When Trusted Software Updates Become The Attack Vector: Inside Operation TrueChaos And A New Zero Day Vulnerability In A Popular Collaboration Tool
Check Point, Tuesday, March 31st, 2026
A zero day flaw in a trusted supply chain software turned a legitimate government collaboration tool into a malware delivery platform.
Zero day vulnerability discovered in the TrueConf client update mechanism (CVE20263502, CVSS 7.8)
In the wild exploitation observed against government entities in Southeast Asia
Malware delivery via legitimate software updates, requiring no phishing or additional initial compromise vectors
Havoc, a powerful post exploitation framework, used as the suspected final stage payload
Victimology, tooling, and infrastructure suggest ties to a Chinese-nexus threat actor (moderate confidence)
Check Point Research were discovered the use of this vulnerability in the wild and responsibly notified the vendor who released a fix; the fix is included in the TrueConf Windows client starting with version 8.5.3, which was released in March 2026. The current version of the desktop apps is 8.5.2.