FBI warns Microsoft users about passwordless scam

The FBI warns about Kali365, a phishing scam targeting Microsoft 365 accounts that can bypass multifactor authentication ...
Legit.ng on MSN

FBI warns hackers found way to access Microsoft 365 accounts without passwords

The FBI warned Microsoft users about a phishing scam that bypassed passwords and multifactor authentication to access Outlook ...

Your Microsoft text codes are going away

Microsoft says it will phase out SMS codes for personal account sign-ins, urging users to switch to passkeys for better protection against scammers.

SearchLeak: Critical Microsoft 365 Copilot Flaw Enabled One-Click Theft of Emails, Security Codes and Enterprise Data

Researchers uncovered SearchLeak, a critical Microsoft 365 Copilot flaw that could let attackers steal emails, OTPs and ...
TechRepublic

FBI Warns: ‘Kali365’ Phishing Service Targets Microsoft 365 Accounts

The FBI warned that Kali365 can hijack Microsoft 365 accounts by abusing device code authentication and capturing OAuth tokens. A new phishing service is turning a legitimate Microsoft login process ...
Appuals

How to Fix “Your Account Is Temporarily Locked to Prevent Unauthorized Use” on Microsoft Sign-In

If Microsoft shows Your account is temporarily locked to prevent unauthorized use, the sign-in system has paused access ...
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

In February 2025, the Microsoft Threat Intelligence Center warned that Russian hackers were targeting Microsoft 365 accounts using device code phishing. In December, ProofPoint reported similar ...
CSOonline

EvilTokens abuses Microsoft device code flow for account takeovers

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit ...