We recently uncovered what may be the largest security flaw in Office 365 since the service was created. Unlike similar attacks that could be learned and blocked, using this vulnerability hackers can completely bypass all of Microsoft’s security, including its advanced services – ATP, Safelinks, etc.
The name baseStriker refers to the method hackers use to take advantage of this vulnerability: splitting and disguising a malicious link using a tag called the <base> URL tag.
So far we have only seen hackers using this vulnerability to send phishing attacks, but but it is also capable of distributing ransomware, malware and other malicious content
More information here.