FBI warns about fast-growing phishing kit targeting Microsoft 365 users | CyberScoop<\/title> <meta name=\"description\" content=\"Kali365, which was first observed in April, abuses legitimate Microsoft device authorization pages to grant persistent access to cybercriminal-controlled applications.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/fbi-phishing-kali365-microsoft365-access-tokens\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"FBI warns about fast-growing phishing kit targeting Microsoft 365 users\"> <meta property=\"og:description\" content=\"Kali365, which was first observed in April, abuses legitimate Microsoft device authorization pages to grant persistent access to cybercriminal-controlled applications.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/fbi-phishing-kali365-microsoft365-access-tokens\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-05-22T20:41:20+00:00\"> <meta property=\"article:modified_time\" content=\"2026-05-22T20:41:23+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1778775768g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1778005960g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/89151\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=89151\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffbi-phishing-kali365-microsoft365-access-tokens%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffbi-phishing-kali365-microsoft365-access-tokens%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-89151 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/fbi-phishing-kali365-microsoft365-access-tokens\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.266816143498\">\n<div class=\"single-article__header-content\" readability=\"36.236658932715\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/fbi-phishing-kali365-microsoft365-access-tokens\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> Kali365, which was first observed in April, abuses legitimate Microsoft device authorization pages to grant persistent access to cybercriminal-controlled applications. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/89151\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"400\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users.jpg?resize=640%2C400&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-2.jpg 8000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-2.jpg?resize=300,188 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-2.jpg?resize=768,480 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-2.jpg?resize=1024,640 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-2.jpg?resize=1536,960 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-2.jpg?resize=2048,1280 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-2.jpg?resize=600,375 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-2.jpg?resize=269,168 269w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-2.jpg?resize=539,337 539w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-2.jpg?resize=1080,675 1080w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-2.jpg?resize=1349,843 1349w\" sizes=\"(max-width: 1080px) 100vw, 1080px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"43.253059226628\"><body readability=\"89.679138321995\"><\/p>\n<p>The FBI is warning organizations and defenders about Kali365, a growing phishing-as-a-service platform that retrieves Microsoft 365 access tokens, issuing a <a href=\"https:\/\/www.ic3.gov\/PSA\/2026\/PSA260521\">public service announcement<\/a> Thursday. <\/p>\n<p>The toolkit bypasses multi-factor authentication and abuses OAuth device code authorizations via phishing lures impersonating common enterprise services. This technique grants cybercriminal-controlled applications access to Microsoft 365 accounts, opening victims up to a host of follow-on malicious activity, including data theft, fraud, extortion and ransomware attacks.<\/p>\n<p>Kali365 is one of many rapidly emerging device-code phishing tools, which are gaining popularity as a more effective means for cybercriminals to circumvent security controls while abusing legitimate Microsoft device authorization pages, according to researchers. <\/p>\n<p>Instead of gaining access to accounts via phishing kits that steal credentials and second-factor authentication codes, device-code phishing platforms connect a malicious app to a legitimate account with a single code. The process requires fewer steps and less interaction with the user, but victims do have to copy-and-paste a code generated by the Kali365 platform to grant access.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWe see quite a bit of this device-code phishing activity, but so much of it looks really similar. They\u2019re all using the same types of lures, the same types of content, the same branding,\u201d Selena Larson, senior threat researcher at Proofpoint, told CyberScoop. \u201cIt is very much AI generated, AI driven, and the threat actors, I think, are finding it pretty effective because we\u2019re seeing this shift happen kind of all at once.\u201d<\/p>\n<p>Proofpoint researchers observed seven device-code phishing tools that <a href=\"https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/device-code-phishing-evolution-identity-takeover\">looked nearly identical<\/a> during a 10-day period last month.<\/p>\n<p>Device-code phishing isn\u2019t new, but platforms like Kali365 have integrated new techniques that differ from MFA phishing, and might be more effective as a result. \u201cIt\u2019s something that people might not be used to. It\u2019s a little bit sleeker,\u201d Larson said.<\/p>\n<p>This also partly explains why these cybercriminal tools are growing so quickly. Larson said Proofpoint observed an explosion in device-code phishing activity starting in February. <\/p>\n<p>By April, Kali365 was up and running and primarily distributed on Telegram, according to the FBI. \u201cKali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual\/entity tracking dashboards, and OAuth token capture capabilities,\u201d the agency said in the public warning. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Researchers at Arctic Wolf Labs, which has also been tracking <a href=\"https:\/\/arcticwolf.com\/resources\/blog\/token-bingo-dont-let-your-code-be-the-winner\/\">large-scale campaigns linked to Kali365<\/a>, said the platform charges affiliates $250 for 30 days of service or $2,000 for a full year.<\/p>\n<p>Kali365 stores the OAuth access and refresh tokens it captures, and makes those available to affiliates on its platform. Those tokens can also be shared and reused by other cybercriminals who didn\u2019t participate in the initial phishing lure, Arctic Wolf researchers added. <\/p>\n<p>The FBI also noted that these Microsoft 365 tokens provide persistent access, allowing attackers to wade through multiple Microsoft services without a password or additional MFA requests. <\/p>\n<p>\u201cIdentity can be very, very powerful once you\u2019re in an organization,\u201d Larson said, adding that attackers can abuse that access to impersonate people, access and steal data for extortion, commit fraud and deploy malware.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.2477558348294\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/fbi-phishing-kali365-microsoft365-access-tokens\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FBI warns about fast-growing phishing kit targeting Microsoft 365 users<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1997,1841,282,78,6699,669,117,6700,625,3358,4387,60,3627,4274,256,288],"tags":[2000,1847,286,86,6701,671,119,6702,630,3360,4388,67,3630,4277,262,294],"class_list":["post-8678","post","type-post","status-publish","format-standard","hentry","category-access-tokens","category-arctic-wolf","category-cybercrime","category-cybersecurity","category-device-code-phishing","category-federal-bureau-of-investigation-fbi","category-government","category-kali365","category-microsoft","category-microsoft-365","category-oauth","category-phishing","category-phishing-kit","category-proofpoint","category-research","category-threats","tag-access-tokens","tag-arctic-wolf","tag-cybercrime","tag-cybersecurity","tag-device-code-phishing","tag-federal-bureau-of-investigation-fbi","tag-government","tag-kali365","tag-microsoft","tag-microsoft-365","tag-oauth","tag-phishing","tag-phishing-kit","tag-proofpoint","tag-research","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/access-tokens\/\" rel=\"category tag\">access tokens<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/arctic-wolf\/\" rel=\"category tag\">Arctic Wolf<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/device-code-phishing\/\" rel=\"category tag\">device-code phishing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/kali365\/\" rel=\"category tag\">Kali365<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-365\/\" rel=\"category tag\">Microsoft 365<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/oauth\/\" rel=\"category tag\">OAuth<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/phishing\/\" rel=\"category tag\">phishing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/phishing-kit\/\" rel=\"category tag\">phishing kit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/proofpoint\/\" rel=\"category tag\">Proofpoint<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8678"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8678\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8678,"date":"2026-05-22T15:41:20","date_gmt":"2026-05-22T20:41:20","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=89151"},"modified":"2026-05-22T15:41:20","modified_gmt":"2026-05-22T20:41:20","slug":"fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/05\/22\/fbi-warns-about-fast-growing-phishing-kit-targeting-microsoft-365-users\/","title":{"rendered":"FBI warns about fast-growing phishing kit targeting Microsoft 365 users"},"content":{"rendered":"