FBI Warns Microsoft 365 Users of Kali365 Phishing Attack Bypassing Passwords
How 2 Israeli newsrooms covered this story — translated into English and compared side by side.
First reported by Now 14 · 22 hours ago
What happened
The FBI warns Microsoft 365 users about Kali365, a phishing attack that bypasses passwords by exploiting Microsoft's device code login, posing major risks to businesses. The attack tricks victims into authorizing access on legitimate Microsoft pages, enabling attackers to infiltrate accounts undetected. Users and organizations are urged to follow strict security measures and report suspected breaches immediately.
- 01FBI warns of Kali365 phishing attack bypassing Microsoft 365 passwords using device codes.
- 02Kali365 operates as phishing-as-a-service, distributing tools via Telegram since April 2026.
- 03Attackers trick victims into entering codes on legitimate Microsoft login pages, granting access.
- 04Businesses face high risk as attackers can read emails and impersonate trusted sources.
- 05FBI and Microsoft advise avoiding unsolicited code entries and direct login via browsers.
- 06Organizations should monitor access logs, restrict device code use, and report breaches immediately.
Summary translated & synthesized from the sources below by baba. Read each original for the full report.
Full coverage · 2 outlets
The same event, reported separately by each newsroom. Open a few to compare what each emphasizes — and what they leave out.
