Summary
China-nexus attackers exploited a zero-day vulnerability (CVE-2026-3502) in TrueConf's update mechanism to deploy the Havoc C2 framework across Southeast Asian government networks. The flaw allows attackers who compromise an on-premises server to push malicious updates to all connected clients without verification.
Take Action:
If you use TrueConf for videoconferencing, update all Windows clients to version 8.5.3 immediately. Also check your systems for signs of compromise. Look for files like poweriso.exe or iscsiexe.dll in unexpected folders, and make sure any trueconf_windows_update.exe file has a valid digital signature before allowing it to run.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)