A Russian advanced persistent threat (APT) group has been exploiting a vulnerability in Zimbra to target Ukrainian entities. The vulnerability, which arises from insufficient sanitization of CSS content within HTML emails, allows for inline script execution when the message is opened in a browser. This exploit enables the APT group to carry out malicious activities, posing a significant threat to Ukraine's security. The involvement of a state-aligned actor like Russia changes the threat model, making it a geopolitical issue rather than just a criminal one1. This shift requires a different approach to mitigating the threat, as the motivations and tactics of state-aligned actors can be distinct from those of traditional cybercriminals. The exploitation of this Zimbra vulnerability highlights the importance of prioritizing email security and implementing robust defenses against such threats, so what matters most to security practitioners is recognizing the elevated threat level posed by nation-state actors.