TrueConf Server exploit chain (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
TrueConf Server is exposed by a three-flaw exploit chain that enabled unauthenticated admin access, arbitrary file read, and remote command execution on susceptible systems. The chain combines BDU:2025-10114, BDU:2025-10115, and BDU-2025-10116, creating network access risk for Russian organizations. TrueConf released fixes on August 27, 2025, but attacks using the chain were detected in mid-September 2025. Successful exploitation could let an attacker bypass authentication and move into the internal network.
Related Happenings
PhantomCore TrueConf server targeting campaign in Russia
Campaign
First: 27.04.2026 14:54
Last: 27.04.2026 14:54
Sources 1
How related:
A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025.
About this happening:
**PhantomCore** is running an **active campaign** against **TrueConf servers in Russia**, and successful intrusions can give attackers a foothold for deeper network access. The gr...
PhantomCore TrueConf server targeting campaign in Russia
CampaignHow related: A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025.
About this happening: **PhantomCore** is running an **active campaign** against **TrueConf servers in Russia**, and successful intrusions can give attackers a foothold for deeper network access. The gr...
Drift Protocol hit by cyberattack
Incident
First: 02.04.2026 22:03
Last: 02.04.2026 22:03
Sources 1
About this happening:
**Drift Protocol** disclosed a **security-council takeover** that drained **at least $280 million** and left its protocol functions essentially frozen. The attacker used **durable...
Drift Protocol hit by cyberattack
IncidentAbout this happening: **Drift Protocol** disclosed a **security-council takeover** that drained **at least $280 million** and left its protocol functions essentially frozen. The attacker used **durable...
Latest development: 06.04.2026 19:35
Elliptic and TRM Labs attributed the $280+ million theft from Drift Protocol to North Korean hackers, and Drift said its findings point with medium-high confidence to UNC4736 (AppleJeus/Labyrinth Chollima). The investigation also said the attackers spent at least six months building a functioning operational presence inside the Drift ecosystem, posing as a quantitative firm, meeting Drift contributors at crypto conferences in multiple countries, and continuing discussions over Telegram.
TrueChaos TrueConf CVE-2026-3502 campaign targeting Southeast Asian government entities
Campaign
First: 02.04.2026 00:35
Last: 02.04.2026 00:35
Sources 1
About this happening:
The **TrueChaos** campaign has been exploiting **CVE-2026-3502** in **TrueConf** zero-day attacks against **government entities in Southeast Asia**, turning compromised servers in...
TrueChaos TrueConf CVE-2026-3502 campaign targeting Southeast Asian government entities
CampaignAbout this happening: The **TrueChaos** campaign has been exploiting **CVE-2026-3502** in **TrueConf** zero-day attacks against **government entities in Southeast Asia**, turning compromised servers in...
TrueConf update integrity flaw actively exploited (CVE-2026-3502)
Vulnerability
First: 02.04.2026 00:35
Last: 02.04.2026 00:35
Sources 1
About this happening:
**CVE-2026-3502** is an **actively exploited TrueConf** update-integrity flaw that lets attackers replace legitimate updates with malicious executables and trigger **arbitrary fil...
TrueConf update integrity flaw actively exploited (CVE-2026-3502)
VulnerabilityAbout this happening: **CVE-2026-3502** is an **actively exploited TrueConf** update-integrity flaw that lets attackers replace legitimate updates with malicious executables and trigger **arbitrary fil...
Timeline
-
27.04.2026 14:54 2 articles · 1mo ago
TrueConf Server exploit chain (multiple vulnerabilities)
Initial Disclosure**TrueConf** shipped patches on **August 27, 2025**, but exploitation of **TrueConf Server** began appearing by **mid-September 2025**. The initial phase was a chained set of flaws that enabled **unauthenticated admin access**, **file disclosure**, and **remote command execution**.
Show sources
- PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks — thehackernews.com — 27.04.2026 14:54
- PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks — thehackernews.com — 27.04.2026 14:54