CERT Polska is observing a malicious email campaign conducted by the UNC1151 group against Polish entities, exploiting a vulnerability in the Roundcube software.