CRITICALZero Day
Global

Hackers exploit TrueConf zero-day to push malicious software updates

Wednesday, April 1, 2026 at 09:35 PM UTC·Source: BleepingComputer

Updated: Thursday, April 2, 2026 at 04:49 PM UTC

Executive Summary

Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. [...]

Analysis

Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. [...]
Source Attribution

Originally published by BleepingComputer on Apr 1, 2026.

Related Threats

LOWZero Day

EvilTokens abuses Microsoft device code flow for account takeovers

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit “EvilTokens” that lets attackers capture authentication tokens by tricking users into completing a legitimate login process in Microsoft’s own environment. The activity, observed since at least mid-February, r

CSO Online
CRITICALZero Day

Cybersecurity in the age of instant software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand — a spreadsheet, for example — and delete it when you’re done using it than to buy one commercially. Future systems could include a

CSO Online
CRITICALZero Day

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

Developers can spend days using fuzzing tools to find security weaknesses in code. Alternatively, they can simply ask an LLM to do the job for them in seconds. The catch: LLMs are evolving so rapidly that this convenience might come with hidden dangers. The latest example is from researcher Hung Nguyen from AI red teaming company Calif, who, with simple prompts to Anthropic’s Claude Code, was able

CVE-2026-34714
CSO Online