DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

A

Admin User

Administrator of InfoSecCenter. Passionate about cybersecurity, information security, and technology.

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
Save

Security researchers have identified a sophisticated phishing campaign that bypasses traditional detection mechanisms by exploiting Microsoft's legitimate device code authentication flow. The DEBULL tooling campaign represents an evolution in attack methodology, leveraging the trust users place in Microsoft's authentication systems to compromise Microsoft 365 accounts without triggering typical security alerts.

The attack, observed between late June and early July 2026, was identified by researchers at ZeroBEC. Instead of relying on the conventional fake login pages that many security tools can detect, this campaign employs a more subtle approach using collaboration-themed lures to trick victims. Attackers send convincing messages prompting users to authenticate their Microsoft 365 accounts through the legitimate device login experience. Once users fall for the scheme, attackers gain unauthorized access to their accounts without raising the same red flags as

Share

Shares: 0
LinkedIn WhatsApp Pinterest Print

You might also like

Comments (0)

Leave a Comment

No comments yet. Be the first to comment!