Another scary post on Halloween. Scary that is, if you're not following security best practices. This bad actor group exposes a timing issue with O365 safe links. They create a certificate for a site, that looks ligament, and then exploit it as quickly as they can. For example: Securemail.contoso.com. Since the cert is valid and