April 3, 2026

TrueConf Zero-Day Vulnerability Exploited in Recent Asian Government Cyberattacks

Vaibhav April 3, 2026
TrueConf-Zero-Day-Vulnerability-Exploited-in-Recent-Asian-Government-Cyberattacks
Post Views: 8

Chinese Hackers Exploit TrueConf Zero-Day Vulnerability in Asian Government Attacks

Chinese hackers have exploited a zero-day vulnerability in the TrueConf video conferencing software to carry out attacks against government entities in Asia.

According to the advisory from the security researcher who discovered the vulnerability, “the vulnerability, designated as CVE-2026-3502, carries a CVSS score of 7.8 due to its potential impact.”

The flaw exists in the application’s failure to verify updates before applying them, allowing an attacker to execute malicious code by tampering with the update code.

TrueConf Software Overview

  • Its architecture enables users to host servers on-premises within a private local network, without requiring access to the internet.
  • This setup ensures that all audio, video, and chat traffic remains confined to the site, providing essential autonomy and privacy.

Update Process Vulnerability

The TrueConf client’s update process relies on the on-premises server to fetch and install newer versions.

  • Unfortunately, the client does not perform the necessary integrity and authenticity checks before running the installer.
  • This oversight creates a vulnerability that can be exploited by attackers.

Attack Details

In the observed attack, dubbed “TrueChaos,” the hackers compromised the on-premises TrueConf server operated by the governmental IT department.

  • They replaced the update package with a malicious one and likely sent a link to the target to initiate the update flow.
  • The compromised server served as a video conferencing platform for dozens of government entities across the country, which were supplied with the same malicious update.
  • The modified update package included a malicious library and a legitimate executable abused for DLL sideloading to execute the library.

Sectoral Analysis

Security researchers believe that a Chinese threat actor was responsible for the intrusion.

  • The exploitation of the CVE-2026-3502 vulnerability did not require the attackers to compromise individual endpoints;
  • instead, they abused the trusted relationship between the central on-premises TrueConf server and its clients.

Patching and Recommendations

  • The United States Cybersecurity and Infrastructure Security Agency (CISA) added the bug to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch it by April 16.



About Author

Vaibhav

See author's posts

More Stories

Microsoft-s-Browser-Evolution-in-the-Age-of-Artificial-Intelligence

Microsoft’s Browser Evolution in the Age of Artificial Intelligence

Vaibhav March 27, 2026
Microsoft-Account-Sign-in-Issues-Fixed-with-KB5085516-Update

Microsoft Account Sign-in Issues Fixed with KB5085516 Update

Vaibhav March 23, 2026
Samba 4.24.0 Released with Enhanced Kerberos Security and Domain Encryption Fixes

Samba 4.24.0 Released with Enhanced Kerberos Security and Domain Encryption Fixes

Vaibhav March 19, 2026

Latest Cyber Security News

Hims-Hers-Data-Breach-Exposes-Customer-Support-Information

Hims & Hers Data Breach Exposes Customer Support Information

Vaibhav April 3, 2026
How-AI-Revolutionizes-Web-Traffic-Forever

How AI Revolutionizes Web Traffic Forever

Vaibhav April 3, 2026
Artificial-Intelligence-Firm-Mercor-Hacked-4TB-of-Data-Stolen

Artificial Intelligence Firm Mercor Hacked, 4TB of Data Stolen

Vaibhav April 3, 2026
Artificial-Intelligence-Security-Conference-2026

Artificial Intelligence Security Conference 2026

Vaibhav April 3, 2026
Understanding-the-Evolution-and-Impact-of-Modern-Ransomware-Attacks

Understanding the Evolution and Impact of Modern Ransomware Attacks

Vaibhav April 3, 2026
en_USEnglish
en_USEnglish