FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks
The law enforcement agency published an advisory on Thursday about Kali365 — a Telegram-based service for cybercriminals that allows them to capture legitimate "OAuth" tokens enabling widespread access to Microsoft 365 environments.
Cybercriminals are using a new, easy-to-use service to trick people into giving them access to their Microsoft 365 accounts, according to the FBI.
The law enforcement agency published an advisory on Thursday about Kali365 — a Telegram-based service for cybercriminals that allows them to capture legitimate "OAuth" tokens enabling widespread access to Microsoft 365 environments.
Multiple cybersecurity companies warned last month that they were seeing hundreds of attacks enabled by Kali365. The tool, which the FBI referred to as a Phishing-as-a-Service platform, “lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities.”
Source: https://therecord.media/fbi-warns-of-kali365-phishing-attacks
Related breach coverage
- Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’ 2026-05-19
Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software. The post Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’ appeared first on SecurityWeek.
- Tech giants promise British regulator they will tweak platforms to protect kids online2026-05-21
The regulator, Ofcom, had required Roblox, Snapchat, Instagram, Facebook, YouTube and TikTok to answer questions about their efforts to remove harmful algorithms, check kids’ ages and protect them from sexual predators by the end of April.
- Global law enforcement operation takes First VPN offline2026-05-21
Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for ransomware crews, data thieves, and other cybercriminals trying to hide in plain sight. “The coordinated […]
- 7-Eleven confirms breach after ShinyHunters claims2026-05-20
The breach notification letters say 7-Eleven discovered the breach on April 8 and, after an investigation, determined that the cybercriminals gained access to “certain 7-Eleven systems used to store franchisee documents.”