Top entities: Microsoft, United States — Federal Bureau of Investigation, Microsoft Outlook, OneDrive, OAuth.

What category does this event fall under?

Regulatory — classified as phishing attack.

What is the sentiment of coverage?

Aggregate sentiment score: -70 on a -100 to +100 scale (negative = critical coverage, positive = favorable coverage).

What were the key actions taken?

United States — Federal Bureau of Investigation warned organizations about · Microsoft issued OAuth access token · United States — Federal Bureau of Investigation recommended measures to mitigate

Is this event still developing?

This is an active story, last updated Jun 01, 2026. Coverage continues to evolve.

Regulatory phishing attack

FBI Warns Kali365 Phishing Targets Microsoft

Q: When did this event occur?

First reported May 21, 2026; last updated Jun 01, 2026.

Q: What is the market impact?

Direct. The Kali365 phishing campaign directly impacts Microsoft>>> and its users by compromising account security and potentially leading to data theft and financial fraud.

Analysis based on 27 articles · First reported May 21, 2026 · Last updated Jun 01, 2026

Sentiment

-70

Attention

Articles

Market Impact

Direct

Live prominence charts, article sentiment distribution, and event development timeline available on the NewsDesk Dashboard

Market Impact

The Kali365 phishing campaign directly impacts Microsoft>>> and its users by compromising account security and potentially leading to data theft and financial fraud. This could lead to increased demand for cybersecurity solutions and services, benefiting companies in that sector. For Microsoft>>>, it could necessitate further investment in security features and potentially impact user trust if not effectively mitigated.

Cybersecurity Software Information Technology

Event Summary

The United States — Federal Bureau of Investigation>>> (FBI) has issued a warning about Kali365, a new phishing-as-a-service (PhaaS) platform distributed primarily via Telegram>>>. First detected in April 2026, Kali365 enables cyber threat actors to bypass multifactor authentication (MFA) and gain persistent access to Microsoft>>> 365 environments by capturing OAuth tokens. The attack involves sending phishing emails with a device code and instructions to visit a legitimate Microsoft>>> verification page. Victims unknowingly authorize the attacker's device by entering the code, granting access to services like Outlook, Teams, and OneDrive without needing passwords or additional MFA. The FBI recommends restricting device code flow, blocking authentication transfers, and reporting incidents to the Internet Crime Complaint Center (IC3.gov). Bleeping Computer and Arctic wolf>>> have also reported on the increasing use of device code phishing.

Key Actions

80 United States — Federal Bureau of Investigation warned organizations about

80 Microsoft issued OAuth access token

70 United States — Federal Bureau of Investigation recommended measures to mitigate

70 United States — Federal Bureau of Investigation advised organizations to block

62 United States — Federal Bureau of Investigation urged organizations

60 United States — Federal Bureau of Investigation encouraged reporting incidents

40 Arctic wolf reported on activity

Entities Involved

stock

Microsoft

The Kali365 phishing platform targets Microsoft>>> 365 accounts, including services like Outlook, Teams, and OneDrive, by exploiting Microsoft>>>'s legitimate device code authentication flow to steal OAuth tokens and bypass MFA.

Importance 100 Sentiment -50

govactor

United States — Federal Bureau of Investigation

The United States — Federal Bureau of Investigation>>> issued a warning about the Kali365 phishing platform and provided mitigation recommendations to organizations and users.

Importance 90 Sentiment 0

oth

Microsoft Outlook

Microsoft Outlook>>> is one of the key Microsoft>>> applications targeted by the Kali365 phishing scam, allowing cybercriminals to access emails and potentially sensitive information. This direct compromise affects its users' security.

Importance 90 Sentiment -60

oth

OneDrive

OneDrive>>> is another Microsoft>>> application vulnerable to the Kali365 phishing scam, enabling attackers to access and potentially steal files. This poses a risk to data integrity and privacy for its users.

Importance 90 Sentiment -60

oth

OAuth

OAuth>>> tokens are the digital keys captured by the Kali365 scam, allowing attackers to bypass multi-factor authentication and gain persistent access to Microsoft>>> accounts. This exploitation highlights a vulnerability in how these tokens are secured.

Importance 70 Sentiment -40

priv

Telegram>>> is the primary platform used for distributing and promoting the Kali365 phishing-as-a-service platform to cyber threat actors.

Importance 60 Sentiment -20

govactor

United States — Internet Crime Complaint Center

The United States — Internet Crime Complaint Center>>> is the recommended body for individuals to file complaints if they suspect they have been targeted by the Kali365 phishing attack. It serves as a crucial reporting and tracking mechanism for cybercrime.

Importance 60 Sentiment 0

priv

North American Cobalt Inc.

North American Cobalt Inc.>>> is one of the regions where thousands of Kali365 attacks have been reported, indicating a broad geographical impact of the scam. This highlights the widespread nature of the threat.

Importance 40 Sentiment -30

loc

Europe

Europe>>> is another region where the Kali365 phishing scam has been actively targeting organizations, demonstrating the international reach of this cyber threat. This indicates a global concern for cybersecurity.

Importance 40 Sentiment -30

priv

Arctic wolf

Researchers at Arctic wolf>>> observed Kali365-linked activity where attackers accessed mailboxes, created malicious inbox rules, and registered new devices in victim environments.

Importance 30 Sentiment 0

oth

Bleeping Computer

Bleeping Computer>>> reported on the Kali365 platform and its methods, contributing to the public awareness of the threat.

Importance 30 Sentiment 0

stock

Proofpoint

Proofpoint>>> is one of several cybersecurity firms that warned about hundreds of attacks involving hackers using Kali365 and similar phishing-as-a-service platforms.

Importance 20 Sentiment 0

stock

IBM

IBM>>> is one of several cybersecurity firms that noted the existence of multiple services akin to Kali365 offering similar capabilities.

Importance 20 Sentiment 0

priv

Huntress (company)

Huntress (company)>>> is one of several cybersecurity firms that noted the existence of multiple services akin to Kali365 offering similar capabilities.

Importance 20 Sentiment 0

stock

Alphabet Inc.

Alphabet Inc.>>> researchers demonstrated AI-assisted phishing methods, highlighting the broader trend of advanced phishing techniques.

Importance 10 Sentiment 0

+ 4 more entities View on Dashboard

NEWSDESK

Track this event live

Set up alerts, explore entity relationships, search across thousands of events, and build custom intelligence feeds.

Open Dashboard