Attackers had opportunity to impersonate an organization’s customized Zoom URL link and send legitimate-looking invitations to victims; problem now fixed