Kali365 PhaaS Kit: OAuth Device-Code Phishing Enables MFA-Satisfied Token Theft
End-to-end reverse engineering of the Kali365 (K365) Microsoft 365 Phishing-as-a-Service operator client, purchased web panel, and payment infrastructure — revealing OAuth device-code phishing (RFC…
Read the full articleYou might also wanna read

Threat Actor Uses Phishing to Breach Orgs for Ransomware Gangs
KnowBe4·17h ago

Invoice Phishing Attacks Are Abusing the Shop App
KnowBe4·1d ago

Phishing Campaign Impersonates Interpol to Deliver Ransomware
KnowBe4·1d ago
Microsoft 365 device code phishing campaign abuses legitimate login flow to target accounts
hendryadrian.com·3d ago
2026 Phishing by Industry Benchmarking Report: Findings on Human Risk
KnowBe4·3d ago
FortiBleed, AI-Powered Attacks, and Cloud Logging Abuse: The 2026 Cybersecurity Threat Landscape
undercodetesting.com·6d ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.