Security · 2h ago
Device-Code Phishing Campaign Targets Microsoft 365 via Collaboration Lures
A phishing campaign from late June to early July 2026 abused Microsoft's device-code flow to hijack M365 accounts, using collaboration-themed lures to trick users into legitimate Microsoft login pages. ZeroBEC researchers found the attack did not rely on fake password pages, instead pushing victims through the official device login experience. The campaign targeted multiple organizations, though the full scope remains under investigation.
Meridian48 take
The attack's clever use of Microsoft's own authentication flow underscores how even legitimate features can be weaponized, making detection harder for defenders.
Read the full reporting
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts →
The Hacker News
microsoft-365device-code-phishing