TUESDAY, JULY 7, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 2h ago

Device-Code Phishing Campaign Targets Microsoft 365 via Collaboration Lures

By Meridian48 News Desk · Summarised from The Hacker News ·

A phishing campaign from late June to early July 2026 abused Microsoft's device-code flow to hijack M365 accounts, using collaboration-themed lures to trick users into legitimate Microsoft login pages. ZeroBEC researchers found the attack did not rely on fake password pages, instead pushing victims through the official device login experience. The campaign targeted multiple organizations, though the full scope remains under investigation.

Meridian48 take
The attack's clever use of Microsoft's own authentication flow underscores how even legitimate features can be weaponized, making detection harder for defenders.
Read the full reporting
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts →
The Hacker News
microsoft-365device-code-phishing
More security briefs
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan