A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks targeting TrueConf video conferencing servers in Russia since September 2025, according to Positive Technologies research. The threat actors are leveraging an exploit chain of three vulnerabilities to execute remote commands on vulnerable systems.