The Kali365 Phishing-as-a-Service (PhaaS) campaign is rapidly evolving beyond its initial scope, expanding its attack surface to target Okta, Xerox DocuShare, and users of Russia’s state-backed MAX Messenger. Originally documented as a toolkit designed to abuse Microsoft’s OAuth 2.0 device authorization flow to steal Entra ID tokens, Kali365 has matured into a multi-brand operation. By […]
The post Kali365 Phishing-as-a-Service Campaign Broadens Attacks to Okta and MAX Messenger Users appeared first on Cyber Security News.