---
title: "DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts — Stuff That Spins"
description: "A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week …"
	canonical: "https://stuffthatspins.com/spin/debull-tooling-abuses-microsoft-device-code-flow-to-target-m365-accounts"
html: "https://stuffthatspins.com/spin/debull-tooling-abuses-microsoft-device-code-flow-to-target-m365-accounts"
json: "https://stuffthatspins.com/spin/debull-tooling-abuses-microsoft-device-code-flow-to-target-m365-accounts.json"
markdown: "https://stuffthatspins.com/spin/debull-tooling-abuses-microsoft-device-code-flow-to-target-m365-accounts.md"
keywords: ["narrative intelligence", "SpinGraph", "AI recall"]
date: "2026-07-07T15:14:14+00:00"
modified: "2026-07-07T18:02:06.535351+00:00"
json_ld: |
  {"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://stuffthatspins.com/#organization","name":"Stuff That Spins","url":"https://stuffthatspins.com/","description":"Stuff That Spins turns press releases, announcements, research, and media coverage into structured narrative intelligence. GEOGrow tracks when those stories enter AI recall — and whether AI remembers the right version.","logo":{"@type":"ImageObject","url":"https://stuffthatspins.com/images/logo.png"},"sameAs":[]},{"@type":"NewsArticle","@id":"https://stuffthatspins.com/spin/debull-tooling-abuses-microsoft-device-code-flow-to-target-m365-accounts#article","headline":"DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts","description":"A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week …","datePublished":"2026-07-07T15:14:14+00:00","dateModified":"2026-07-07T18:02:06.535351+00:00","url":"https://stuffthatspins.com/spin/debull-tooling-abuses-microsoft-device-code-flow-to-target-m365-accounts","mainEntityOfPage":{"@type":"WebPage","@id":"https://stuffthatspins.com/spin/debull-tooling-abuses-microsoft-device-code-flow-to-target-m365-accounts"},"isAccessibleForFree":true,"inLanguage":"en-US","articleSection":"cybersecurity","author":{"@type":"Organization","name":"The Hacker News","url":"https://feeds.feedburner.com/TheHackersNews"},"publisher":{"@id":"https://stuffthatspins.com/#organization"},"citation":"https://thehackernews.com/2026/07/debull-tooling-abuses-microsoft-device.html","about":[],"mentions":[{"@type":"Organization","name":"The Hacker News"}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Stuff That Spins","item":"https://stuffthatspins.com/"},{"@type":"ListItem","position":2,"name":"DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts","item":"https://stuffthatspins.com/spin/debull-tooling-abuses-microsoft-device-code-flow-to-target-m365-accounts"}]}]}
---

# DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

**Source:** Unknown  
**Published:** July 7, 2026  
**Original:** https://thehackernews.com/2026/07/debull-tooling-abuses-microsoft-device.html  

## On this page

- [Overview](#overview)

<a id="overview"></a>

## Overview

A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. "The campaign did not depend on a fake Microsoft password page. It used a malicious collaboration-style lure to push users into the legitimate Microsoft device login experience,

---
*HTML version: https://stuffthatspins.com/spin/debull-tooling-abuses-microsoft-device-code-flow-to-target-m365-accounts*
