All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter
First reported by thehackernews.com
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

Microsoft 365 device code phishing campaign abuses legitimate login flow to target accounts

By

CybersecurityNews

2h ago· 1 min readenNews

Summary

A Microsoft 365 device code phishing campaign observed in late June and early July 2026 abused Microsoft's legitimate device login flow to trick victims into authorizing attacker sessions. The campaign used collaboration-themed lures and a compromised Croatian rental website. Security firms ZeroBEC and Cisco Talos linked the activity to reusable tooling and PhaaS (Phishing-as-a-Service) ecosystems including DEBULL, Storm-2372-style tradecraft, EvilTokens, ARToken, and Tycoon 2FA.

Source

bskyMicrosoft 365 device code phishing campaign abuses legitimate login flow to target accountshendryadrian.com

Key quotes

· 2 pulled
A Microsoft 365 device code phishing campaign observed in late June and early July 2026 used collaboration-themed lures and a compromised Croatian rental website to trick victims into authorizing attacker sessions through Microsoft's legitimate device login flow.
ZeroBEC and Cisco Talos linked the activity to reusable tooling and PhaaS ecosystems including DEBULL, Storm-2372-style tradecraft, EvilTokens, ARToken, and Tycoon 2FA.
Snippet from the RSS feed
A Microsoft 365 device code phishing campaign observed in late June and early July 2026 used collaboration-themed lures and a compromised Croatian rental website to trick victims into authorizing attacker sessions through Microsoft’s legiti...

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.