AdvisoryBleeping Computer
9.5 — CRITICAL
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Kali365 is a phishing-as-a-service platform that exploits Microsoft's OAuth device code authentication to hijack Microsoft 365 accounts, giving attackers access to sensitive data and applications without requiring multi-factor authentication.
⚙️Technical Details
Affected Systems
Microsoft 365Microsoft Entra
Attack Vectors
device code phishingOAuth device code authentication flow abuse
💥Impact Assessment
Severity: critical
Who Is at Risk
organizations using Microsoft 365 and Entra accounts
🛡️Recommended Actions
1restrict or completely block device code authentication flows using Conditional Access policies
2audit existing device code usage
3block authentication transfer policies that allow authentication sessions to move between devices
📦Affected Products
Microsoft 365Microsoft Entra
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.