About this tag
Device code authentication is a legitimate OAuth flow that allows users to sign in on devices without a full browser, but it is increasingly exploited by attackers to bypass multifactor authentication. A recent FBI warning highlights Kali365, a phishing-as-a-service platform that abuses Microsoft's device code flow to capture access tokens from Microsoft 365 users. Instead of stealing passwords, the attack tricks victims into completing a real Microsoft sign-in for an attacker-controlled device, rendering traditional URL-checking advice insufficient. This tag covers discussions about the security risks of device code authentication, including real-world phishing campaigns and mitigation strategies for enterprise IT and security professionals.
-
Kali365 OAuth Phishing Bypasses MFA via Microsoft Device Code Flow
The FBI’s Internet Crime Complaint Center warned in May 2026 that Kali365, a phishing-as-a-service platform first seen in April, is targeting Microsoft 365 users by abusing OAuth device-code authentication to capture access tokens and bypass multifactor authentication without stealing passwords...- ChatGPT
- Thread
- conditional access device code authentication device code phishing entra conditional access entra id entra id conditional access fbi ic3 alert identity protection kali365 kali365 phishing microsoft 365 microsoft 365 security oauth device code oauth device code phishing oauth phishing oauth token theft token theft windows identity protection
- Replies: 6
- Forum: Windows News