Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed May 19, 2026 | 12:05 UTC
4110 CVEs This Month
6 Actively Exploited
2 Ransomware Activity
18 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Threat Intelligence

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

Thirumala Rao Padilam Thirumala Rao Padilam April 27, 2026
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

Positive Technologies has reported that the pro-Ukrainian hacktivist group PhantomCore has been exploiting a chain of three vulnerabilities in TrueConf video conferencing servers to compromise Russian networks. The attacks have been active since September 2025 and enable remote command execution on vulnerable systems.

What happened

According to a report published by Positive Technologies, the PhantomCore group has targeted servers running TrueConf video conferencing software in Russia. The attackers have utilized an exploit chain comprising three separate vulnerabilities to remotely execute commands on compromised servers. The activity has been ongoing since September 2025. This coordinated exploitation allowed PhantomCore to gain control over affected systems through the vulnerabilities.

Why it matters

TrueConf is widely used for video conferencing, and vulnerabilities in such platforms pose significant risks, especially for critical infrastructure and organizations relying on secure communications. By exploiting multiple vulnerabilities in a chain, attackers can bypass protections and gain unauthorized access with higher privileges. This incident highlights the persistent threat posed by hacktivist groups seeking to leverage software flaws for espionage or disruption within targeted countries.

What security teams should do

Security teams running TrueConf servers, especially within the affected region, should review vendor advisories and ensure all patches addressing these three vulnerabilities are applied promptly. Monitoring for unusual activity or unauthorized remote commands is essential to detect any ongoing exploitation. Network administrators should also verify access controls and consider additional layers of inspection to identify exploitation attempts leveraging the reported vulnerabilities.

Key technical details

The PhantomCore group exploited a chain of three vulnerabilities in TrueConf video conferencing software to enable remote code execution on targeted servers. Although specific CVE identifiers are not detailed, the exploit chain allowed attackers to run commands on compromised systems remotely, indicating privilege escalation or bypass techniques within the vulnerabilities. This multi-stage exploitation method demonstrates a sophisticated attack aiming at persistent unauthorized access.

Affected organizations/products

The attacks have specifically targeted servers running TrueConf video conferencing software located in Russia since September 2025. No additional information about compromises outside this region or other affected products has been provided.

Source attribution

https://thehackernews.com/2026/04/phantomcore-exploits-trueconf.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!