Signal clone used by federal agencies hit in attacks targeting major flaws – CISA says patch immediately

Hackers are actively targeting a messaging app used by federal agencies
The app was also involved in the Signalgate scandal
Hackers have already stolen chats and metadata from 60 government officials

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned a popular Signal messaging app clone being used by federal agencies is under attack.

The clone, TeleMessage, was found to have some serious issues, including a lack of proper end-to-end encryption.

Hackers have been exploiting two flaws, CVE-2025-48927 and CVE-2025-48928, to access federal chat logs and metadata. CISA has given federal agencies until July 22 to apply patches.

Federal chat app hacked

The new comes months after then-US national security advisor Mike Waltz accidentally added Jeffrey Goldberg, editor in chief at The Atlantic, to a secret Signal chat discussing ongoing US strikes against Houthi rebels in Yemen. Waltz was then removed from his position as a result.

Following investigations into the fiasco, it emerged that Waltz and others weren’t using Signal, but a clone of the app called TM SGNL, which was developed by TeleMessage.

The app was then subsequently targeted in an attack that saw the chat logs and metadata of around 60 government officials including Secret Service members and a White House official leaked online.

The first flaw listed by CISA, CVE-2025-48927, has a CVSS score of 5.3, and allows hackers to extract sensitive data from memory dumps exposed by a Spring Boot Actuator misconfiguration in the TeleMessage app that exposes the /heapdump endpoint.

The second flaw, CVE-2025-48928, has a CVSS score of 4.0, and allows an attacker to access exposed passwords sent over HTTP by stealing a memory-dump file through local access to the TeleMessage server.

No other details on the flaws have been released by CISA, but the agency has said that federal agencies must patch the app by July 22 or stop using it altogether.

Via The Register

https://cdn.mos.cms.futurecdn.net/jCnkDoNyoZqSXrrEmnX77H.jpg

Source link
benedict.collins@futurenet.com (Benedict Collins)

Celebrate Apple’s 50th birthday with these deals on watches and AirPods

ChatGPT comes to Apple CarPlay but only if you are willing to talk to a robot

7 new horror movies on Netflix, Shudder, HBO Max, and more in April 2026

7 new horror movies on Netflix, Shudder, HBO Max, and more in April 2026

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

The Super Mario Galaxy Movie Ending and Post-Credits Scenes Explained

Stars Dealing With Illnesses & More – Hollywood Life

BBC Insiders On Tim Davie’s Legacy, And Task Ahead For Matt Brittin

Part 4, NASA and Their Message to ATINY

Roth/MKM downgrades Apellis stock rating on Biogen acquisition

Billionaires bolt for Florida from the West Coast and take billions in tax revenue with them

Wall St futures slide as Trump signals tougher Iran strikes, oil jumps 6%

Billionaires bolt for Florida from the West Coast and take billions in tax revenue with them

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Signal clone used by federal agencies hit in attacks targeting major flaws – CISA says patch immediately

The Super Mario Galaxy Movie Ending and Post-Credits Scenes Explained

Roth/MKM downgrades Apellis stock rating on Biogen acquisition

Stars Dealing With Illnesses & More – Hollywood Life

Billionaires bolt for Florida from the West Coast and take billions in tax revenue with them