FBI warns Microsoft 365 users of phishing scam. How to stay safe

In late May, the FBI warned U.S. residents of a new phishing scam, Kali365 targeting Microsoft 365 users. Here's how to ID, ...

SearchLeak: Critical Microsoft 365 Copilot Flaw Enabled One-Click Theft of Emails, Security Codes and Enterprise Data

Researchers uncovered SearchLeak, a critical Microsoft 365 Copilot flaw that could let attackers steal emails, OTPs and ...
The Hacker News

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one ...

FBI warns of phishing scam targeting Microsoft 365 accounts

The FBI is warning the public about a new phishing scam called Kali365 that allows hackers to break into Microsoft 365 accounts.
Repairer Driven News

FBI warns about Microsoft 365 cyber attacks that don’t need passwords

The FBI has issued a public service announcement (PSA) warning about an emerging phishing scam targeting Microsoft 365 ...
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

In February 2025, the Microsoft Threat Intelligence Center warned that Russian hackers were targeting Microsoft 365 accounts using device code phishing. In December, ProofPoint reported similar ...
CSOonline

EvilTokens abuses Microsoft device code flow for account takeovers

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit ...

Your Microsoft text codes are going away

Microsoft says it will phase out SMS codes for personal account sign-ins, urging users to switch to passkeys for better protection against scammers.

FBI warns of Kali365 phishing scam targeting Microsoft 365 users

The Federal Bureau of Investigations issued a public service announcement Monday to warn of a phishing scam that targets ...