Microsoft Office for Mac users are being warned that malicious SYLK files are sneaking past endpoint defenses even when the disable all macros without notification is turned on. This leaves systems vulnerable to a remote, unauthenticated attackers who can execute arbitrary code. The warning comes from United States Computer Emergency Readiness Team (US-CERT), which said that symbolic link (SYLK) files can contain dangerous Excel macros. The bug has been confirmed in fully patched Office 2016 and Office 2019 for Mac systems.
Source: https://threatpost.com/office-for-mac-malicious-sylk-files/149823/