A zero-day vulnerability in the TrueConf client application, CVE-2026-3502, was exploited in a targeted campaign against government entities in Southeast Asia. The flaw allows attackers controlling an on-premises TrueConf server to distribute and execute arbitrary files across connected endpoints. The campaign, dubbed 'TrueChaos', abused the trusted update channel to deliver malware to multiple government agencies. The attack likely involved a Chinese-nexus threat actor and utilized the Havoc post-exploitation framework. The vulnerability stems from inadequate validation in the update process, enabling malicious updates to be distributed through a centrally managed server. TrueConf has since released a fix in version 8.5.3 of their Windows client.