Avanan, a cloud-security firm, tested a flaw called baseStriker against Office 365, Office 365 with ATP and Safelinks, Office 365 with Proofpoint MTA, Office 365 with Mimecast MTA and Gmail. They discovered that only Office 365 with Mimecast and Gmail are protected and that all other configurations are vulnerable. BaseStriker is being used for phisihing attacks and is able to infiltrate Office 365 by splitting and hiding a malicious link using a <base> URL tag. There is currently no fix for this exploit. Users are encouraged to ensure 2FA is implemented and to practice safe computing habits by not opening links from senders they do not recognize.