Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets

Check Point Research identified CVE-2026-3502, a zero-day in TrueConf's updater validation abused in a targeted campaign called 'TrueChaos' to push malicious updates and deploy Havoc implants to multiple government entities in Southeast Asia; the report includes technical root cause, the attack chain (malicious installer, DLL side-loading, UAC bypass), IOCs, hunting guidance, and a vendor patch in TrueConf 8.5.3.