FBI warns Microsoft 365 users of phishing scam. How to stay safe

In late May, the FBI warned U.S. residents of a new phishing scam, Kali365 targeting Microsoft 365 users. Here's how to ID, ...
The Hacker News

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one ...

FBI Warns: ‘Kali365’ Phishing Service Targets Microsoft 365 Accounts

The FBI warned that Kali365 can hijack Microsoft 365 accounts by abusing device code authentication and capturing OAuth tokens.

SearchLeak: Critical Microsoft 365 Copilot Flaw Enabled One-Click Theft of Emails, Security Codes and Enterprise Data

Researchers uncovered SearchLeak, a critical Microsoft 365 Copilot flaw that could let attackers steal emails, OTPs and ...
Daily Jang

FBI issues urgent warning: New ‘Kali365’ scam targets Microsoft 365 users

The FBI has issued an urgent warning regarding a sophisticated new phishing platform called “Kali365” that is successfully targeting Microsoft 365 users.Unlike typical scams that aim to steal your ...
CSOonline

EvilTokens abuses Microsoft device code flow for account takeovers

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit ...

FBI warns Microsoft 365 users of dangerous Kali365 phishing scam: How it works and how to stay safe

The FBI is warning Microsoft 365 users about a new phishing scam called Kali365 that can bypass passwords and multifactor ...