The security step many of us trust most may not protect us the way we think. The FBI is warning about an emerging phishing-as-a-service platform called Kali365. It targets Microsoft 365 accounts, including Outlook, Teams and OneDrive.

That alone sounds bad. The scarier part is how it works. This scam can get into your account without stealing your password. Even with multifactor authentication turned on, one wrong device-code approval could give a criminal access.

Here’s how the scam works, why it can slip past MFA and what you can do to protect your Microsoft account.

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

NEW FBI WARNING REVEALS PHISHING ATTACKS HITTING PRIVATE CHATS

How Kali365 tricks Microsoft users

Kali365 is a phishing-as-a-service platform. In other words, crooks can subscribe to it and use ready-made tools to attack Microsoft 365 accounts. The FBI says Kali365 was first seen in April 2026 and has mainly spread through Telegram. The platform gives attackers access to AI-generated phishing messages, automated campaign templates, tracking dashboards and tools that capture OAuth tokens. That last part is the key.

OAuth tokens are digital access keys. They can let an app stay connected to your Microsoft account without asking for your password every time. They are useful when the right app uses them. They are dangerous when a scammer steals them.

Why this scam can beat MFA

Most phishing scams try to steal your password. Kali365 takes a different route. The attack abuses Microsoft’s device code login process. You may have seen something similar when signing into a streaming app on a smart TV. A screen shows a short code. Then you enter that code on another device to approve the sign-in.

That process is legitimate. The scam begins when a criminal starts the sign-in from their own device and tricks you into approving it. You may see a phishing email that looks like it came from a trusted cloud service or document-sharing tool. The message includes a code and tells you to visit a real Microsoft verification page.

That real Microsoft page is what makes this so sneaky. The web address can look right. Your password manager may not object. The page may feel safe. But once the code gets entered, you may unknowingly authorize the attacker’s device. From there, the attacker can capture access and refresh tokens. That can open the door to Outlook, Teams and OneDrive without your password or another MFA prompt.

QR CODE EMAIL SCAM TARGETS EMPLOYEE REVIEWS

Why this should worry small businesses too

A scam like this can hit anyone with Microsoft 365 access. Still, small businesses should pay close attention. Think about what sits inside a typical work account. Email threads. Invoices. Shared files. Employee chats. Vendor contacts. Customer details. Calendar invites. One compromised account can give a criminal a very believable voice.

A scammer who gets into Outlook can study how you write. They can send messages from your real account. They can ask coworkers to pay fake invoices, share files or reset passwords. That to me is scary because the scam may not look like a scam anymore. It may come from someone you know.

How the attack unfolds

The FBI describes the scheme in a clear sequence. First, the victim gets a phishing email that pretends to come from a trusted productivity or file-sharing service. Next, the email provides a device code and tells the victim to enter it on a legitimate Microsoft verification page.

Then, the victim enters the code and unknowingly approves the attacker’s device. After that, the attacker captures OAuth access and refresh tokens. Finally, the attacker can access Microsoft 365 services such as Outlook, Teams and OneDrive without needing the victim’s password.

Red flags to watch for

The biggest warning sign is an unexpected request to enter a Microsoft device code. Be suspicious if an email tells you to enter a code for a file, voicemail, invoice or shared document you did not request.

Also, watch for urgency. Scammers love messages that push you to act fast. They may claim a document will expire, a voicemail is waiting, or an account needs verification.

Another clue is context. If you were not trying to sign in to a device, do not enter a device code. That one habit can stop this scam before it starts.

What Microsoft says about the Kali365 phishing warning

In response to CyberGuy, Microsoft said customers should follow the FBI’s recommendations as well as Microsoft’s published best practices to protect against Kali365 and similar scams.

The company also said it works to disrupt cybercriminal ecosystems tied to phishing-as-a-service and account takeover activity. Microsoft pointed to recent Digital Crimes Unit actions involving Fake ONNX, RaccoonO365 and Tycoon 2FA as examples of those broader efforts.

