A flaw in Microsoft 365’s anti-phishing feature allows attackers to hide the ‘First Contact Safety Tip’ warning in Outlook emails using CSS, increasing the risk of users falling for malicious emails.