Live Wednesday, 17 June 2026
BREAKING
Egyptian FM holds calls with Iranian counterpart , U.S. Envoy on regional developmentsZverev into French Open last-fourIsraeli fire kills four people in Gaza, medics sayAncelotti eases Neymar W. Cup fearsArab, Islamic states condemn Israeli actions at Al-AqsaSyria Hopes for Terrorism Delisting to Spur Economic RecoveryBenfica linked with Fulham’s SilvaVan der Breggen takes Giro leadKremlin: Saudi Arabia Named Guest of Honor at St. Petersburg Economic Forumرياضة محلية‘Really cool to share this journey with her’: Michelle Wie West playing for her family at U.S. Women’s OpenArchaeological Replicas Showcase Saudi Arabia’s Rich History at Kuala Lumpur Int’l Book FairRenewable Energy Helps Red Sea Global Avoid 118,000 Tons of Carbon EmissionsLetter: Carol Rumens obituaryEngland v India: third and deciding women’s T20 cricket international – liveHealthVolunteers serve comfort food in a worrying Ebola outbreak – Sault Michigan NewsEconomyTrump signs AI executive order asking companies to give government early access to modelsVarietySouth West Water fined nearly £2million after supplying homes with parasite-ridden water that left four people in hospital – and telling people it was safe to drinkScience & TechYour car is following you – how to reclaim your data privacy on the open roadWorldHigh school valedictorian yanked from stage after hijacking speech to rant against Israel and ICESaudi FM Receives Written Message from Russian CounterpartEgyptian FM holds calls with Iranian counterpart , U.S. Envoy on regional developmentsZverev into French Open last-fourIsraeli fire kills four people in Gaza, medics sayAncelotti eases Neymar W. Cup fearsArab, Islamic states condemn Israeli actions at Al-AqsaSyria Hopes for Terrorism Delisting to Spur Economic RecoveryBenfica linked with Fulham’s SilvaVan der Breggen takes Giro leadKremlin: Saudi Arabia Named Guest of Honor at St. Petersburg Economic Forumرياضة محلية‘Really cool to share this journey with her’: Michelle Wie West playing for her family at U.S. Women’s OpenArchaeological Replicas Showcase Saudi Arabia’s Rich History at Kuala Lumpur Int’l Book FairRenewable Energy Helps Red Sea Global Avoid 118,000 Tons of Carbon EmissionsLetter: Carol Rumens obituaryEngland v India: third and deciding women’s T20 cricket international – liveHealthVolunteers serve comfort food in a worrying Ebola outbreak – Sault Michigan NewsEconomyTrump signs AI executive order asking companies to give government early access to modelsVarietySouth West Water fined nearly £2million after supplying homes with parasite-ridden water that left four people in hospital – and telling people it was safe to drinkScience & TechYour car is following you – how to reclaim your data privacy on the open roadWorldHigh school valedictorian yanked from stage after hijacking speech to rant against Israel and ICESaudi FM Receives Written Message from Russian Counterpart
Prices
US dollar50.20EGPEuro58.29EGPBritish pound67.40EGPSaudi riyal13.39EGPUAE dirham13.67EGPKuwaiti dinar162.83EGPJordanian dinar70.81EGPQatari riyal13.79EGPTurkish lira1.08EGPChinese yuan7.42EGPGold 246,871.04EGP/gGold 216,012.16EGP/gGold 185,153.28EGP/gSilver110.64EGP/g
US dollar50.20EGPEuro58.29EGPBritish pound67.40EGPSaudi riyal13.39EGPUAE dirham13.67EGPKuwaiti dinar162.83EGPJordanian dinar70.81EGPQatari riyal13.79EGPTurkish lira1.08EGPChinese yuan7.42EGPGold 246,871.04EGP/gGold 216,012.16EGP/gGold 185,153.28EGP/gSilver110.64EGP/g
NEWS BREAKING
Read story
cyber-crime

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

By rivo_admin · May 22, 2026 · 4 min read
FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

The FBI has issued a public service announcement warning about a new phishing kit that’s stealing Microsoft OAuth tokens at an alarming rate. OAuth token theft is a serious headache for organizations because stolen tokens can bypass multi-factor authentication (MFA) and grant access to privileged accounts within an organization without needing to know their credentials. Think corporate espionage, data theft, maybe even ransomware. The main culprit is Kali365, described as a phishing-as-a-service platform that’s being peddled on Telegram, first spotted by crimefighters in April 2026. “Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities,” the FBI said in its announcement. Phishing kits aren’t new. Different flavors are always in development, but the good ones can be especially problematic for organizations. Kali365 lets attackers send convincing phishing emails that impersonate “trusted cloud productivity and document-sharing services,” – Adobe Acrobat Sign, DocuSign, and SharePoint – according to security shop Arctic Wolf. That email contains a device code and instructions for the target to enter the code into a legitimate Microsoft page, a hyperlink for which is included in the email. Entering that code registers the attacker’s device to the unwitting target’s M365 account, effectively surrendering access to emails, Teams, and all the rest of it. No MFA required. Arctic Wolf published a deep dive on Kali365 back in April, noting that it also offers adversary-in-the-middle (AitM) capabilities that are distinct from the device code phishing described by the FBI. The second attack Kali365 enables leads to the same outcome, accessing Microsoft accounts while bypassing MFA, just through slightly different mechanics. Victims are sent an initial phishing email containing a cookie-based lure, which transparently proxies their browser via attacker-controlled infrastructure, Arctic Wolf said. Requests are then forwarded to a real Microsoft login page, and responses are beamed back to the victim, who authenticates the typical way using their valid credentials, passing Microsoft MFA. Session cookies, related artifacts, and other session information are scooped up during this process and stored in the Kali365 attacker panel. From there, attackers can generate scripts to replay those sessions in their own environment, effectively borrowing the genuine user’s session. The researchers’ analysis of Kali365 revealed three distinct tiers for subscribers. The lowest Client Tier is for individual attackers, who can change the branding on the panels to give each a bespoke look while sporting the same underlying powers. The Agent Tier is for resellers who can provision and manage their own branded Kali365 panels and Client Tiers. The Admin Tier is reserved for Kali365’s developers. Kali365 has a simple pricing structure: $250 per month per tenant, or $2,000 for a year. It supports an array of languages: Arabic, Chinese, Dutch, English, French, German, Italian, Japanese, Korean, Polish, Portuguese, Russian, Spanish, and Turkish. Since emerging in April, Kali365 has often been mentioned in the same breath as EvilTokens, another device code phishing platform that hit headlines weeks earlier after Microsoft confirmed hundreds of compromises each day. “Each campaign is distributed at scale, targeting hundreds of organizations with highly varied and unique payloads, making pattern-based detection more challenging,” Tanmay Ganacharya, VP of security research at Microsoft, told The Register. “We continue to observe high-volume activity, with hundreds of compromises occurring daily across affected environments.” Both Arctic Wolf and the FBI suggested organizations at risk should use conditional access policies to block device code flow where not required. Defenders should also consider blocking authentication transfer policies, which let users move authentication between devices such as PCs and phones. ®

المصدر: The Register

#cyber-crime
0 Views

Related stories

أضف تعليقاً

Your email address will not be published. Required fields are marked *