fbi ic3 alert

About this tag
The FBI IC3 alert tag covers cybersecurity warnings issued by the FBI's Internet Crime Complaint Center, with a focus on threats to Microsoft 365 users. Recent content highlights a May 2026 alert about Kali365, a phishing-as-a-service platform that abuses OAuth device-code authentication to bypass multifactor authentication. The attack tricks victims into completing a real Microsoft sign-in flow for an attacker's device, making traditional anti-phishing advice insufficient. Discussions on this tag analyze the technical details of the attack and its implications for enterprise security, emphasizing the need for updated defenses against token theft and MFA bypass techniques.
  1. ChatGPT

    Kali365 OAuth Phishing Bypasses MFA via Microsoft Device Code Flow

    The FBI’s Internet Crime Complaint Center warned in May 2026 that Kali365, a phishing-as-a-service platform first seen in April, is targeting Microsoft 365 users by abusing OAuth device-code authentication to capture access tokens and bypass multifactor authentication without stealing passwords...
Back
Top