Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints.

The flaw is tracked as CVE-2026-3502 and received a medium severity score. It stems from a missing integrity check in the software’s update mechanism, which can be used to replace the legitimate update with a malicious variant.

TrueConf is a video conferencing platform that can run as a self-hosted server. Although it also supports cloud deployments, it is generally designed for closed, offline environments.

According to the vendor, more than 100,000 organizations transitioned to TrueConf during the COVID-19 pandemic for remote online business activities. Among TrueConf users are military forces, government agencies, oil and gas corporations, and air traffic management companies.

CheckPoint researchers have been tracking a campaign they track as TrueChaos that, since the beginning of the year, has exploited CVE-2026-3502 in zero-day attacks targeting government entities in Southeast Asia.

“An attacker who gains control of the on-premises TrueConf server can replace the expected update package with an arbitrary executable, presented as the current application version, and distribute it to all connected clients,” CheckPoint says.

“Because the client trusts the server-provided update without proper validation, the malicious file can be delivered and executed under the guise of a legitimate TrueConf update.”

The flaw affects TrueConf versions 8.1.0 through 8.5.2, and following CheckPoint’s report to the vendor, a fix was released in version 8.5.3 in March 2026.

“TrueChaos” operation

CheckPoint has moderate confidence in attributing the TrueChaos activity to a Chinese-nexus threat actor, based on tactics, techniques, and procedures (TTPs), the use of Alibaba Cloud and Tencent for hosting the command and control (C2) infrastructure, and victimology.

The attacks spread through a centrally managed government TrueConf server, impacting multiple agencies, pushing malicious files via fake updates to all connected TrueConf clients.

The infection chain includes DLL sideloading and the deployment of reconnaissance tools (tasklist, tracert), privilege escalation (UAC bypass via iscicpl.exe), and the establishment of persistence.

The researchers were unable to recover the final payload, but noted that network traffic pointed to Havoc C2 infrastructure, making it highly likely that the Havoc implant was used.

Havoc is an open-source C2 framework capable of executing commands, managing processes, manipulating Windows tokens, executing shellcode, and deploying additional payloads on compromised systems.

It has previously been used by the Chinese threat cluster ‘Amaranth Dragon’ in attacks with a similar targeting scope.

CheckPoint’s report shares indicators of compromise (IoCs) as well as multiple infection signals. Strong signs of a breach include the presence of poweriso.exe or 7z-x64.dll, and suspicious artifacts like %AppData%\Roaming\Adobe\update.7z or iscsiexe.dll.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Get Your Copy Now

Decentralized finance company Drift says it has suspended withdrawals and deposits after confirming a security incident. 

The crypto platform said in a post on X that it was “experiencing an active attack,” and that it was working to “contain the incident.”

Security researchers and public blockchain data suggest the losses could be significant. Blockchain security firm CertiK said on X that hackers may have stolen around $136 million, while crypto analytics firm Arkham put the figure at around $285 million stolen.

If confirmed, this would make the Drift hack the largest crypto theft of the year, according to the Rekt leaderboard, a site that tracks crypto thefts by size.

It’s not clear who is behind the attack, and a spokesperson for Drift did not immediately respond to a request for comment.

Security firms say North Korea was behind the most crypto thefts last year, netting at least $2 billion in stolen cryptocurrency, funds the regime is believed to use to finance its nuclear weapons program and skirt international sanctions that restrict its access to the global financial system.

Apple has officially kicked off celebrations for its 50th birthday, and we’ve been following along the festivities through our live coverage.

We’ve covered some of the best Apple products the company has released in the last half century (and some of the misses, too) and we’ve even taken a deep dive into the products that didn’t quite make it also.

If you’ve also been following along and you’re also in a bit of a celebratory mood, then you can also join in on the fun by checking out these deals for a few of our favourite current-generation Apple products.

I’ve highlighted savings on Apple Watches and the AirPods Pro 3 — which now drop to their lowest price in Australia. These aren’t the only Apple deals live on Amazon right now, and if you’re totally enamoured with my picks, you can view the full selection at the Apple storefront on Amazon.

SpaceX has confidentially filed paperwork with the Securities and Exchange Commission to sell shares to the public, according to multiple sources familiar with the registration, setting the stage for what would be the largest initial public offering in history and almost certainly making Elon Musk the world’s first trillionaire. The offering, internally code-named Project Apex, could come as early as June and reportedly aims to raise as much as $75 billion at a valuation of up to $1.75 trillion. That would more than double Saudi Aramco’s $29 billion listing in 2019, the current record holder, and would value SpaceX at roughly 94 times its 2025 revenue.

Twenty-one banks have lined up to manage the deal, with Goldman Sachs, JPMorgan Chase, Morgan Stanley, Bank of America, and Citigroup in senior roles, according to CNBC. Musk, who owns approximately 42 per cent of SpaceX according to PitchBook, has a current net worth estimated by Forbes at $823 billion. At a $1.75 trillion valuation, his stake alone would be worth more than $730 billion, pushing his total wealth past the trillion-dollar mark and placing him further ahead of every other person alive than any individual in modern economic history.

