Microsoft Teams vulnerability could allow an attacker to take over an organization’s accounts through the use of a weaponized GIF image. Researchers at the security firm CyberArk say they discovered the flaw earlier this year and informed Microsoft of the vulnerability on March 23. An exploit could lead to a chain of events where an attacker starts by taking over a subdomain in Teams and then uses a GIF image that can scrape data from the platform. An attacker would need to register the subdomain under teams.com and create a GIF, which would be built with a redirect.”]
Source: https://www.databreachtoday.com/microsoft-patches-teams-vulnerability-a-14195