Kali365 PhaaS: OAuth device code bypass

Key Questions

What is the Kali365 Phishing-as-a-Service platform?

It bypasses MFA using OAuth device code flow to steal Microsoft account tokens without capturing passwords.

How many users and organizations has Kali365 compromised?

The platform has compromised 35,000 users across 340 organizations with tiered pricing and AI-generated lures.

Why is this considered a major evolution in credential theft?

It shifts attacks from password theft to direct token acquisition, rendering traditional MFA ineffective for Microsoft accounts.

FBI warns of Kali365 Phishing-as-a-Service platform bypassing MFA via OAuth device code flow. New stats: 35K users, 340 orgs compromised. Tiered pricing, AI-generated lures. New: MFA reset and token theft dominating financial services; Kali365 subscription model for token theft. Represents major evolution in credential theft, targeting Microsoft accounts.

Sources (2)

Updated May 27, 2026

Cybersecurity Hacking News

Kali365 PhaaS: OAuth device code bypass

Key Questions

What is the Kali365 Phishing-as-a-Service platform?

How many users and organizations has Kali365 compromised?

Why is this considered a major evolution in credential theft?

The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.

Microsoft OAuth Phishing Surge: Device-Code Attacks Explode