RSS

FBI again warns of Kali365 phishing service targeting Microsoft 365 accounts

mooreds1 pts0 comments

FBI again warns of Kali365 phishing service targeting Microsoft 365 accounts | The IT Nerd

The IT Nerd

Straight Talk About Information Technology From A Nerd Who Speaks English

" Open-source DockSec uses AI to cut through vulnerability noise in Docker images

Megalodon supply chain attack infects more than 5,500 GitHub repositories "

FBI again warns of Kali365 phishing service targeting Microsoft 365 accounts

The FBI is still warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass MFA. If you haven’t read the warning from the FBI, it should be required reading.

Commenting on this news is Dan Moore, Sr. Director, CIAM Strategy & Identity Standards at FusionAuth:

"Device code phishing works because the user does everything right. They visit a real Microsoft page, complete a real login and MFA challenge, and enter the code. By doing so, the user hands an attacker real long-lived tokens for accessing real applications. The default Microsoft refresh token is good for 90 days. Worse, it renews itself every time it’s used.

The login and MFA are completed by a legitimate user on the attacker’s behalf. An easy fix: disallow superfluous OAuth grants. The device code grant exists for legitimate reasons; I wouldn’t want to type a password into my printer or smart TV when I could use my phone. But almost all enterprise users don’t need it (yes, yes, carve out exceptions for engineering teams who actually use CLI tools). Leaving it accessible is a configuration choice and attackers are actively exploiting it.

If your organization can’t block the device code grant entirely, at minimum you need short refresh token lifetimes and aggressive revocation. A captured refresh token gives persistent access until it’s expired or revoked. How long that window stays open is up to you."

It’s time to refresh how one manages devices. Otherwise the possibility of getting pwned is very high.

Share this:

Email a link to a friend (Opens in new window)<br>Email

Print (Opens in new window)<br>Print

Share on Reddit (Opens in new window)<br>Reddit

Share on Tumblr (Opens in new window)<br>Tumblr

Share on LinkedIn (Opens in new window)<br>LinkedIn

Share on Pinterest (Opens in new window)<br>Pinterest

Share on Telegram (Opens in new window)<br>Telegram

Share on Facebook (Opens in new window)<br>Facebook

Share on WhatsApp (Opens in new window)<br>WhatsApp

Share on X (Opens in new window)

Like this:<br>Like Loading…

Related

This entry was posted on May 27, 2026 at 1:45 pm and is filed under Commentary with tags Kali365. You can follow any responses to this entry through the RSS 2.0 feed.<br>You can leave a response, or trackback from your own site.

Leave a ReplyCancel reply

Powered by WordPress.com.

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Type your email…

Subscribe

Continue reading

%d

window opens share microsoft kali365 phishing

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.