FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
Source: Bleepingcomputer
Published:
<p>The FBI is warning the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA).</p> <p>According to the FBI PSA , Kali365 first emerged in April 20