TrueConf is the only vendor in this period appearing as both a campaign target and a standalone CVE with CISA KEV status. CVE-2026-3502 (CVSS 8.1, CWE-494) describes a missing cryptographic integrity check in the TrueConf Windows client update mechanism; CISA’s KEV listing confirms active exploitation in the wild, making patching to version 8.5.3 non-negotiable. A parallel campaign item documents Chinese-nexus threat actors exploiting this same vulnerability to deliver trojanized updates across Southeast Asian government networks by compromising on-premises TrueConf servers and replacing legitimate update packages. Organizations running on-premises TrueConf deployments should immediately isolate TrueConf servers, suspend automatic client updates, patch to 8.5.3 via out-of-band delivery, and treat any endpoint that received an update from a pre-8.5.3 server as potentially compromised.