The Federal Bureau of Investigation (FBI) has issued a warning about a new phishing scam known as Kali365, which enables hackers to infiltrate Microsoft 365 accounts and circumvent multifactor authentication measures. This scam allows cybercriminals to gain access to users' emails, files, and services. By subscribing to the Kali365 platform, attackers can utilize AI-generated phishing emails and ready-made templates to easily execute their schemes. The scam typically starts with a phishing email that appears to originate from a trusted cloud service, containing a device code and instructions to visit a legitimate Microsoft verification page. When victims enter the code, they inadvertently grant hackers access to their accounts. This access allows hackers to steal login tokens, enabling continued access to Microsoft 365 services like Teams and Outlook without triggering multi-factor authentication checks. To combat these attacks, the FBI recommends that users limit or block device authentication codes and review security policies regarding their use. Those who suspect their accounts have been compromised are encouraged to report the incident to the FBI's Internet Crime Complaint Centre at IC3.gov.