|
|
|
|
August 21, 2025
|
Hackers Infiltrate Alleged North Korean Operative’s Computer, Leak Evidence of...
|
|
August 21, 2025
|
Ecosia Proposes Unusual Stewardship Model for Google Chrome
|
|
August 21, 2025
|
OpenAI Presses Meta for Evidence on Musk’s $97 Billion Takeover Bid
|
|
August 15, 2025
|
ChatGPT Mobile App Surpasses $2 Billion in Consumer Spending, Dominating Rivals
|
|
|
Hackers Exploiting Critical Flaw in Signal Clone App Used by U.S. Officials
July 17, 2025
A major security flaw in TeleMessage, a secure messaging app marketed as a corporate version of Signal, is being actively targeted by hackers, according to cybersecurity researchers and the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability could give attackers access to users’ plaintext usernames, passwords, and sensitive data.
TeleMessage Under Attack
TeleMessage is a little-known app that offers modified versions of Signal, WhatsApp, and Telegram, tailored for corporations and government agencies that need to archive conversations for compliance and legal purposes.
The app gained sudden attention earlier this year when it was revealed to be used by senior U.S. government officials. But now, it's in the spotlight again — for all the wrong reasons.
Security researchers from GreyNoise say that hackers are now attempting to exploit a vulnerability in the app that was first publicly disclosed in May 2025. One researcher described the exploit as “trivially simple” and said many systems using TeleMessage remain unpatched and exposed online.
What’s at Risk?
If exploited, the flaw (officially cataloged as CVE-2025-48927) could allow attackers to intercept user credentials, message data, and potentially access archived group chats.
GreyNoise has observed multiple active exploit attempts across the internet. CISA has since added the bug to its Known Exploited Vulnerabilities catalog, a list reserved for flaws that are confirmed to be used in real-world attacks.
Despite this, no public reports have emerged of successful hacks exploiting the flaw after its disclosure — though the situation remains fluid.
High-Profile Breach and Fallout
TeleMessage first made headlines earlier this year after a leak involving Trump administration officials. A group chat using the app — involving discussions about military operations in Yemen — was accidentally exposed by a senior official, sparking a political scandal and revealing the app's use inside sensitive government circles.
Shortly after, unknown attackers breached TeleMessage, accessing private messages from U.S. government agencies including Customs and Border Protection, as well as employees from Coinbase, a major cryptocurrency platform.
That incident raised immediate concerns about the platform’s ability to protect high-value targets from cyber threats. Now, with a known vulnerability actively being exploited, the platform faces renewed scrutiny.
A Cautionary Tale for Security-Focused Messaging Apps
The TeleMessage incident serves as a sobering reminder that even apps built with compliance and security in mind can become targets — especially when used by government agencies and corporations with valuable data.
Security experts are urging any organization using TeleMessage to:
Patch immediately if they haven’t already
Conduct internal audits to detect any unusual access or data leaks
Consider alternative communication platforms until the vulnerability is fully mitigated
The nature of the vulnerability — its ease of exploitation and the sensitivity of the users involved — underscores the growing risks faced by digital communication platforms in an age of state-sponsored hacking and insider leaks.
|
|
|
Sign Up to
Our Newsletter!
Get the latest news in tech.
|
|
|
