A widespread phishing campaign is leveraging the Kali365 Live Phishing-as-a-Service (PhaaS) platform to execute device code phishing and AiTM attacks. By tricking users into authorizing legitimate Microsoft device login requests, threat actors steal OAuth access and refresh tokens, bypassing traditional credential-based defenses and MFA to gain persistent access to Microsoft 365 environments.