This report details a sophisticated phishing-as-a-service (PhaaS) campaign leveraging OAuth device code abuse, a technique that exploits legitimate authentication flows to bypass traditional security measures. The strongest version of this narrative highlights the escalating sophistication of cybercriminal ecosystems, where tooling like Kali365 Live democratizes high-impact attacks by lowering technical barriers. The campaign’s use of legitimate Microsoft infrastructure for authentication lends ...