Feed aggregator

When the Federal Bureau of Investigation (FBI) publishes a dedicated public service announcement about a new phishing kit, it’s worth paying attention to.

The agency is now warning about “Kali365,” a phishing‑as‑a‑service (PhaaS) platform that helps even low‑skilled attackers hijack Microsoft 365 accounts by stealing access tokens instead of passwords.

Although early reporting focuses on attacks against organizations, the underlying technique works just as easily against individual Microsoft 365 users who are tricked into entering a short code on a real Microsoft website. In other words, this is not just a business or IT department problem. It could affect anyone with an Outlook, OneDrive, or Microsoft 365 subscription.

For cybercriminals using the kit, it offers three clear advantages:

• It bypasses multi‑factor authentication (MFA) by stealing access tokens, so extra codes or apps no longer help once the token is compromised.
• Kali365 provides ongoing access. The attackers can keep using Outlook, Teams, and OneDrive without repeatedly logging in, as long as the stolen refresh token remains valid.
• Little technical skill needed. Cybercriminals can subscribe to Kali365 and immediately run token‑stealing campaigns at scale.

What does the attack look like?

Victims receive a phishing message that looks like it comes from a cloud service or collaboration tool, such as a document‑sharing notification or Teams invite. The message includes a short “device code” and instructions like: “Go to Microsoft’s verification page and enter this code to view the document.”

Scam or legit? Scam Guard knows.

TRY IT NOW

Unlike many phishing emails, this one sends you to a real Microsoft URL used for device sign‑in flows. To the user, the page looks familiar and completely legitimate, which lowers suspicion.

Victims then see the standard Microsoft sign‑in and consent screens and may think they are simply completing a normal security check. They never see a fake page, never type their password into a suspicious form, and may even see their organization’s branding.

But what they don’t realize is that they have handed access to the attacker.

Once the victim approves the request, the attacker’s device receives OAuth access and refresh tokens tied to the victim’s Microsoft 365 account. These tokens are what Microsoft uses to “remember” that you have already logged in, and they can be reused to access Outlook, OneDrive, Teams, and other Microsoft services without entering a password again.

With valid refresh tokens, attackers can maintain long‑term access until the tokens are revoked or expire, often blending in with normal account activity.

That access can allow cybercriminals to:

• Read Outlook emails, including password reset messages
• Access files stored in OneDrive or SharePoint
• Send phishing emails to coworkers, customers, friends, or family from the victim’s account

How to protect yourself

Once in Outlook, attackers can not only read your messages but also send convincing new ones from your address, using your identity to compromise additional accounts and contacts.

Some tips to steer clear of this one:

• Never enter a code at a Microsoft login page just because an email or message tells you to. You should only do this when you initiated the sign‑in yourself on your own device.
• Slow down and read the prompts. Rushing through login approvals without reading them carefully can be costly.
• Be suspicious of unexpected document shares, Teams invites, or login requests, even if they use legitimate Microsoft pages.
• Review which devices are logged in under your account at https://account.microsoft.com/devices/. If you see unfamiliar devices or sign‑ins, remove them, change your Microsoft account password, and review your security settings.

Pro tip: Malwarebytes Scam Guard can help you figure out if a message is a scam.

Let’s face it, an incognito window can only do so much. 
 
Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft Protection monitors for all of it, alerts you fast, and comes with identity theft insurance. 

Catalin Dragomir previously pleaded guilty to selling access to an Oregon state government office’s network.

The post Romanian Hacker Sentenced to Prison in US for Selling Access to State Network appeared first on SecurityWeek.

