Tommy M (TheAnalyst) on Twitter: "I have observed a recent uptick in html attachments abusing "Right-to-Left override" Unicode in the file name, for example the recent Oauth #phishing consent campaign. This is a good detection opportunity that MDO seems to miss, so please check your environment. Regex "\u202E" https://t.co/TfFBpcSghv" / Twitter
https://twitter.com/ffforward/status/1486743442801704974