> TritonInfoSec News
Home / May 26, 2026 / Story
0
#6 BleepingComputer general May 25, 2026 at 12:45 UTC

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

By Lawrence Abrams

AI Summary

The FBI has issued a warning about Kali365, a phishing-as-a-service platform that targets Microsoft 365 accounts by abusing OAuth device code authentication flows to steal session tokens and bypass MFA. This PhaaS lowers the barrier for attackers to compromise M365 environments at scale. Organizations should consider disabling device code flow where not required and monitoring for anomalous OAuth token issuance.

Read full article → https://www.bleepingcomputer.com/news/security/fbi…

Relevance score: 80.0/100

# More from May 26

  1. 1
    Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Krebs on Security
  2. 2
    Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks The Hacker News
  3. 3
    Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack SecurityWeek
  4. 4
    TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO The Hacker News
  5. 5
    Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms The Hacker News
  6. 7
    Laravel-Lang Packages Poisoned for Malware Delivery SecurityWeek
  7. 8
    Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects SecurityWeek
  8. 9
    DocketWise Data Breach Impacts 143,000 SecurityWeek
  9. 10
    266,000 Affected by Data Breach at Radiology Associates of Richmond SecurityWeek