VulnHub

Real-time Cybersecurity News

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

The Hacker News
Actively Exploited
Exploit

Overview

PhantomCore, a pro-Ukrainian hacktivist group, has been targeting TrueConf video conferencing software in Russia since September 2025. Researchers from Positive Technologies reported that the group is exploiting a series of three vulnerabilities to gain remote access to affected systems. This attack is significant as it affects servers that may be crucial for communications in various sectors, potentially disrupting operations and compromising sensitive information. The ongoing nature of these attacks raises concerns for organizations using TrueConf, as they may be at risk of unauthorized access and data breaches. Users of this software are advised to remain vigilant and implement security measures to protect their systems.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: TrueConf video conferencing software
  • Action Required: Users should apply any available patches for TrueConf, ensure that their systems are updated, and implement strong access controls to mitigate risks.
  • Timeline: Ongoing since September 2025

Original Article Summary

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That's according to a report published by Positive Technologies, which found the threat actors to be leveraging an exploit chain comprising three vulnerabilities to execute commands remotely on susceptible

Impact

TrueConf video conferencing software

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since September 2025

Remediation

Users should apply any available patches for TrueConf, ensure that their systems are updated, and implement strong access controls to mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Exploit.

Read Original Article

Related Coverage

Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected

Infosecurity Magazine

Itron, a technology supplier for utility companies, has reported a cyber incident but believes that its operations remain unaffected. The company has not provided detailed information about the nature of the attack or whether any sensitive data was compromised. Despite the incident, Itron reassured stakeholders that it does not expect any significant impact on its business. This revelation raises concerns about the cybersecurity measures in place within critical infrastructure sectors, as attacks on utility suppliers can have broader implications for service delivery and public safety. Stakeholders in the utilities sector should remain vigilant and conduct thorough assessments of their cybersecurity protocols.

Apr 27, 2026

Widely Used Browser Extensions Selling User Data

Infosecurity Magazine

Recent findings reveal that numerous browser extensions are selling user data, as disclosed in their privacy policies. These extensions, which are widely used, have been caught sharing sensitive information with third parties, raising significant concerns about user privacy and data security. The issue affects a broad range of users who rely on these extensions for various functionalities, including ad-blocking and productivity enhancements. The implications are serious, as users may unknowingly expose their personal data, browsing habits, and even login credentials. This situation calls for heightened scrutiny from both users and regulatory bodies to ensure that privacy standards are upheld and to protect individuals from potential misuse of their data.

Apr 27, 2026

20-Year-Old Malware Rewrites History of Cyber Sabotage

darkreading

Researchers have discovered a malware framework called 'fast16' that dates back to 2004, making it five years older than the notorious Stuxnet. This malware is believed to have been used in cyber sabotage efforts, potentially setting a precedent for future attacks on critical infrastructure. The implications of this discovery are significant, as it suggests that sophisticated cyber threats have been around longer than previously understood. Fast16’s existence raises concerns about the security of various industrial systems that may still be vulnerable to similar attacks. Understanding its capabilities and origins could help organizations better defend against current and future threats.

Apr 27, 2026

Incomplete Windows Patch Opens Door to Zero-Click Attacks

SecurityWeek

A recently identified vulnerability in Windows has been exploited by APT28, a hacking group linked to Russia, in attacks targeting Ukraine and several EU nations. This flaw allows for zero-click attacks, meaning attackers can compromise systems without any user interaction. The incomplete patch aimed at fixing this vulnerability has raised concerns about its effectiveness, potentially leaving users at risk. The ongoing exploitation of this vulnerability poses a serious threat to sensitive data and national security for affected countries. As this situation evolves, it is crucial for Windows users to stay updated on patches and security advisories.

Apr 27, 2026

Money launderer linked to $230M crypto heist gets 70 months in prison

BleepingComputer

Evan Tangeman, a 22-year-old from Newport Beach, California, has been sentenced to 70 months in prison for his role in laundering funds from a significant cryptocurrency theft worth $230 million. This heist involved various cryptocurrencies, and Tangeman was part of a network that helped obscure the origins of the stolen money. The case highlights the ongoing challenges in tracking illicit cryptocurrency transactions and the legal consequences for those involved in such activities. With the rise of digital currencies, law enforcement is increasingly focused on cracking down on money laundering schemes tied to these assets. The sentence serves as a warning to others who might consider engaging in similar illegal actions.

Apr 27, 2026

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

SecurityWeek

A significant vulnerability in OpenSSH has been discovered, allowing attackers to gain full root shell access to affected systems. This flaw, which has been present for 15 years, stems from a coding issue that misinterprets comma characters in certificate principals as list separators. As a result, unauthorized users could exploit this vulnerability to escalate privileges and take control of systems. OpenSSH is widely used for secure remote access, making this a serious concern for organizations relying on it for security. Users and administrators are urged to review their systems and apply any available patches to mitigate this risk.

Apr 27, 2026