Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within government networks in Southeast Asia, Check Point researchers discovered. Malicious client update attack chain (Source: Check Point) Trusted update mechanism turned into attack vector TrueConf is a videoconferencing platform designed to run on private local networks (LANs) without internet access, which makes it attractive to government departments, defense institutions, and critical infrastructure operators. Consequently, the solution is … More
The post TrueConf zero-day vulnerability turns its own update process into malware delivery channel appeared first on Help Net Security.
Read the original article: