Kali365 phishing kit bypasses MFA and steals Microsoft logins

When the Federal Bureau of Investigation FBI publishes a dedicated public service announcement about a new phishing kit, it’s worth paying attention to. The agency is now warning about “Kali365,” a phishing‑as‑a‑service PhaaS platform that helps even low‑skilled attackers hijack Microsoft 365...

CVE-2025-66289

Summary: CVE-2025-66289 affects OrangeHRM versions 5.0–5.7, where sessions are not invalidated when a user is disabled or a password changes, allowing active session cookies to remain valid indefinitely. This enables continued access to protected pages by disabled users or attackers using comprom...