FBI Warns: ‘Kali365’ Phishing Service Targets Microsoft 365 Accounts

The FBI warned that Kali365 can hijack Microsoft 365 accounts by abusing device code authentication and capturing OAuth tokens.
Redmondmag.com

FBI Urges Microsoft 365 Defenders To Watch for Kali365 Phishing Attacks

The FBI is warning orgs about Kali365, a phishing-as-a-service kit that can help attackers get around multifactor authentication protections in Microsoft 365 environments by stealing access tokens ...

Your Microsoft text codes are going away

Microsoft says it will phase out SMS codes for personal account sign-ins, urging users to switch to passkeys for better ...

FBI Warns Microsoft Users—New Attack Gains Access To Accounts

The FBI issued a warning on May 21, as a new AI-powered attack enables "threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication ( MFA) protocols without intercepting ...
Redmondmag.com

Microsoft 365 Android Coding Error Put Account Tokens at Risk

A coding error in several Microsoft 365 Android apps could have allowed a malicious app on the same device to silently obtain account tokens and act as the signed-in user, according to new research ...
Dark Reading

Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

A disabled security setting meant to protect authentication across Android versions of key apps paved the way for attackers ...