FBI Issues Urgent Kali365 Security Warning For Teams, Outlook, OneDrive Users (thehill.com)
(Monday June 15, 2026 @11:30PM (BeauHD)
from the phishing-as-a-service dept.)
- Reference: 0183902004
- News link: https://yro.slashdot.org/story/26/06/15/209242/fbi-issues-urgent-kali365-security-warning-for-teams-outlook-onedrive-users
- Source link: https://thehill.com/policy/technology/5924655-microsoft-365-phishing-threat/
[1]alternative_right shares a report from The Hill:
> The FBI [2]released an urgent security warning to the public about a fast-acting scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency warned that the hacking platform Kali365 seeks out OAuth device codes, [3]allowing scammers to sneak past multi-factor authentication codes , and without the need for a password, to access Microsoft accounts. Scammers will send a phishing email impersonating a trusted document-sharing service with a device code and instructions on how to verify, according to the FBI.
>
> "Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI stated. The platform is sold to scammers with a $250 per month subscription. The FBI, which first detected Kali365 in April, described the hacking platform as an "emerging Phishing-as-a-Service platform." Hackers with limited skills can access advanced phishing tools through the platform, [4]according to NordPass .
[1] https://slashdot.org/~alternative_right
[2] https://www.ic3.gov/PSA/2026/PSA260521
[3] https://thehill.com/policy/technology/5924655-microsoft-365-phishing-threat/
[4] https://nordpass.com/blog/phishing-as-a-service/
> The FBI [2]released an urgent security warning to the public about a fast-acting scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency warned that the hacking platform Kali365 seeks out OAuth device codes, [3]allowing scammers to sneak past multi-factor authentication codes , and without the need for a password, to access Microsoft accounts. Scammers will send a phishing email impersonating a trusted document-sharing service with a device code and instructions on how to verify, according to the FBI.
>
> "Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI stated. The platform is sold to scammers with a $250 per month subscription. The FBI, which first detected Kali365 in April, described the hacking platform as an "emerging Phishing-as-a-Service platform." Hackers with limited skills can access advanced phishing tools through the platform, [4]according to NordPass .
[1] https://slashdot.org/~alternative_right
[2] https://www.ic3.gov/PSA/2026/PSA260521
[3] https://thehill.com/policy/technology/5924655-microsoft-365-phishing-threat/
[4] https://nordpass.com/blog/phishing-as-a-service/
Looks like LLM-assisted attacks become noticeable (Score:2)
by gweihir ( 88907 )
Well, time to fix all that crappy software. Or else.
Is Kali365 derived from Kali Linux? (Score:2)
by unixisc ( 2429386 )
In other words, did they create this intrusion mechanism on a Kali Linux bed, w/ all its hacking utilities?
Re:Damn (Score:4, Funny)
They'd run it again today anyway.
Re: (Score:1)
And tomorrow.