FBI warns Microsoft 365 users of phishing scam. How to stay safe

In late May, the FBI warned U.S. residents of a new phishing scam, Kali365 targeting Microsoft 365 users. Here's how to ID, ...
CyberGuy

FBI warns Microsoft users about passwordless scam

FBI warns Kali365 can hijack Microsoft 365 without passwords. Learn how the scam beats MFA and how to protect your Outlook ...

FBI Warns: ‘Kali365’ Phishing Service Targets Microsoft 365 Accounts

The FBI warned that Kali365 can hijack Microsoft 365 accounts by abusing device code authentication and capturing OAuth tokens.
The Hacker News

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one ...

FBI warns of Kali365 phishing scam targeting Microsoft 365 users

The Federal Bureau of Investigations issued a public service announcement Monday to warn of a phishing scam that targets ...

SearchLeak: Critical Microsoft 365 Copilot Flaw Enabled One-Click Theft of Emails, Security Codes and Enterprise Data

Researchers uncovered SearchLeak, a critical Microsoft 365 Copilot flaw that could let attackers steal emails, OTPs and ...
CSOonline

EvilTokens abuses Microsoft device code flow for account takeovers

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit ...
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

In February 2025, the Microsoft Threat Intelligence Center warned that Russian hackers were targeting Microsoft 365 accounts using device code phishing. In December, ProofPoint reported similar ...

Your Microsoft text codes are going away

Microsoft says it will phase out SMS codes for personal account sign-ins, urging users to switch to passkeys for better protection against scammers.