"The flaw stems from the abuse of TrueConf's updater validation mechanism, allowing an attacker who controls the on-premises TrueConf server to distribute and execute arbitrary files across all connected endpoints."
"An attacker who manages to gain control of the on-premises TrueConf server can substitute the update package with a poisoned version, which then gets pulled by the client application installed on customers' endpoints."
"The TrueChaos campaign has been found to weaponize this flaw in the update mechanism to likely deploy the open-source Havoc command-and-control (C2) framework to vulnerable endpoints."
"The DLL implant ('7z-x64.dll') has also been observed performing hands-on-keyboard actions to conduct reconnaissance, set up persistence, and retrieve additional payloads ('iscsiexe.dll') from an FTP server."
The TrueConf client video conferencing software has a critical vulnerability (CVE-2026-3502) that allows attackers to distribute malicious updates. This flaw, with a CVSS score of 7.8, enables arbitrary code execution due to inadequate integrity checks. The TrueChaos campaign exploits this vulnerability to deploy the Havoc command-and-control framework on targeted government entities in Southeast Asia. The vulnerability has been patched in version 8.5.3 of the TrueConf Windows client, but attacks leveraging this flaw have been recorded since early 2026.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]