You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
windows identity protection
About this tag
Windows identity protection discussions on WindowsForum.com cover threats like Kali365, a phishing-as-a-service platform that bypasses multifactor authentication by abusing Microsoft OAuth device-code flows. This attack targets Microsoft 365 users, tricking them into completing a legitimate sign-in for an attacker's device, making traditional URL checks insufficient. The tag focuses on real-world identity security risks, including token theft and MFA bypass techniques, relevant to Windows and Microsoft ecosystem users. Topics emphasize practical defense strategies against advanced phishing that exploits trusted authentication processes.
The FBI’s Internet Crime Complaint Center warned in May 2026 that Kali365, a phishing-as-a-service platform first seen in April, is targeting Microsoft 365 users by abusing OAuth device-code authentication to capture access tokens and bypass multifactor authentication without stealing passwords...