• Latest
Kali365 raises Microsoft 365 breach risks — Arabian Post

Kali365 raises Microsoft 365 breach risks — Arabian Post

May 25, 2026
Disney’s ‘Moana’ makes an underwhelming splash at box office

Disney’s ‘Moana’ makes an underwhelming splash at box office

July 13, 2026
Singaporean asks why companies pay new hires 20% more while loyal employees get 2% to 4% raises

Singaporean asks why companies pay new hires 20% more while loyal employees get 2% to 4% raises

July 13, 2026
Carlyle Consortium set to take control of defence parts supplier Micropack

Carlyle Consortium set to take control of defence parts supplier Micropack

July 13, 2026
Clavicular cuts a path across Tel Aviv, dividing pro-Israel influencers over his record of antisemitism

Clavicular cuts a path across Tel Aviv, dividing pro-Israel influencers over his record of antisemitism

July 13, 2026
Lindsey Graham Championed Israel, Even as Wars Eroded American Support

Lindsey Graham Championed Israel, Even as Wars Eroded American Support

July 13, 2026
Five workers killed by India-backed terrorists in Balochistan’s Mashkel

Five workers killed by India-backed terrorists in Balochistan’s Mashkel

July 13, 2026
Typhoon Bavi Hits China, Causing Evacuations, Floods and Flight Delays

Typhoon Bavi Hits China, Causing Evacuations, Floods and Flight Delays

July 13, 2026
Vatican ambassador visits Israel Museum’s archaeology wing

Vatican ambassador visits Israel Museum’s archaeology wing

July 12, 2026
Trump aide Graham, who backed tariffs on India, passes away

Trump aide Graham, who backed tariffs on India, passes away

July 12, 2026
Man urges Novena Square 2 to install urinal dividers after cramped layout raises privacy concerns

Man urges Novena Square 2 to install urinal dividers after cramped layout raises privacy concerns

July 12, 2026
De Beyrouth à l’académie française, Amin Maalouf

De Beyrouth à l’académie française, Amin Maalouf

July 13, 2026
Six Tamil and Muslim parties to hold secret talks in Colombo tomorrow – Sri Lanka Mirror – Right to Know. Power to Change

Six Tamil and Muslim parties to hold secret talks in Colombo tomorrow – Sri Lanka Mirror – Right to Know. Power to Change

July 12, 2026
Monday, July 13, 2026
  • About us
  • Advertise with us
  • Submit Articles
  • Privacy Policy
  • Contact us
Asia Today
No Result
View All Result
Subscribe
  • Login
  • Eastern Asia
    • China
    • Japan
    • Mongolia
    • North Korea
    • South Korea
  • South-eastern Asia
    • Brunei
    • Cambodia
    • Indonesia
    • Laos
    • Malaysia
    • Myanmar
    • Philippines
    • Singapore
    • Thailand
    • Timor Leste
    • Vietnam
  • Southern Asia
    • Afghanistan
    • Bangladesh
    • Bhutan
    • India
    • Iran
    • Maldives
    • Nepal
    • Pakistan
    • Sri Lanka
  • Central Asia
    • Kazakhstan
    • Kyrgyzstan
    • Tajikistan
    • Turkmenistan
    • Uzbekistan
  • Western Asia
    • Armenia
    • Azerbaijan
    • Bahrain
    • Cyprus
    • Georgia
    • Iraq
    • Israel
    • Jordan
    • Kuwait
    • Lebanon
    • Oman
    • Qatar
    • Saudi Arabia
    • State of Palestine
    • Syria
    • Turkey
    • United Arab Emirates
    • Yemen
  • More News
    • Opinion
    • Politics
    • Business
    • Entertainment
    • Fashion
    • Food
    • Health
    • Lifestyle
    • Science
    • Tech
    • Sports
  • Eastern Asia
    • China
    • Japan
    • Mongolia
    • North Korea
    • South Korea
  • South-eastern Asia
    • Brunei
    • Cambodia
    • Indonesia
    • Laos
    • Malaysia
    • Myanmar
    • Philippines
    • Singapore
    • Thailand
    • Timor Leste
    • Vietnam
  • Southern Asia
    • Afghanistan
    • Bangladesh
    • Bhutan
    • India
    • Iran
    • Maldives
    • Nepal
    • Pakistan
    • Sri Lanka
  • Central Asia
    • Kazakhstan
    • Kyrgyzstan
    • Tajikistan
    • Turkmenistan
    • Uzbekistan
  • Western Asia
    • Armenia
    • Azerbaijan
    • Bahrain
    • Cyprus
    • Georgia
    • Iraq
    • Israel
    • Jordan
    • Kuwait
    • Lebanon
    • Oman
    • Qatar
    • Saudi Arabia
    • State of Palestine
    • Syria
    • Turkey
    • United Arab Emirates
    • Yemen
  • More News
    • Opinion
    • Politics
    • Business
    • Entertainment
    • Fashion
    • Food
    • Health
    • Lifestyle
    • Science
    • Tech
    • Sports
No Result
View All Result
Morning News
No Result
View All Result
Home Western Asia United Arab Emirates

