FBI Warns Microsoft 365 Users Kali365 Can Bypass MFA via Device Codes
Updated
Updated · Fox News · Jun 28
FBI Warns Microsoft 365 Users Kali365 Can Bypass MFA via Device Codes
1 articles · Updated · Fox News · Jun 28
Summary
Kali365, first seen in April 2026, lets attackers hijack Microsoft 365 accounts by tricking users into approving a device code on a real Microsoft verification page.
The phishing-as-a-service platform, spread mainly through Telegram, supplies AI-generated lures and tools to steal OAuth access and refresh tokens, opening Outlook, Teams and OneDrive without a password.
The FBI said the biggest red flag is any unsolicited request to enter a Microsoft device code for a file, voicemail, invoice or shared document you did not initiate.
For organizations, the bureau recommends auditing and restricting device-code flow, blocking authentication transfer policies, and training staff because one compromised work account can enable invoice fraud and internal impersonation.
Microsoft said customers should follow FBI guidance and its own best practices, while reporting broader disruption efforts against phishing services including Fake ONNX, RaccoonO365 and Tycoon 2FA.
If hackers now use real Microsoft pages to bypass security, is multi-factor authentication still a reliable defense?
With AI scams from China on the rise, who bears more responsibility for user protection: tech companies or the government?
As AI powers both cyberattacks and defenses, are we entering an era of unwinnable, automated cyber warfare?
Kali365 and the MFA Bypass Crisis: How Phishing-as-a-Service Redefined Microsoft 365 Security in May-June 2026
Overview
Kali365 is a new and sophisticated phishing-as-a-service platform that emerged in May-June 2026, posing a major cybersecurity threat to Microsoft 365 users and organizations. It uses highly deceptive phishing messages that look like legitimate communications from trusted cloud services, tricking victims into urgent actions. The core danger of Kali365 is its innovative method to bypass multi-factor authentication, which marks a serious escalation in phishing threats. By exploiting user trust and established workflows, Kali365 enables attackers to gain unauthorized access, making it a significant challenge for organizations relying on MFA for security.