Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

FBI Warns of New Phishing Tool Targeting Microsoft 365 Accounts

The FBI says Kali365 uses device-code phishing and OAuth token theft to let attackers access Outlook, OneDrive and Teams without extra MFA prompts.

  • The FBI released a Thursday advisory warning about Kali365, a phishing-as-a-service platform allowing hackers to bypass multifactor authentication and gain persistent access to Microsoft 365 environments without user credentials.
  • Artificial intelligence has transformed phishing attacks, enabling cybercriminals to generate polished emails in multiple languages within seconds that mimic legitimate workplace notifications, lowering users' defenses against increasingly convincing scams.
  • Starting in February, campaigns using Kali365 targeted more than 340 organizations across the U.S., Canada, Australia, New Zealand and Germany, providing less-technical attackers access to automated phishing templates, victim tracking dashboards and OAuth token capture capabilities.
  • To mitigate Kali365 threats, the FBI recommends organizations restrict device code flow and exclude emergency access accounts, while successful compromise grants attackers persistent access to Teams, Outlook and OneDrive without repeated password verification.
  • As AI enables more convincing phishing campaigns, security experts warn that multifactor authentication alone cannot prevent account compromise if users accidentally authorize malicious access, particularly concerning given Microsoft 365 accounts contain years of sensitive data.
Insights by Ground AI

36 Articles

IBTimes UKIBTimes UK
Lean Left

FBI Warned Hackers Can Bypass Microsoft Outlook, Teams and 365 Without Your Password—Here's What You Should Do

The FBI has warned that hackers can now break into Microsoft Outlook, Teams, and 365 accounts without a password, after identifying a phishing tool known as Kali365 that has been circulating since April and is already being used to hijack user access. The reports came after the FBI issued a public alert outlining how the tool works and why it poses a different kind of risk. Unlike conventional phishing attempts that rely on stolen passwords, Kal…

·United Kingdom
Read Full Article
Fox8Fox8
Center

Cyber attackers hijacking Microsoft Outlook, Teams and 365 log-ins, FBI says

A new phishing tool is allowing cyber attackers to get access to Microsoft 365 users' accounts without even needing to know your password, the FBI said in a warning issued to the public on Thursday.

·Cleveland, United States
Read Full Article
louisianafirstnews.comlouisianafirstnews.com
+9 Reposted by 9 other sources
Center

Cyber attackers are hijacking Microsoft Outlook, Teams and 365 log-ins, FBI says

A new phishing tool is allowing cyber attackers to get access to Microsoft 365 users' accounts without even needing to know your password, the FBI said in a warning issued to the public on Thursday.

Read Full Article
FOX13newsFOX13news
Reposted by
livenowfox.comlivenowfox.com
Center

FBI warns of phishing scam targeting Microsoft 365 accounts

The FBI is warning the public about a new phishing scam called Kali365 that allows hackers to break into Microsoft 365 accounts.

·Florida, United States
Read Full Article
Krem2 NewsKrem2 News
+9 Reposted by 9 other sources
Center

FBI warns of new phishing tool targeting Microsoft 365 accounts

The FBI warned that a phishing tool can bypass Microsoft 365 passwords, giving attackers access to Teams, Outlook and more. Here's how to protect your account. (AP)

·Spokane, United States
Read Full Article
Alabama LiveAlabama Live
Center

FBI issues serious warning for Outlook, Teams, OneDrive users

The Federal Bureau of Investigation is warning about a fast-spreading scam targeting users of popular Microsoft 365 products like Outlook, Teams and OneDrive.

·Alabama, United States
Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 86% of the sources are Center
86% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

Cybersecurity Dive broke the news on Tuesday, May 26, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

FBI icon

FBI

Business icon

Business

Cyberattacks icon

Cyberattacks

Artificial Intelligence icon

Artificial Intelligence

United States icon

United States

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal