CyberArk researchers published details on how Microsoft Teams loads images and how the authentication works to deliver this type of message. The method could have been used for the desktop and web versions of Teams to get access to multiple accounts at once and steal conversations and threads. Microsoft has taken action against this threat after being alerted through its vulnerability disclosure program. Researchers say that this attack could spread automatically in a worm-like fashion from one compromised account to others in the same organization. Microsoft received a report about the vulnerability and pushed mitigations to prevent the attack.
Source: https://www.bleepingcomputer.com/news/security/microsoft-teams-patched-against-image-based-account-takeover/