Tag
microsoft-365
Safeguard articles tagged "microsoft-365" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Identity Security
FBI Warns on Kali365: A PhaaS Kit That Steals M365 OAuth Tokens and Bypasses MFA (May 2026)
The FBI's May 21, 2026 IC3 advisory details Kali365, a Telegram-distributed phishing-as-a-service kit that uses device-code phishing to capture Microsoft 365 access and refresh tokens, granting password-free, MFA-immune persistence.
May 22, 202611 min read
Social Engineering
The 'Code of Conduct' Phishing Wave: AiTM Token Theft Hit 13,000 Orgs (May 2026)
Microsoft detailed a polished phishing campaign that weaponized fake HR 'code of conduct' investigations to steal session tokens via adversary-in-the-middle proxies, bypassing MFA across 13,000+ organizations in 26 countries.
May 13, 202611 min read