New Phishing Scam ‘Kali365’ Bypasses MFA to Target Outlook and OneDrive Users
A newly identified phishing-as-a-service platform known as Kali365 is targeting Microsoft 365 users, putting Outlook, OneDrive, and Teams accounts at serious risk. By exploiting the legitimate Device Code authentication flow, attackers trick users into entering temporary codes on genuine Microsoft verification pages. This session-hijacking method allows cybercriminals to bypass Multi-Factor Authentication (MFA) and secure persistent […]