NewsNovo

FBI Warns Microsoft 365 Users That Kali365 Phishing Platform Can Bypass MFA

6/29/2026

The FBI has issued a warning about Kali365, a phishing-as-a-service platform first detected in April 2026 that targets Microsoft 365 accounts and can circumvent multifactor authentication without stealing a user's password.

Distributed primarily through Telegram, the platform gives criminal subscribers ready-made tools to compromise Outlook, Teams, and OneDrive by exploiting a legitimate Microsoft sign-in mechanism rather than a login form.

How Kali365 Abuses the Device Code Login Process The attack does not rely on tricking victims into revealing a password.

Instead, Kali365 abuses Microsoft's device code authentication flow — the same process a user might encounter when signing into a streaming service on a smart television, where a short code displayed on one screen is entered on another device to approve access.

Keep reading

Read the full story

Open on NewsNovo