BleepingComputer reported an interested POC attack against Teams using a variery of techniques including the malware, special GIFs, and the incoming web connector. It all sounds horrible, until you realize that a simple change to your tenant configuration can stop inbound attacks that originate from chat messages sent from unknown Teams tenants. It's worth considering...
https://practical365.com/stop-teams-gifshell-attack/