Article URL: https://latitude37.org/

Comments URL: https://news.ycombinator.com/item?id=48292528

Points: 1

# Comments: 0

Article URL: https://github.com/iOfficeAI/AionUi

Comments URL: https://news.ycombinator.com/item?id=48292525

Points: 1

# Comments: 0

Article URL: https://stratechery.com/2026/the-spacex-ipo-and-data-centers-in-space/

Comments URL: https://news.ycombinator.com/item?id=48292516

Points: 1

# Comments: 0

Article URL: https://red.anthropic.com/2026/cvd/

Comments URL: https://news.ycombinator.com/item?id=48292478

Points: 1

# Comments: 0

Article URL: https://xcancel.com/nexta_tv/status/2059562755196068135

Comments URL: https://news.ycombinator.com/item?id=48292477

Points: 1

# Comments: 0

Article URL: https://techcrunch.com/2026/05/26/dutch-government-blocks-us-company-from-acquisition-citing-risk-to-public-interest/

Comments URL: https://news.ycombinator.com/item?id=48292469

Points: 1

# Comments: 0

Article URL: https://pdfaibuilder.ai

Comments URL: https://news.ycombinator.com/item?id=48292458

Points: 1

# Comments: 0

Article URL: https://sjg.io/writing/no-your-agent-skill-is-not-automation/

Comments URL: https://news.ycombinator.com/item?id=48292437

Points: 1

# Comments: 0

Edit: link seems to be broken - https://github.com/BeeZeeAgent/beezee

First I'd like to address the concerns that might naturally come up.

This repo is 3 days old, yet another LLM slop!

Yes, that's partly true. The reason behind it's age is that I ported it to its dedicated Github account. I had slight variations of the same SW in my personal repo since the end of February. I just wanted to be very clear about the fact that it's an LLM harness project. So I did a tabula rasa. Maybe the wrong decision, but we make mistakes. :) Originally I started to work on a form factor agnostic agent harness, but figured - we already have enough harnesses. So BeeZee's goal is to help manage multi-node, multi-harness, multi-human systems a bit easier. Yes it was 99% written by LLMs. I wrote the prompts, roughly 45% of the README and I handcrafted the logo. I promise the README has 0 (zero) emojis! I used Shadcn for the frontend. I still find it much better than Claude Badges with Dots (TM) and GPT Cards (TM).

Current features: - self host the local server and the cloud relay - access your local dev nodes' filesystems - discover Calude Code and Codex harness on your machines - spawn Codex/CC terminals sessions through a relay or start CC Remote Control sessions - resume sessions from both harnesses -> they have a shared memory in that sense - track high level token usage over time for all connected nodes -> it's one of the key development areas, Codex buggy ATM - visualise and manage installed MCP servers and CLI tools - upload files and folders to your remote dev machine -> it was kind of an emergent feature but I find it really handy! - has a paywalled managed relay under app.beezyai.net -> I'm poor so why not

Please if you find it useful or interesting star the repo, contribute, submit issues and enjoy!

Comments URL: https://news.ycombinator.com/item?id=48292431

Points: 1

# Comments: 0

Article URL: https://agi.cash/home

Comments URL: https://news.ycombinator.com/item?id=48292394

Points: 1

# Comments: 0

Article URL: https://pfandrade.me/blog/mac-assed-swiftui-app/

Comments URL: https://news.ycombinator.com/item?id=48292365

Points: 2

# Comments: 0

Developers are so opinionated that it's difficult to pin down one favourite tool !

Comments URL: https://news.ycombinator.com/item?id=48292350

Points: 1

# Comments: 1

Article URL: https://www.technologyreview.com/2026/05/26/1137865/its-time-to-address-the-looming-crisis-in-entry-level-work/

Comments URL: https://news.ycombinator.com/item?id=48292339

Points: 1

# Comments: 0

Article URL: https://github.com/suleman-dawood/reporecon

Comments URL: https://news.ycombinator.com/item?id=48292336

Points: 1

# Comments: 0

The new funding, led by BDC Capital’s StrongNorth Fund, will accelerate Lastwall’s North American expansion.

The post Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform appeared first on SecurityWeek.

Head to Prime Video for your next sci-fi binge.

Article URL: https://arstechnica.com/ai/2026/05/us-law-enforcement-warns-of-anti-tech-extremism-as-ai-hatred-grows/

Comments URL: https://news.ycombinator.com/item?id=48292334

Points: 3

# Comments: 1