I will do it tomorrow, no need to be stressed about this task today.

That’s true, but might not really be a problem for most. Just set the jail time to something short (few minutes, maybe an hour).

Funny when a zero day vulnerability keeps its status for 100+ days. Well done, Microsoft /s

The whole Microsoft 365 system seems to be quite vulnerable to phishing. Sometimes SSO works, sometimes you need a password, maybe 2FA, maybe not. Many microsoft notification emails come from external sources (with a big banner “this email comes from an external sender, be cautious”).

This makes it hard for our brains to spot the small differences that make a phishing campaign successful.