How to protect your Microsoft 365 account from Kali365

A few smart habits can help you spot fake device-code requests, reduce your exposure and follow the FBI’s guidance for limiting this type of attack.

1) Never enter a device code you did not request

Only enter a Microsoft device code when you personally started the sign-in. If the code arrives through an email, Teams message or random document link, stop.

2) Go directly to Microsoft

Do not use links inside surprise messages. Open your browser and go directly to Microsoft or your company’s Microsoft 365 portal.

3) Check your account activity

Review recent sign-ins, connected devices and active sessions. If you see a location, device or app you do not recognize, take action right away.

4) Revoke suspicious sessions

If you think you entered a code by mistake, sign out of all sessions and revoke suspicious app access. Then change your password and contact your IT team.

5) Keep MFA turned on

Do not turn off multifactor authentication because of this scam. MFA still blocks many account attacks. This threat shows why you also need to be careful with approval prompts and device codes.

6) Use strong security software

Using strong antivirus software can help detect phishing pages, malicious links and suspicious downloads before they cause damage. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

7) Use a data removal service

Scammers often build convincing phishing messages with personal details found online. A data removal service can help reduce the amount of your information available on people-search sites and data broker databases. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

8) Train your team on device-code scams

Employees may know not to type passwords into strange pages. Many have never been warned about device codes. Make this specific scam part of your security training.

9) Restrict device code flow if your business does not need it

The FBI says restricting device code flow can help prevent or limit this style of attack. IT teams should create a conditional access policy to block device code flow for all users, with limited exceptions for required business processes.

10) Audit device code usage first

Before blocking device code flow, the FBI recommends auditing current usage to identify legitimate business needs. That can help prevent disruptions for employees or systems that rely on this sign-in method.

11) Block authentication transfer policies

The FBI also recommends blocking authentication transfer policies. This can help prevent users from transferring authentication from computers to mobile devices.

12) Protect emergency access accounts

If your organization cannot fully restrict device code flow, the FBI recommends excluding emergency access accounts to prevent lockouts. That step should be handled carefully by your IT or security team.

13) Report the attack

If you were targeted or compromised, report it to the FBI’s Internet Crime Complaint Center at IC3.gov. Include phishing emails, email headers, suspicious login times, IP addresses, locations, unauthorized devices and active sessions.

What to do if you have already entered a code

Move quickly.

• Sign out of Microsoft 365 on all devices.
• Change your password.
• Check your recovery email and phone number.
• Review forwarding rules in Outlook.
• Look for strange inbox rules that hide, delete or redirect emails.
• Then review OneDrive files, Teams messages and recent account activity.
• If this is a work account, tell your IT team immediately. Do not wait to see what happens. Stolen tokens can give attackers continued access until they are revoked.

Kurt’s key takeaways

This is the kind of scam that can fool smart people because it uses a real Microsoft sign-in page to pull off something criminal. That is what makes Kali365 so dangerous. It can turn a trusted security step into a trap, especially when the code did not come from a signed-in user. The big takeaway here is to slow down before entering any Microsoft device code. If a code shows up through an unexpected email, text or Teams message, stop and go directly to the account instead. Do not approve a sign-in unless it was started on purpose. A few extra seconds of caution can help keep criminals out of Outlook, Teams, OneDrive and everything connected to them.

Have you ever received a Microsoft code or login prompt you did not request, and did it look convincing enough to make you pause? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.

Apple has started charging more for some of its products, and AI is one of the big reasons why. The increases apply to select iPads and MacBooks, along with HomePod speakers and Apple TV devices. Apple’s own store pages now show higher prices on several models than earlier launch materials listed. The iPhone was not included in this round, but analysts warn that may not last.

Apple says it can no longer fully shield customers from soaring memory and storage chip costs tied to AI data center demand. The pressure comes from what some in the tech industry are calling RAMageddon. AI data centers need huge amounts of DRAM and high-bandwidth memory to train and run advanced models. Those are the same basic chip categories that help power phones, laptops, tablets, game consoles and other devices sitting in your home right now.

