TECH NEWS

FBI warns of Kali365 as device code phishing soars

https://image.theregister.com/262937.jpg?imageId=262937&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

MFA? No problem, says crimeware that tricks users into handing attackers the keys to M365

The FBI has issued a public service announcement warning about a new phishing kit that's stealing Microsoft OAuth tokens at an alarming rate.

OAuth token theft is a serious headache for organizations because stolen tokens can bypass multi-factor authentication (MFA) and grant access to privileged accounts within an organization without needing to know their credentials.

Think corporate espionage, data theft, maybe even ransomware.

The main culprit is Kali365, described as a phishing-as-a-service platform that's being peddled on Telegram, first spotted by crimefighters in April 2026.

"Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI said in its announcement.

Phishing kitsaren't new....

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more

https://assets.bwbx.io/images/users/iqjWHBFdfxIU/inkzHQ7gdBwY/v1/1200x800.jpg

SK Hynix says it is seeking to raise ~$29.4B in a US listing, expects trading to start on July 10, and intends to use the funds for building additional capacity

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.