The company filing for this listing, however, is no longer just a rocket business. In February, SpaceX absorbed Musk’s artificial intelligence company xAI in an all-stock transaction that valued the combined entity at $1.25 trillion. That deal, a merger that raised immediate questions about optics, governance, and valuation, folded a company reportedly burning roughly $1 billion a month into one generating substantial cash flow. SpaceX also brought Musk’s social media platform X, formerly Twitter, under the same corporate roof. The result is a conglomerate spanning orbital launches, satellite internet, defence contracts, artificial intelligence, and social media, all controlled by a single individual who is simultaneously the largest financial backer of the sitting president of the United States.

The financial engine behind the valuation is Starlink, the satellite internet service that has become the most commercially successful space venture in history. In 2025, Starlink generated $10.6 billion in revenue on 54 per cent EBITDA margins, accounting for roughly two-thirds of SpaceX’s total revenue of $16 billion. The subscriber base has grown from 10,000 beta users in 2021 to more than 10 million paying customers across 150 countries as of February 2026. The Federal Aviation Administration’s January 2026 approval for up to 44 annual Starship launches has provided the operational headroom investors needed to underwrite a public valuation at this scale.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The xAI component of the entity going public is, by contrast, a work in progress. Musk himself said in March that xAI was “not built right the first time around” and needed to be rebuilt from its foundations. Since the merger, all 11 of xAI’s original co-founders have departed the company, including researchers who had previously worked at Google DeepMind, Google Brain, and Microsoft Research. Jimmy Ba, who co-authored the Adam optimisation paper, one of the most cited in all of artificial intelligence, left in February. Critics have characterised the merger as a financial bailout that allows xAI’s mounting losses to be absorbed by Starlink’s cash flow ahead of the IPO, a framing Musk has rejected.

The conflicts of interest embedded in this offering are without precedent in American capital markets. In the past five years alone, SpaceX has won $6 billion in contracts from NASA, the Department of Defense, and other federal agencies, according to USAspending.gov. The company is NASA’s primary launch provider for crewed missions to the International Space Station and holds more than $4 billion in contracts for the Artemis lunar-landing programme. The Pentagon is reportedly preparing to award SpaceX a $2 billion contract to build a 600-satellite constellation for missile tracking as part of the Golden Dome missile-defence initiative, a programme Trump announced would cost $175 billion and begin initial operations within three years.

Musk was the largest individual donor to Trump’s 2024 presidential campaign and led the Department of Government Efficiency, or DOGE, a temporary body that unilaterally cancelled more than 10,000 federal contracts it deemed wasteful. Ethics observers noted that none of the cancellations affected Musk’s own companies. Among SpaceX’s current investors is Donald Trump Jr, the president’s eldest son, who holds shares through 1789 Capital, a venture firm that made him a partner shortly after his father won the presidency for a second time. That fund, which has crossed $1 billion in assets, has invested approximately $50 million in SpaceX and xAI and has backed at least four companies that subsequently received government contracts during the current administration. The White House has repeatedly denied any conflicts of interest between the presidency and the Trump family’s business activities.

The governance risks do not end at the political boundary. SpaceX under Musk has operated as a private company with minimal public disclosure for more than two decades. Going public will force it to file quarterly earnings, disclose executive compensation, open its books to auditors, and face shareholder lawsuits of the kind Tesla already contends with regularly. Tesla shareholders are currently suing Musk over the company’s $2 billion investment in xAI, arguing he directed shareholder capital into his own private venture. The SpaceX-xAI merger, in which both the buyer and seller were controlled by Musk, presents a similar structure of self-dealing that public-market investors and regulators already struggling with the pace of AI-era consolidation will scrutinise closely.

One unusual feature of the planned offering is the reported intention to allocate up to 30 per cent of shares to retail investors, roughly triple the typical 5 to 10 per cent. The move echoes Google’s unconventional 2004 IPO, which used a Dutch auction to broaden access, and appears designed to build a base of loyal individual shareholders who may be less inclined to challenge management. For a company whose founder has cultivated a large and vocal online following, the retail allocation could serve as both a democratisation of access and a governance insulation mechanism.

SpaceX’s listing would be the first of what could be a trio of mega-IPOs from the companies that defined the current era of AI and deep tech. OpenAI and Anthropic are both reportedly considering public offerings, though neither has filed. Together, the three listings would represent a concentration of market value in a handful of companies whose products, from orbital internet to frontier AI models, now intersect with national security, global communications, and the basic infrastructure of economic life.

The scale of what SpaceX is attempting is difficult to overstate. A $75 billion raise would exceed the gross domestic product of more than half the world’s countries. A $1.75 trillion valuation would make SpaceX more valuable at listing than every company in the S&P 500 except Apple, Microsoft, Nvidia, Amazon, and Alphabet. And at the centre of it all is a single individual who builds the rockets that carry American astronauts, runs the satellites that provide internet to war zones, leads an AI company he admits needs rebuilding, owns a social media platform that shapes political discourse, and has the mobile-phone number of the president.

