By Zak Doffman
Publication Date: 2026-05-25 06:30:00
New FBI warning for Microsoft users.
NurPhoto via Getty Images
The FBI issued a warning on May 21, as a new AI-powered attack enables “threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials.”
Dubbed Kali365, this phishing-as-a-service threat was first discovered last month. The FBI released its public service announcement “to warn the public” that these attacks use Microsoft’s authentication infrastructure to steal user credentials.
The new phishing-as-a-service platform is distributed via every hacker’s favorite messenger — Telegram. But the attack will come at you via email. “Kali365 lowers the barrier of entry,” the bureau says, “providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and…
