On May 21, 2026, the FBI warned that Kali365, a phishing-as-a-service platform promoted through Telegram, is being used to hijack Microsoft 365 accounts by abusing Microsoft’s legitimate device-code sign-in flow and capturing OAuth tokens instead of passwords. That distinction matters because it...