FBI warns of hacking campaign stealing Microsoft 365 accounts without passwords

The Federal Bureau of Investigation (FBI) recently issued a public warning about a dangerous new hacking platform that allows cybercriminals to hijack Microsoft 365 accounts, including Outlook email, Teams, and OneDrive cloud storage, without ever needing a password. The announcement posted by the agency raised alarm over a “Phishing-as-a-Service” toolkit called Kali365, explaining that the platform is specifically designed to bypass multi-factor authentication (MFA) – the standard security feature that text-messages or apps a code to prove a user’s identity.

How the ‘No-Password’ trap is working for hackers