The FBI is warning that Kali365 Microsoft 365 phishing attacks are making it easier for criminals to break into business accounts without stealing a password in the usual way. The threat centers on a phishing kit called Kali365, sold on Telegram, that targets Microsoft 365 OAuth tokens and can bypass multi-factor authentication.