A new Phishing-as-a-Service platform named Kali365 is targeting Microsoft 365 users by stealing OAuth access tokens directly, which allows attackers to bypass multi-factor authentication without needing user credentials. The service, distributed via Telegram since April 2026, provides AI-generated phishing lures and automated campaign templates to lower the technical barrier for threat actors.
Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens and bypass MFA without stealing user credentials. “Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities,” the FBI said. … More → The post Microsoft 365 users targeted by new phishing threat that bypasses MFA appeared first on Help Net Security .