{"id":339474,"date":"2026-05-23T15:49:31","date_gmt":"2026-05-23T10:19:31","guid":{"rendered":"https:\/\/ebiztoday.news\/?p=339474"},"modified":"2026-05-23T15:49:31","modified_gmt":"2026-05-23T10:19:31","slug":"fbi-warns-of-kali-oauth-stealers","status":"publish","type":"post","link":"https:\/\/ebiztoday.news\/index.php\/2026\/05\/23\/fbi-warns-of-kali-oauth-stealers\/","title":{"rendered":"FBI warns of Kali Oauth stealers"},"content":{"rendered":"<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>The <a href=\"https:\/\/www.ic3.gov\/PSA\/2026\/PSA260521\">FBI has warned of the danger from a<\/a><a href=\"https:\/\/www.ic3.gov\/PSA\/2026\/PSA260521\" target=\"_blank\" rel=\"noreferrer noopener\"> <\/a><a href=\"https:\/\/www.ic3.gov\/PSA\/2026\/PSA260521\">recent wave of phishing attack<\/a>s generated by a tool called Kali365.<\/p>\n<p>It enables cyber criminals to acquire Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user\u2019s credentials by capturing Oauth tokens linked to the victim\u2019s Microsoft 365 account.<\/p>\n<p>The scam works in an analogous solution to most <a href=\"https:\/\/www.csoonline.com\/article\/514515\/what-is-phishing-examples-types-and-techniques.html\">phishing attacks<\/a>. An attacker sends an email purporting to be from a trusted cloud document sharing service, including instructions to enter a specific code on a legitimate Microsoft site.<\/p>\n<p>The code, nevertheless, authorizes the attacker\u2019s device to access the victim\u2019s Microsoft account.<\/p>\n<p>The FBI has issued a set of instructions for IT security managers to assist mitigate the Kali365 attack before it affects their users. These include making a conditional access policy to dam code flow for all users, with exceptions for the obligatory business processes. Managers must also block authentication transfer policies, stopping users from handing over their access rights from a company PC to a mobile device.<\/p>\n<p>Phishing stays a significant threat for organizations. <a href=\"https:\/\/reports.weforum.org\/docs\/WEF_Global_Cybersecurity_Outlook_2026.pdf\">In response to a World Economic Forum report<\/a> from January this 12 months, CEOs worldwide see it because the principal security threat. It\u2019s also something that will not be going away, 77 percent of organizations think that the variety of phishing attacks has increased up to now 12 months. Kali365 has just added to that number.<\/p>\n<p><em>This text first appeared on <a href=\"https:\/\/www.csoonline.com\/article\/4176464\/fbi-warns-of-kali-oauth-stealers.html\">CSO<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The FBI has warned of the danger from a recent wave of phishing attacks generated by a tool called Kali365. It enables cyber criminals to acquire Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user\u2019s credentials by capturing Oauth tokens linked to the victim\u2019s Microsoft 365 account. The scam works [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":339475,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[19194,2844,52063,52064,7749],"class_list":["post-339474","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-fbi","tag-kali","tag-oauth","tag-stealers","tag-warns"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/339474","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/comments?post=339474"}],"version-history":[{"count":2,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/339474\/revisions"}],"predecessor-version":[{"id":339477,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/339474\/revisions\/339477"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media\/339475"}],"wp:attachment":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media?parent=339474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/categories?post=339474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/tags?post=339474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}