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

APPLE TAPS GOOGLE GEMINI TO POWER APPLE INTELLIGENCE

Why AI is making memory chips harder to get

AI gets a lot of attention for chatbots, image tools and smart assistants. Behind the scenes, though, it runs on massive hardware systems. Those systems need powerful processors. They also need a lot of memory. That is where the pressure builds. High-bandwidth memory, often called HBM, helps AI chips move huge amounts of data quickly. Data centers want more of it, and chipmakers are chasing that demand because AI hardware can bring in big money.

At the same time, everyday tech still needs regular DRAM and NAND storage. Phones use memory to keep apps running smoothly. Macs need it for multitasking. Apple’s iPad, Apple Watch and Vision Pro rely on memory and storage too. In other words, AI companies and consumer gadget makers are now competing for parts from the same broader supply chain. When supply gets tight, prices usually move one way.

Why Apple feels the squeeze

Apple has enormous buying power. That usually helps the company secure parts at better prices. But even Apple has limits when an entire market tightens.

Tim Cook, Apple’s outgoing CEO, had warned that memory costs would increasingly affect Apple after the June quarter. Now, Apple says it has reached the point where it needs to begin passing some of those costs to customers.

That is important because hardware margins are a huge part of Apple’s business. A higher memory bill can eat into profits fast, especially on premium devices that ship in massive numbers.

The iPhone escaped this round, but analysts expect Apple may raise iPhone prices in the coming months. Apple could still handle the iPhone differently by raising only Pro model prices, adjusting storage tiers, leaning on carrier promotions or pushing trade-in offers harder to soften the blow.

INSIDE APPLE MAC WEEK: NEW POWER, SMARTER AI, BOLD INNOVATIONS

Apple has another AI problem too

This memory crunch comes at a tricky time for Apple. The company has been under pressure to show that its AI strategy can keep up with rivals. Earlier this year, Apple agreed to a $250 million settlement tied to claims that it overstated or delayed certain AI features connected to Siri and Apple Intelligence. Apple denied wrongdoing, but the case added to the pressure around its AI rollout.

Then, at WWDC 2026, Apple showed off a major Siri overhaul and the next generation of Apple Intelligence. Those features could make Apple devices more useful, especially if Siri becomes better at understanding personal context, what is on your screen and what you are trying to do. But there is a catch. More on-device AI can also raise hardware demands over time. If future Apple features need more memory, more storage or more powerful chips, the premium models may become even more expensive. That puts Apple in a tough spot. It needs to prove its AI features are worth the wait. At the same time, the parts needed to support that AI push are getting more expensive.

Which Apple products got more expensive?

The current price increases apply to select iPads and MacBooks, along with HomePod speakers and Apple TV devices. 

The MacBook Neo’s starting price moved from $599 to $699, months after launch.  The MacBook Air with 512GB of storage rose to $1,299 from $1,099. The 14-inch MacBook Pro with 1TB of storage rose to $1,999 from $1,699. The iPad Air with 128GB of storage rose to $749 from $599.

The price increases also hit Apple’s home devices. The HomePod mini rose to $129 from $99, while HomePod rose to $349 from $299. Apple TV rose to $199 from $129.

The iPhone is still the big product to watch because it sells in huge numbers. If Apple raises iPhone prices next, you would feel that faster than a change to a smaller product line. The Pro models may be especially vulnerable because they tend to carry more advanced chips, more memory and higher storage options.

10 THINGS I WISH I KNEW BEFORE BUYING REFURBISHED ELECTRONICS

What you can do before more Apple prices rise

Here is where things get useful. You cannot control the memory chip market. But you can make a smarter buying decision before paying more than you expected.

1) Check whether you really need a new device now

Start with your current device. If the only problem is battery life, a battery replacement may buy you more time for far less than a new iPhone or Mac. That is especially true if your device still runs the latest software and handles your daily routine well.

On an iPhone, go to Settings > Battery > Battery Health & Charging. If the battery health has dropped a lot, compare the cost of service with the cost of replacing the phone. You can also check out our guide on whether you should replace your phone battery or buy a new phone.

