Dark Reading reports that Kali365 - the phishing-as-a-service platform the FBI flagged for fueling Microsoft 365 attacks in April - is expanding its reach. Rather than stealing passwords, Kali365 captures OAuth access and refresh tokens by tricking victims into completing attacker-initiated Microsoft device-login requests, granting immediate mailbox access. The service generates branded lures impersonating Adobe, DocuSign, and SharePoint in many languages and sells in tiers from $250 for 30 days to $2,000 annually. Its continued growth signals that OAuth device-code consent phishing remains a high-yield technique, and that defenders should prioritize blocking device-code flows for non-mobile platforms and enforcing phishing-resistant MFA across Microsoft 365 tenants.