You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
fbi ic3 alert
About this tag
The FBI IC3 alert tag covers cybersecurity warnings issued by the FBI's Internet Crime Complaint Center, with a focus on threats to Microsoft 365 users. Recent content highlights a May 2026 alert about Kali365, a phishing-as-a-service platform that abuses OAuth device-code authentication to bypass multifactor authentication. The attack tricks victims into completing a real Microsoft sign-in flow for an attacker's device, making traditional anti-phishing advice insufficient. Discussions on this tag analyze the technical details of the attack and its implications for enterprise security, emphasizing the need for updated defenses against token theft and MFA bypass techniques.
The FBI’s Internet Crime Complaint Center warned in May 2026 that Kali365, a phishing-as-a-service platform first seen in April, is targeting Microsoft 365 users by abusing OAuth device-code authentication to capture access tokens and bypass multifactor authentication without stealing passwords...