2) Look at your storage before you overbuy

Do not guess how much storage you need. Check it first.

On iPhone or iPad, go to Settings > General > iPhone Storage or iPad Storage. You will see which apps, photos, videos and messages are taking up space.

On Mac, click the Apple menu > System Settings > General > Storage.

Storage controls how much you can keep on your device. Memory helps your device handle apps and tasks while you use it. Both can affect the price, but they are different things.  Before paying for a bigger storage tier, try clearing space first. Delete large message attachments, remove old downloads, offload apps you rarely use and move photos or videos you want to keep onto cloud storage or an external drive.

If you are only using half your storage after years with a device, you may not need to pay for the largest storage tier next time. On the other hand, buying too little storage can become expensive too, especially if your phone is always full.

For more step-by-step help, check out our guides on how to free up iPhone storage, how to clean up your phone and how to transfer photos from your phone to a hard drive.

3) Check your Mac’s memory needs before you upgrade

If you are buying a Mac, storage is only part of the decision. Apple’s newer Macs use unified memory, and you usually cannot upgrade it later. That means the amount you choose at checkout can affect how long the computer feels fast.

On Mac, open Activity Monitor by going to Finder > Applications > Utilities > Activity Monitor. Then click the Memory tab. Look at Memory Pressure.

If it stays green during your normal workday, your current memory setup may be enough. If it often turns yellow or red while you edit video, keep lots of browser tabs open or use demanding apps, more memory may be worth paying for upfront.

4) Watch current prices before the fall launches

If you already planned to buy an iPhone, iPad or Mac this year, track current pricing now. Look at Apple, carriers, major retailers and warehouse clubs. Save the current price so you can compare it later. That helps you spot a real deal versus a marketing discount that only looks good. It also helps you see whether a product has already jumped in price before you buy.

5) Look for discounts before paying full price

Before you buy directly from Apple, check whether you qualify for education pricing, employer discounts, carrier offers or warehouse club deals. Some discounts are straightforward. Others come with strings attached, especially carrier promotions. Look at the full monthly cost, not just the upfront device price.

6) Consider Apple Certified Refurbished

Apple’s Certified Refurbished store can be worth checking before paying full price. These devices go through Apple’s testing process and include a one-year warranty. The selection changes, so it works best when you have some flexibility on color, storage or model. For many people, a refurbished Mac or iPad from Apple can be a smarter buy than stretching for the newest version at the highest price.  You can also check out our guides on the best ways to give your old iPhone a second life and how to know when it is time to replace your Mac.

7) Compare trade-in offers before you commit

Trade-in values can vary between Apple, carriers and retailers. Before you buy, check more than one offer. A carrier may give you a bigger credit, but it may require a specific plan or a long bill-credit period. That is where people get tripped up. A “free” phone may be tied to 24 or 36 months of service. Make sure the plan cost still makes sense.

8) Do not buy only because of AI

AI features can sound exciting during a product launch. But ask yourself what you will use every week. Better battery life, a stronger camera, more storage or a faster laptop may matter more to you than a new assistant feature.  Also, some AI features can arrive later through software updates. Others may require newer hardware. Before upgrading, check which features actually work on the device you are buying.

Watch the CyberGuy Live replay: Lock Down Your Phone in 30 Minutes

Your phone holds your email, passwords, photos, banking apps and personal data. In this free CyberGuy Live replay, Kurt the CyberGuy walks you step by step through simple phone security fixes you can do at your own pace. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Watch the replay and get our checklist here: CyberGuyLive.com

Kurt’s key takeaways

AI is no longer something happening only inside data centers. It is now affecting the price of devices you use every day. Apple has already started charging more for select iPads and Macs, along with HomePod speakers and Apple TV devices.

The iPhone escaped this round, but that may not last. Before buying anything new, check your current device first. A battery replacement, storage cleanup, trade-in offer or refurbished model may save you money. Also, do not pay extra for AI features unless you know you will actually use them.

Now that Apple prices are rising, does it make you want to pause from buying anything new and hold on to what you already have? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.