Check Point Research has uncovered a critical zero-day vulnerability in the TrueConf video conferencing software, tracked as CVE-2026-3502 (CVSS score 7.8). The flaw affects the application's updater validation mechanism, allowing an attacker with control over an on-premises server to distribute and execute arbitrary malicious files across all connected endpoints. This vulnerability was actively exploited in a campaign dubbed "Operation TrueChaos," primarily targeting government entities in Southeast Asia.
The investigation attributes the campaign with moderate confidence to a Chinese-nexus threat actor. The attackers used the trusted update channel to deliver weaponized packages, employing techniques such as DLL side-loading, UAC bypass through legitimate Windows binaries, and the Havoc post-exploitation framework. These findings highlight how routine updater mechanisms can be subverted into powerful malware distribution channels for strategic espionage operations.
Top comments (0)