s your Microsoft 365 account as secure as you think?. On May 21, 2026, the FBI issued a critical warning about Kali365, a new "phishing-as-a-service" platform that is lowering the barrier for cybercriminals globally. In today’s episode, we investigate how this AI-powered kit allows even low-skilled attackers to bypass Multi-Factor Authentication (MFA) by stealing OAuth session tokens instead of passwords.
We break down the "device code flow" trap: how hackers trick users into entering legitimate codes on real Microsoft pages to authorize unauthorized access to Outlook, Teams, and OneDrive. We also analyze the AI-generated templates that impersonate SharePoint, DocuSign, and Adobe to create the perfect lure. Join us as we discuss the FBI’s urgent mitigation strategies, from restricting device code flow to enforcing conditional access policies, to ensure your business doesn't become the next victim of this industrial-scale phishing wave.
This episode includes AI-generated content.
