DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
- Posted on July 7, 2026
- By The Hacker News
- 1 Views
- 1 min read
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
Talos details ARToken, a PhaaS panel tied to EvilTokens that supports device code phishing, BEC workflows, SharePoint theft, and PRT persistence.