FBI warns of Kali phishing scam hitting Microsoft OAuth tokens

A new phishing kit is being offered on Telegram allowing even newbie hackers an easy way to grab OAuth tokens.
Windows Report

FBI Warns Kali365 Can Bypass Microsoft 365 MFA Using OAuth Tokens

The FBI warns that Kali365 phishing attacks can bypass Microsoft 365 MFA by stealing OAuth session tokens through device code phishing.
CSO Online

Security experts caution MFA alone can no longer stop threat actors

Current campaigns are allowing even novice attackers to scoop up authentication tokens with increasing frequency, bypassing ...

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Microsoft Confirms New And Widespread 2FA Code Attacks Ongoing

The Microsoft Defender Security Research Team has confirmed that a pervasive new authentication code attack is compromising hundreds of organizations daily.