Key Findings High-severity zero-day vulnerability CVE-2026-3502 (CVSS 7.8) in TrueConf video conferencing software exploited against Southeast Asian government networks in campaign dubbed TrueChaos Flaw allows attackers controlling on-premises TrueConf servers to distribute tampered updates and execute arbitrary code on all connected endpoints Patched in TrueConf Windows client version 8.5.3 released earlier this month Campaign attributed with moderate confidence to Chinese-n
