TrueConf update integrity flaw actively exploited (CVE-2026-3502)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2026-3502 is an actively exploited TrueConf update-integrity flaw that lets attackers replace legitimate updates with malicious executables and trigger arbitrary file execution on connected endpoints. The bug affects TrueConf 8.1.0 through 8.5.2 and was fixed in 8.5.3, making upgrade the immediate remediation path. Because compromised on-premises servers can push fake updates to all clients, the flaw turns the trusted update channel into a malware delivery path.
Related Happenings
PhantomCore TrueConf server targeting campaign in Russia
Campaign
First: 27.04.2026 14:54
Last: 27.04.2026 14:54
Sources 1
About this happening:
**PhantomCore** is running an **active campaign** against **TrueConf servers in Russia**, and successful intrusions can give attackers a foothold for deeper network access. The gr...
PhantomCore TrueConf server targeting campaign in Russia
CampaignAbout this happening: **PhantomCore** is running an **active campaign** against **TrueConf servers in Russia**, and successful intrusions can give attackers a foothold for deeper network access. The gr...
TrueConf Server exploit chain (multiple vulnerabilities)
Vulnerability
First: 27.04.2026 14:54
Last: 27.04.2026 14:54
Sources 1
About this happening:
**TrueConf Server** is exposed by a three-flaw exploit chain that enabled **unauthenticated admin access**, **arbitrary file read**, and **remote command execution** on susceptibl...
TrueConf Server exploit chain (multiple vulnerabilities)
VulnerabilityAbout this happening: **TrueConf Server** is exposed by a three-flaw exploit chain that enabled **unauthenticated admin access**, **arbitrary file read**, and **remote command execution** on susceptibl...
TrueChaos TrueConf CVE-2026-3502 campaign targeting Southeast Asian government entities
Campaign
First: 02.04.2026 00:35
Last: 02.04.2026 00:35
Sources 1
How related:
CheckPoint researchers have been tracking a campaign they track as TrueChaos that, since the beginning of the year, has exploited CVE-2026-3502 in zero-day attacks targeting government entities in Southeast Asia.
About this happening:
The **TrueChaos** campaign has been exploiting **CVE-2026-3502** in **TrueConf** zero-day attacks against **government entities in Southeast Asia**, turning compromised servers in...
TrueChaos TrueConf CVE-2026-3502 campaign targeting Southeast Asian government entities
CampaignHow related: CheckPoint researchers have been tracking a campaign they track as TrueChaos that, since the beginning of the year, has exploited CVE-2026-3502 in zero-day attacks targeting government entities in Southeast Asia.
About this happening: The **TrueChaos** campaign has been exploiting **CVE-2026-3502** in **TrueConf** zero-day attacks against **government entities in Southeast Asia**, turning compromised servers in...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector Action
First: 17.03.2026 07:23
Last: 17.03.2026 07:23
Sources 1
About this happening:
CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector ActionAbout this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/Mitigation
First: 20.02.2026 19:02
Last: 20.02.2026 19:02
Sources 1
About this happening:
CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/MitigationAbout this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
Timeline
-
02.04.2026 00:35 2 articles · 1mo ago
CheckPoint discloses active exploitation of TrueConf CVE-2026-3502
Initial DisclosureCheckPoint disclosed that CVE-2026-3502, a medium-severity TrueConf update-integrity flaw affecting versions 8.1.0 through 8.5.2, was being used in zero-day attacks against government entities in Southeast Asia. The flaw lets an attacker controlling an on-premises TrueConf server replace a legitimate update with a malicious executable and deliver it to connected clients, with reported signs of compromise including IoCs and network traffic pointing to Havoc C2 infrastructure; TrueConf 8.5.3 was released in March 2026 as the fix.
Show sources
- Hackers exploit TrueConf zero-day to push malicious software updates — www.bleepingcomputer.com — 02.04.2026 00:35
- Hackers exploit TrueConf zero-day to push malicious software updates — www.bleepingcomputer.com — 02.04.2026 00:35