Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

TrueChaos TrueConf CVE-2026-3502 campaign targeting Southeast Asian government entities

Campaign
First reported
Last updated
Happening score
H score 49
1 unique sources, 1 articles

Summary

Hide ▲

The TrueChaos campaign has been exploiting CVE-2026-3502 in TrueConf zero-day attacks against government entities in Southeast Asia, turning compromised servers into a delivery point for malicious updates. The abuse of the server update mechanism can trigger arbitrary file execution on every connected endpoint, widening the blast radius beyond a single host. The activity has been underway since the beginning of the year, and a fix was released in TrueConf 8.5.3 after the flaw was reported.

Related Happenings

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

Open Happening

Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)

Vulnerability
First: 14.05.2026 10:06 Last: 14.05.2026 10:06 Sources 1

About this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...

Latest development: 14.05.2026 16:00

Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.

Open Happening

MetInfo CMS unauthenticated PHP code injection actively exploited remote code execution flaw (CVE-2026-29014)

Vulnerability
First: 05.05.2026 14:56 Last: 05.05.2026 14:56 Sources 1

About this happening: **CVE-2026-29014** in **MetInfo CMS** is **actively exploited**, putting **versions 7.9, 8.0, and 8.1** at risk of **remote code execution** and full server takeover. **MetInfo**...

Open Happening

CPanel & WHM authentication-bypass exploitation wave (CVE-2026-41940)

Exploitation Wave
First: 04.05.2026 11:25 Last: 04.05.2026 11:25 Sources 1

About this happening: Active exploitation of **CVE-2026-41940** is driving a **large cPanel & WHM compromise wave**, putting exposed servers at risk of administrative takeover. **More than 40,000 serve...

Open Happening

PhantomCore TrueConf server targeting campaign in Russia

Campaign
First: 27.04.2026 14:54 Last: 27.04.2026 14:54 Sources 1

About this happening: **PhantomCore** is running an **active campaign** against **TrueConf servers in Russia**, and successful intrusions can give attackers a foothold for deeper network access. The gr...

Open Happening

Timeline

  1. 02.04.2026 00:35 2 articles · 1mo ago

    TrueChaos campaign exploits CVE-2026-3502 in TrueConf

    Campaign Scope Update

    Check Point says the TrueChaos campaign has exploited CVE-2026-3502 in TrueConf zero-day attacks against government entities in Southeast Asia since the beginning of the year, abusing compromised on-premises TrueConf servers to replace legitimate updates with malicious executables that can execute arbitrary files on connected clients; the flaw affects TrueConf versions 8.1.0 through 8.5.2, and version 8.5.3 contains a fix released in March 2026.

    Show sources
    Open in new tab