ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cloud

DEBULL uses Microsoft device code flow phishing to seize M365 accounts

Source headline: DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

Threat level High
Signal strength 72/100
Source confidence 1 source
Published 1 week ago

Intelligence Summary

ZeroBEC reports a Microsoft 365 device code phishing campaign active from late June 2026 into early July. The lures focus on Microsoft collaboration themes to persuade users to start an authentication flow. Instead of a fake password page, the campaign pushes victims into the legitimate Microsoft device login experience. Once approved, attackers can gain access to affected M365 accounts. Organizations should watch for abnormal device-login approvals and tighten MFA and conditional access policies.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#microsoft #account-takeover #phishing #device-code-flow #m365
Original reporting The Hacker News DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
Open original source