https://www.bbc.com/news/technology-52415773

CyberArk researchers discovered a problem that meant viewing a Gif could let hackers compromise an account and steal data. Microsoft patched this security hole earlier this month. All a user had to do was view the Gif to allow an attacker to scrape data from their account. If left open, the flaw could have led to widespread data theft, ransomware attacks and corporate espionage, the team added.
========================
Microsoft Teams, like many workplace collaboration tools, has seen huge growth in the past month, due to coronavirus lockdown rules. This attack involves using a compromised subdomain to steal security tokens when a user loads an image – but the end user would just see the Gif sent to them, and nothing else.  There is no evidence it was ever exploited by cyber-criminals.