Kali365 raises Microsoft 365 breach risks — Arabian Post

by Asia Today Team
May 25, 2026
in United Arab Emirates
Reading Time: 3 mins read
20 2
A A
0
Kali365 raises Microsoft 365 breach risks — Arabian Post
25
SHARES
309
VIEWS
Share on FacebookShare on Twitter

READ ALSO

UAE intercepts Iranian missiles and drones — Arabian Post

US eases technology and defence exports to UAE — Arabian Post


US federal investigators have warned {that a} new phishing-as-a-service platform referred to as Kali365 is enabling cybercriminals to steal Microsoft 365 entry tokens and bypass multi-factor authentication with out capturing victims’ passwords.

The platform, first noticed in April 2026 and distributed primarily via Telegram, marks a sharper flip in identity-based assaults as a result of it abuses reliable Microsoft authentication flows slightly than counting on pretend login pages alone. By capturing OAuth entry and refresh tokens, operators can acquire continued entry to electronic mail, recordsdata, chats and cloud providers inside Microsoft 365 environments even when an organisation has MFA in place.

Kali365 is being marketed as a ready-made crimeware service for attackers with various ranges of technical talent. Its capabilities embrace AI-generated phishing lures, automated marketing campaign templates, real-time goal monitoring dashboards and token seize features. The mannequin lowers the operational barrier for account takeover campaigns, permitting much less skilled actors to run assaults that might beforehand have required stronger data of cloud id techniques.

The assault chain usually begins with an electronic mail designed to resemble a trusted cloud, document-sharing or office communication discover. The sufferer is instructed to enter a tool code on a real Microsoft verification web page. As a result of the consumer completes the sign-in course of via Microsoft’s actual authentication system, the interplay could seem reliable and might fulfill MFA necessities. As soon as the code is entered, the attacker’s system or session is authorised, and OAuth tokens could be harvested for continued entry.

The hazard lies within the distinction between stealing passwords and stealing tokens. A compromised password could be modified, and MFA can block many credential-based intrusions. A stolen token, nonetheless, can permit an attacker to entry providers as an already authenticated consumer till the token expires or is revoked. Refresh tokens can prolong that window, giving attackers time to look mailboxes, obtain recordsdata, monitor Groups conversations, set forwarding guidelines, or use the compromised account to achieve different staff.

The emergence of Kali365 displays a wider shift in phishing operations from crude credential harvesting to abuse of trusted id protocols. System code phishing has gained traction as a result of it depends on reliable Microsoft pages, decreasing the effectiveness of consumer coaching that focuses solely on recognizing lookalike domains. It additionally complicates automated detection as a result of the authentication occasion could not instantly resemble a traditional failed login or suspicious password entry.

Cybersecurity researchers have tracked related ways throughout financially motivated teams and state-linked operators since 2025. Campaigns utilizing device-code abuse have focused Microsoft 365 customers in company, educational, authorities and public-sector environments. Some operations have used document-sharing themes, wage notices, assembly recordings and password expiry prompts to induce victims to observe directions rapidly.

