FBI issues urgent Kali365 security warning for Teams, Outlook, OneDrive users

The FBI released an urgent security warning to the public about a fast-acting scam targeting Microsoft 365 users on Teams, Outlook and OneDrive.

The agency warned that the hacking platform Kali365 seeks out OAuth device codes, allowing scammers to sneak past multifactor authentication codes, and without the need for a password, to access Microsoft accounts.

Scammers will send a phishing email impersonating a trusted document-sharing service with a device code and instructions on how to verify, according to the FBI.

“Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities,” the FBI stated.

The platform is sold to scammers with a $250 per month subscription.

The FBI, which first detected Kali365 in April, described the hacking platform as an “emerging Phishing-as-a-Service platform.” Hackers with limited skills can access advanced phishing tools through the platform, according to NordPass.

The agency advised users to report phishing emails, suspicious logins and any unauthorized devices or active sessions added to the account to the Internet Crime Complaint Center. The FBI also urged users not to open links with access codes that they did not request.

The Hill has reached out to Microsoft for comment.

Tags

Copyright 2026 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.