FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

Monday, May 25, 2026 at 12:45 PM UTC·Source: BleepingComputer

Updated: Monday, May 25, 2026 at 01:00 PM UTC

Executive Summary

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). [...]

Analysis

Source Attribution

Originally published by BleepingComputer on May 25, 2026.

Related Threats

MEDIUMPhishing

Chinese Phishing Service Scams Thousands of FIFA World Cup Fans

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/nist-rebrands-ai-consortium-ditches-safety-from-name-image_small-8-a-31815.jpg" align=right hspace=4>Researchers estimate losses ranging from hundreds of millions to billions A Chinese-language phishing-as-a-service platform scammed between $470 million to $1 billion from soccer fans ahead of the 2026 FIFA World Cup star

18h agoBank Info Security

MEDIUMPhishing

MokN Raises $15 Million for Phish-Back Platform

MokN's platform deploys realistic decoy access points to lure attackers into revealing compromised credentials, enabling organizations to respond before abuse occurs. The post MokN Raises $15 Million for Phish-Back Platform appeared first on SecurityWeek .

1d agoSecurityWeek

CRITICALPhishing

XCharge C6

<a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-08.json">View CSAF</a> <h2>Summary</h2> Successful exploitation of these vulnerabilities could allow an attacker to gain administrator rights or execute code on the affected device. The following versions of XCharge C6 are affected: <ul> <li>C6</li> </ul

CVE-2026-9037CVE-2026-9038

2d agoCISA Advisories