The U.S. Cybersecurity and Infrastructure Security Agency has added a TrueConf Client vulnerability to its catalog of known exploited vulnerabilities, following evidence of active attacks in the wild. The flaw allows unauthenticated download of code without integrity verification, creating a high-risk vector for malicious actors targeting federal networks and other organizations.