The unfold of such platforms via Telegram has amplified the menace. Closed and semi-open channels have develop into marketplaces for phishing kits, stolen credentials, malware loaders and automation instruments. Kali365’s subscription format mirrors a broader cybercrime financial system during which builders keep platforms whereas associates or clients conduct campaigns. This separation of roles permits malicious providers to scale quickly and makes attribution tougher.

Microsoft 365 stays a high-value goal as a result of it sits on the centre of enterprise communication and doc administration. Entry to at least one mailbox can present attackers with invoices, contracts, inner contacts, cloud storage hyperlinks and authentication prompts from different providers. A compromised account may also be used to launch enterprise electronic mail compromise schemes, alter fee directions, impersonate executives, or transfer laterally via an organisation.

Defensive measures now want to maneuver past password resets and fundamental MFA enforcement. Directors are being urged to evaluation whether or not system code circulation is required of their setting and to limit it the place potential via Conditional Entry controls. Organisations may shorten token lifetimes, monitor uncommon OAuth consent exercise, revoke refresh tokens after suspected compromise, and examine surprising sign-ins from unfamiliar areas, units or purposes.

Consumer training stays essential however have to be up to date to replicate the character of the menace. Staff ought to deal with unsolicited device-code prompts as suspicious, even when the web page is hosted on a reliable Microsoft area. Verification requests ought to be checked via inner IT channels, notably when linked to shared paperwork, Groups recordings, voicemail notifications or pressing account actions.



Source link

Tags: ArabianBreachKali365MicrosoftPostraisesrisks

Related Posts

UAE intercepts Iranian missiles and drones — Arabian Post
United Arab Emirates

UAE intercepts Iranian missiles and drones — Arabian Post

July 12, 2026
US eases technology and defence exports to UAE — Arabian Post
United Arab Emirates

US eases technology and defence exports to UAE — Arabian Post

July 12, 2026
AI-built malware maps corporate networks during intrusion — Arabian Post
United Arab Emirates

AI-built malware maps corporate networks during intrusion — Arabian Post

July 11, 2026
Emrill opens central warehouse to sharpen Dubai operations — Arabian Post
United Arab Emirates

Emrill opens central warehouse to sharpen Dubai operations — Arabian Post

July 10, 2026
Belgium rises to third in EU air freight — Arabian Post
United Arab Emirates

Belgium rises to third in EU air freight — Arabian Post

July 10, 2026
5 Law Firms Making a Difference in San Diego — Arabian Post
United Arab Emirates

5 Law Firms Making a Difference in San Diego — Arabian Post

July 9, 2026
Asia Today

Copyright © 2022 Asia Today.

Navigate Site

  • Disclaimer
  • Privacy Policy
  • Cookie Privacy Policy
  • DMCA
  • Terms and Conditions
  • Contact us

Follow Us

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Homepages
  • World
  • Eastern Asia
    • China
    • Japan
    • Mongolia
    • North Korea
    • South Korea
  • South-eastern Asia
    • Brunei
    • Cambodia
    • Indonesia
    • Laos
    • Malaysia
    • Myanmar
    • Philippines
    • Singapore
    • Thailand
    • Timor Leste
    • Vietnam
  • Southern Asia
    • Afghanistan
    • Sri Lanka
    • Bangladesh
    • Bhutan
    • India
    • Iran
    • Maldives
    • Nepal
    • Pakistan
    • Central Asia
    • Kazakhstan
    • Kyrgyzstan
    • Tajikistan
    • Turkmenistan
    • Uzbekistan
  • Western Asia
    • Armenia
    • Azerbaijan
    • Bahrain
    • Cyprus
    • Georgia
    • Iraq
    • Israel
    • Jordan
    • Kuwait
    • Lebanon
    • Oman
    • Qatar
    • Saudi Arabia
    • State of Palestine
    • Syria
    • Turkey
    • United Arab Emirates
    • Yemen
  • Opinion
  • Politics
  • Business
  • Entertainment
  • Fashion
  • Food
  • Health
  • Lifestyle
  • Science
  • Tech
  • Travel
  • Sports
  • About us
  • Advertise with us
  • Privacy Policy
  • Contact us
  • Support AsiaToday

Copyright © 2022 Asia Today.