The FBI is warning that a new hacking platform is allowing cybercriminals to hijack Microsoft 365 accounts — including Outlook, Teams and OneDrive — while bypassing multi-factor authentication entirely.
The bureau posted a public service announcement last week sounding the alarm about the “Phishing-as-a-Service” toolkit known as Kali365, which is being used to steal Microsoft 365 access tokens and gain entry to victim accounts without intercepting passwords.
The feds say that Kali365 makes it easy for even amateur hackers to run advanced phishing scams that used to require serious technical skills.
“Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities,” the FBI warned.
Read Full Article Here
- by: Ariel Zilber
- 2026-05-28
- Source:
https://nypost.com/2026/05/28/business/fbi-sounds-alarm-on-phishing-tool-that-steals-microsoft-365-accounts/
- 05/29/2026
hacker hand stealing data from laptop top down by Towfiqu barbhuiya is licensed under unsplash.com
hacker hand stealing data from laptop top down by Towfiqu barbhuiya is licensed under unsplash.com