At the beginning of 2026, Check Point Research observed a series of targeted attacks against government entities in Southeast Asia carried out via a legitimate TrueConf software installed in the targets’ environment. The investigation led to the discovery of a zero-day vulnerability in the TrueConf client, tracked as CVE-2026-3502 with a CVSS score of 7.8. The flaw affects the application’s update...
The PowerISO software update incident serves as a reminder of the continuous threat posed by cyber attacks in the digital age. The use of unsigned, potentially malicious updates can lead to serious data breaches and the installation of harmful software like the Havoc implant. This incident underscores the importance of verifying software updates, maintaining robust security measures, and staying vigilant against cyber threats.
In this case, it is worth considering the broader implications of suc...