Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins.