FOX 5 DC

FBI alert: Outlook, OneDrive and other Microsoft 365 services targeted by new cyber threat

The FBI is alerting the public to a new cyber threat involving a Phishing‑as‑a‑Service kit known as Kali365, which is ...

FBI Warns: ‘Kali365’ Phishing Service Targets Microsoft 365 Accounts

The FBI warned that Kali365 can hijack Microsoft 365 accounts by abusing device code authentication and capturing OAuth ...

FBI warns OneDrive, Teams users about phishing scam. What it looks like

Here's what Microsoft users in Illinois should know about a new phishing scam announced by the FBI. The scheme targets OneDrive, Teams and Outlook accounts.
Homeland Security Today

FBI Warns Phishing Kit is Bypassing Microsoft Multi-Factor Authentication Through OAuth Token Hijacking

The Federal Bureau of Investigation (FBI) has issued a Public Service Announcement (PSA) to warn the public about an emerging ...

FBI warns of Kali phishing scam hitting Microsoft OAuth tokens

A new phishing kit is being offered on Telegram allowing even newbie hackers an easy way to grab OAuth tokens.

FBI warns of hacking campaign stealing Microsoft 365 accounts without passwords

Cybercriminals are exploiting a new 'Phishing-as-a-Service' tool, Kali365, to bypass Microsoft 365 security, including ...
CSOonline

EvilTokens abuses Microsoft device code flow for account takeovers

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit ...
Dark Reading

Beware of Device Code Phishing

Device codes are alphanumeric or numeric codes employed for authenticating an account on a device that does not have a standard login interface, such as a browser or input-limited devices, where it is ...