A newly identified phishing-as-a-service platform known as Kali365 is targeting Microsoft 365 users, putting Outlook, OneDrive, and Teams accounts at serious risk. By exploiting the legitimate Device Code authentication flow, attackers trick users into entering temporary codes on genuine Microsoft verification pages. This session-hijacking method allows cybercriminals to bypass Multi-Factor Authentication (MFA) and secure persistent access to sensitive cloud data without passwords. To protect your organization, we urge users to remain highly vigilant with device code requests and recommend that IT administrators disable this authentication flow where not required. As always, stay alert—if you receive an unexpected document or login prompt, forward the suspicious link or email to the emailSONAR AI-powered verification platform to safely verify its authenticity before proceeding.