and then polls /api/status/<session_id> for session states such as captured, expired, and declined.

📌 The code also contains lure-template generators for OneDrive, SharePoint, Teams, Outlook, and Voicemail, and a separate Google device-code authentication flow.

⚡️ #ANYRUN lets analysts safely reconstruct the flow, validate suspicious OAuth activity faster, and identify related phishing infrastructure before campaigns scale further, helping SOC teams reduce investigation time, improve detection accuracy, and lower MTTR.

👨‍💻 See the full phishing flow, validate detection logic, and collect #IOCs: https://app.any.run/tasks/d078f430-c3cc-44e8-a809-5506205049c3?utm_source=mastodon&utm_medium=post&utm_campaign=kali365_activity_surges&utm_content=linktoservice&utm_term=270526

🔍 Track Kali365 activity using this TI Lookup search query: https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=kali365_activity_surges&utm_content=linktotilookup&utm_term=270526#%7B%2522query%2522:%2522threatName:%255C%2522kali365%255C%2522%2522,%2522dateRange%2522:7%7D%20

🚀 Scale your SOC’s triage and response with solutions trusted by 74 Fortune 100 companies and detect business risks earlier. Get an exclusive 10th anniversary deal for your team: https://app.any.run/plans/?utm_source=mastodon&utm_medium=post&utm_campaign=kali365_activity_surges&utm_content=linktoplans&utm_term=270526

#cybersecurity #infosec

The New Oil 3d ago

FBI warns of #Kali365 #phishing service targeting #Microsoft365 accounts

https://www.bleepingcomputer.com/news/security/fbi-warns-of-kali365-phishing-service-targeting-microsoft-365-accounts/

#cybersecurity

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA).

BleepingComputer

Patrick 4d ago

The whole industry has been screaming at you to enable MFA. Microsoft turned it into a mandate. So you complied. And now there's a subscription service selling access to exactly those "protected" accounts, using a legitimate Microsoft authentication flow they never bothered to retire.

https://blog.ppb1701.com/the-failsafe-that-isnt-microsofts-mfa-problem

#microsoft #microsoft365 #phishing #cybersecurity #mfa #kali365 #bigtechwaronusers #security #infosec #privacy #blog

The Failsafe That Isn't: Microsoft's MFA Problem - ByteHaven - Where I ramble about bytes

Part of the ongoing Big Tech's War on Users series. The FBI issued a warning last week about a phishing-as-a-service platform called Kali365 that can...

ransomNews 5d ago

⚠️ Kali365 turns M365 phishing into a service The #FBI warns #Kali365 targets Microsoft 365 accounts, packaging credential theft for operators attacking cloud identity at scale. 🔗 read more: www.infosecurity-magazine.com/news/fbi-kal... #ransomNews #cybersecurity