Whether that concentration of power, capital, and government dependency can survive the scrutiny of public markets is the question Project Apex will ultimately answer. The defence-tech sector is already drawing record investment on the thesis that the next generation of military capability will be built by private companies rather than government labs. SpaceX is the largest and most consequential test of that thesis. If the IPO succeeds on the terms being discussed, it will not merely be the biggest stock offering in history. It will be a statement about the degree to which twenty-first-century governments have outsourced their most critical capabilities to the private sector, and about the price of getting them back.

from the the-internet’s-infrastructure-is-under-attack dept

Last month Walled Culture wrote about an important case at the Court of Justice of the European Union, (CJEU), the EU’s top court, that could determine how VPNs can be used in that region. Clarification in this area is particularly important because VPNs are currently under attack in various ways. For example, last year, the Danish government published draft legislation that many believed would make it illegal to use a VPN to access geoblocked streaming content or bypass restrictions on illegal websites. In the wake of a firestorm of criticism, Denmark’s Minister of Culture assured people that VPNs would not be banned. However, even though references to VPNs were removed from the text, the provisions are so broadly drafted that VPNs may well be affected anyway. Companies too are taking aim at VPNs. Leading the charge are those in France, which have been targeting VPN providers for over a year now. As TorrentFreak reported last February:

Canal+ and the football league LFP have requested court orders to compel NordVPN, ExpressVPN, ProtonVPN, and others to block access to pirate sites and services. The move follows similar orders obtained last year against DNS resolvers.

The VPN Trust Initiative (VTI) responded with a press release opposing what it called a “Misguided Legal Effort to Extend Website Blocking to VPNs”. It warned:

Such blocking can have sweeping consequences that might put the security and privacy of French citizens at risk.

Targeting VPNs opens the door to a dangerous censorship precedent, risking overreach into broader areas of content.

Indeed: if VPN blocks become an option, there will inevitably be more calls to use them for a wider range of material. The VTI also noted that some of its members are considering whether to abandon the French market completely. That could mean people start using less reliable VPN providers, some of which have dubious records when it comes to security and privacy. The incentive for VPNs to pull out of France is increasing. In August last year the Paris Judicial Court ordered top VPN service providers to block more sports streaming domains, and at the beginning of this year, yet more blocking orders were issued to VPNs operating in France. To its credit, one of the VPN providers affected, ProtonVPN, fought back. As reported here by TorrentFreak, the company tried multiple angles:

The VPN provider raised jurisdictional questions and also requested to see evidence that Canal+ owned all the rights at play. However, these concerns didn’t convince the court.

The same applies to Proton’s net neutrality defense, which argued that Article 333-10 of the French sports code, which is at the basis of all blocking orders, violates EU Open Internet Regulation. This defense was too vague, the court concluded, noting that Proton cited the regulation without specifying which provisions were actually breached.

ProtonVPN also argued that forcing a Swiss company to block sites for the French market is a restriction of cross-border trade in services, and that in any case, the blocking measures were “technically unrealizable, costly, and unnecessarily complex.” Despite this valiant defense, the court was unimpressed. At least ProtonVPN was allowed to contest the French court’s ruling. In a similar case in Spain, no such option was given. According to TorrentFreak:

The court orders were issued inaudita parte, which is Latin for “without hearing the other side.” Citing urgency, the Córdoba court did not give NordVPN and ProtonVPN the opportunity to contest the measures before they were granted.

Without a defense, the court reportedly concluded that both NordVPN and ProtonVPN actively advertise their ability to bypass geo-restrictions, citing match schedules in their marketing materials. The VPNs are therefore seen as active participants in the piracy chain rather than passive conduits, according to local media reports.

That’s pretty shocking, and shows once more how biased in favor of the copyright industry the law has become in some jurisdictions: other parties aren’t even allowed to present a defense. It’s a further reason why a definitive ruling from the CJEU on the right of people to use VPNs how they wish is so important.

Alongside these recent court cases, there is also another imminent attack on the use of VPNs, albeit in a slight different way. The UK government has announced wide-ranging plans that aim to “keep children safe online”. One of the ideas the government is proposing is “to age restrict or limit children’s VPN use where it undermines safety protections and changing the age of digital consent.” Although this is presented as a child protection measure, the effects will be much wider. The only way to bring in age restrictions for children is if all adult users of VPNs verify their own age. This inevitably leads to the creation of huge new online databases of personal information that are vulnerable to attack. As a side effect, the UK government’s misguided plans will also bolster the growing attempts by the copyright industry to demonize VPNs – a core element of the Internet’s plumbing – as unnecessary tools that are only used to break the law.

Follow me @glynmoody on Mastodon and on Bluesky. Originally published on WalledCulture.

Filed Under: cjeu, copyright, encryption, privacy, security, vpns

Companies: canal plus, nordvpn, proton