FBI Warns Microsoft Users—New Attack Gains Access To Accounts

InnovationCybersecurityFBI Warns Microsoft Users—New Attack Gains Access To AccountsByZak Doffman,Contributor.Forbes contributors publish independent expert analyses and insights. Zak Doffman writes about cybersecurity, surveillance and privacy.Follow AuthorMay 25, 2026, 02:30am EDTMay 25, 2026, 02:32am EDT--:-- / --:--This voice experience is generated by AI. Learn more.This voice experience is generated by AI. Learn more.New FBI warning for Microsoft users.NurPhoto via Getty ImagesThe FBI issued a warning on May 21, as a new AI-powered attack enables "threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user's credentials.”Dubbed Kali365, this phishing-as-a-service threat was first discovered last month. The FBI released its public service announcement “to warn the public" that these attacks use Microsoft’s authentication infrastructure to steal user credentials.Forbes‘Pause Windows Updates’—Microsoft Starts Fixing PC ProblemBy Zak DoffmanThe new platform-as-a-service is distributed via every hacker’s favorite messenger — Telegram. But the attack will come at you via email. “Kali365 lowers the barrier of entry," the bureau says, "providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities.”If you’re targeted, you’ll first see an email “impersonating (a) trusted cloud productivity (or) document-sharing services.” This will include a device code “with instructions to visit a legitimate Microsoft verification page and enter the code.”MORE FOR YOUYou then “navigate to the real Microsoft page and paste in the device code,” at this point you’re sharing your OAuth access code with the attacker, who can then use these on their own machine, gaining access to your Microsoft 365 account.The FBI warns that once that’s done, “the attacker...