Eye Security conducted phishing simulations and tested Microsoft's Attack Simulator. They discovered a vulnerability where links in simulation emails pointed to unregistered domains, allowing potential exploitation. After reporting to Microsoft, the issue was confirmed and addressed multiple times, highlighting the importance of vigilant cybersecurity measures and quick response capabilities.