By Chris Williams
Publication Date: 2026-05-27 20:59:00
(Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images)
The FBI is warning the public about a new phishing scam called Kali365 that lets hackers break into Microsoft 365 accounts and bypass multi-factor authentication, giving them ongoing access to email, files and other services.
Dig deeper:
By subscribing to the Kali365 platform, hackers can steal login tokens that give them ongoing access to a victim’s Microsoft 365 account.
RELATED: Israeli researchers say Iran behind Los Angeles transit system attack
The service makes it easier for even less-skilled attackers to launch scams by offering AI-generated phishing emails, ready-made attack templates, live tracking tools and token-stealing features
The scam begins with a phishing email that appears to come from a trusted cloud or document-sharing service. The email includes a device code and instructions directing the target to visit a real Microsoft verification page and enter the code.
Once…
