A high-severity bug (CVE-2026-3502) in the TrueConf video conferencing tool is being actively exploited, prompting CISA to order federal agencies to patch within two weeks. Check Point links the campaign, called TrueChaos, to Chinese actors using Havoc and ShadowPad who pushed weaponized updates through compromised on-premises TrueConf servers. #TrueConf #CVE-2026-3502
Keypoints
- CISA ordered federal agencies to patch CVE-2026-3502 by April 16.
- Check Point reported exploitation in a campaign named TrueChaos targeting Southeast Asian governments.
- Attackers abused TrueConfβs updater validation to distribute malicious updates from compromised on-premises servers.
- The campaign used the Havoc tool and showed indicators tied to Chinese actors, including ShadowPad use.
- TrueConf is widely deployed by government, military, and critical infrastructure, raising potential impact.
Read More: https://therecord.media/trueconf-cyberattack-cisa-hackers