Key Findings CISA added CVE-2026-3502, a flaw in TrueConf Client, to its Known Exploited Vulnerabilities catalog on April 2, 2026 The vulnerability has a CVSS score of 7.8 and allows attackers to download and install malicious updates without integrity verification Threat actors are actively exploiting this flaw by compromising TrueConf servers and replacing legitimate update files with malicious payloads Check Point researchers attributed a wave of attacks called Operation T
