From ehackingnews.com
Avanan’s Security Analysts have recently discovered a threat bypassing Microsoft 365 security, the attack uses .slk files to avoid detection.
The attack groups send emails containing .slk file as an attachment with macro (MSI exec script) to download and install the trojan. Although this attack is limited to Microsoft 365, bypassing both of its default security (EOP) and advanced security (ATP), it does put around 200 million-plus users in jeopardy.