a russian gru-attributed group, apt28, is reported weaponizing an older outlook zero-click flaw by sending malicious calendar reminders that force target machines to authenticate to attacker-controlled servers, leaking credential hashes from nato-linked targets. attribution is a claim made by researchers. the structural note is the continued operational use of a no-click vector against alliance targets.