The FBI has issued a warning about the Kali365 phishing-as-a-service platform, which targets Microsoft 365 accounts by exploiting OAuth device code authentication to steal session tokens and circumvent multi-factor authentication. This platform, first identified in April 2026, enables even low-skilled attackers to easily compromise accounts through automated phishing techniques.
The FBI's alert on the Kali365 phishing-as-a-service platform highlights a critical vulnerability in the OAuth device code authentication process used by Microsoft 365. As someone in cybersecurity, the actionable takeaway is to prioritize reviewing and potentially restricting device code authentication flows with Conditional Access policies, and to closely audit your current usage of this method to prevent unauthorized access through phishing attacks. Implementing these controls can significantly reduce the risk posed by this emerging threat.