FBI issues urgent Kali365 security warning for Teams, Outlook, OneDrive users

Live updates

1. 1h ago

   FBI warns of Kali365 phishing platform bypassing Microsoft 365 MFA

   The FBI has issued an urgent alert about Kali365, a phishing-as-a-service platform targeting Microsoft Teams, Outlook, and OneDrive users. The tool exploits device code authentication to bypass multi-factor authentication (MFA) and steal OAuth tokens. Victims risk full account hijacking without password theft. The FBI confirms the threat is active and spreading via Telegram.

   What's confirmed:

   • The FBI has issued an urgent warning about Kali365, a phishing platform targeting Microsoft 365 users, including Teams, Outlook, and OneDrive.
   • Kali365 bypasses multi-factor authentication (MFA) by exploiting Microsoft’s device code authentication flow to steal OAuth tokens instead of passwords.
   • The platform operates as a phishing-as-a-service (PhaaS) tool distributed via Telegram, allowing attackers to hijack accounts without traditional credential theft.
   • Victims are tricked into fake login popups that mimic legitimate Microsoft authentication, enabling persistent access to accounts.
   • The FBI’s alert confirms the scam is actively targeting enterprises and individual users relying on Microsoft 365 services.

   Still unconfirmed:

   • The FBI warning was issued on May 21, 2026, though no official date is confirmed in primary sources.
   • Kali365 is described as a 'sophisticated' phishing kit that bypasses MFA entirely, but no technical breakdown of its methods is provided in all sources.
   • Some reports suggest the scam is spreading rapidly, but no verified metrics on attack volume or affected users are available.
   confidence 95%