Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedMedium impactAI Generated
FBI Advisory: Kali365 Phishing-as-a-Service Targeting Microsoft 365 via OAuth Token Theft
Occurred 1 Apr 2026·Detected 22 May 2026·
🇺🇸 FBI Headquarters, Washington D.C., USA (advisory origin); threat is global in reach targeting any Microsoft 365 tenant worldwide1 reportEnded 29 May 2026
Cyber
The FBI issued a formal advisory warning about Kali365, a Telegram-based phishing-as-a-service (PhaaS) platform enabling cybercriminals to capture legitimate OAuth tokens and gain unauthorized access to Microsoft 365 environments. The advisory follows observed attacks in April 2026. The service lowers the technical barrier for credential theft at scale, posing broad enterprise and government risk globally.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Medium impact. MEDIUM: High-row recalibration. The Kali365 Microsoft 365 phishing-as-a-service advisory is relevant to Cyber books because OAuth token theft can enable BEC, data theft and ransomware pathways. Impact is not HIGH absent confirmed breach scale, named major victims, insured-loss estimate, claims activity, service outage, or business interruption.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Geographic Zone Matches
1 active match
- TRIA Certified AreasRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Affected countries
🇺🇸 United States
Timeline
Status Change2 Jun 2026, 13:05
Lifecycle changed
monitoring → closed
Closure2 Jun 2026, 13:05
Event Closed
auto_closed_monitoring_timeout
Status Change29 May 2026, 05:30
Status changed to monitoring
Auto-transitioned: no updates for 6 hours
active → monitoring
Status Change28 May 2026, 22:34
Status changed to active
evidence_trigger: authoritative_fast_track
signal → active
De-escalation25 May 2026, 18:22
Impact changed
high → medium
Initial Detection22 May 2026, 20:44
Initial Detection
The FBI issued a formal advisory warning about Kali365, a Telegram-based phishing-as-a-service (PhaaS) platform enabling cybercriminals to capture legitimate OAuth tokens and gain unauthorized access to Microsoft 365 environments. The advisory follows observed attacks in April 2026. The service lowers the technical barrier for credential theft at scale, posing broad enterprise and government risk globally.
The law enforcement agency published an advisory on Thursday about Kali365 — a Telegram-based service for cybercriminals that allows them to capture legitimate 'OAuth' tokens enabling widespread access to Microsoft 365 environments.
Source: The Record (Cyber) (Trade Media) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts