[user5994461]

How would you even monetize that? This requires an existing employee access to be able to post a message to the company slack and hope other employees click it.

The vulnerability could do great to pown a company as long as you already have a compromised user account in the company. That's not a wormable RCE, that's not zero click (I'm not saying it's not bad).

Is there a market for high touch highly targeted attacks, maybe, if you can enter in business with the NSA or a ransomware group, those few who can monetize this sort of things. Good luck.

[belltaco]

A lot of companies give external folks access to their Slack to communicate. Plus there are a lot of communities that use Slack among pseudo-anonymous users. For example Reddit employees including the CEO use Slack with several hundred community moderators. An RCE on their computers would be a huge deal.

[brendawalsh]

Twitter was vulnerable because of a social engineering attack via their Slack, so definitely possible to get access to post a message.