Hackers are targeting a previously reported bug in the Signal clone app TeleMessage in an effort to steal users’ private data, according to security researchers and a U.S. government agency.
TeleMessage, which earlier this year was revealed to be used by high-ranking officials in the Trump administration, already experienced at least one data breach in May. The company markets modified versions of Signal, WhatsApp, and Telegram for corporations and government agencies that need to archive chats for legal and compliance reasons.
On Thursday, GreyNoise, a cybersecurity firm with visibility into what hackers are doing on the internet thanks to its network of sensors, published a post warning that it has seen several attempts to exploit the flaw in TeleMessage, which was originally disclosed in May.
If hackers are able to exploit the vulnerability against their targets, they could access “plaintext usernames, passwords, and other sensitive data,” according to the firm.
“I was left in disbelief at the simplicity of this exploit,” GreyNoise researcher Howdy Fisher wrote in a post analyzing the flaw. “[A]fter some digging, I found that many devices are still open and vulnerable to this.”
According to the researcher, exploiting this flaw is “trivial,” and it seems that hackers have taken notice.
Contact Us
Do you have more information about these attacks? Or about TeleMessage? We’d love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
In early July, U.S. cybersecurity agency CISA listed the flaw — designated officially as CVE-2025-48927 — to its catalog of Known Exploited Vulnerabilities, a database that collects security bugs that are known to have been exploited by hackers.
In other words, CISA says hackers are successfully exploiting this bug. At this point, however, no hacks against TeleMessage customers have been publicly reported.
In May, TeleMessage, which at that point was a little-known alternative to Signal, became a household name after then-U.S. National Security Advisor Mike Waltz accidentally revealed he was using the app. Waltz had previously added a journalist to a highly sensitive group chat with other Trump administration officials, where the group discussed plans to bomb Yemen, an operational security snafu that caused a scandal leading to Waltz’s ousting.
After TeleMessage was identified as the app Waltz and others in the administration used to communicate, the company was hacked. Unknown attackers stole the contents of users’ private messages and group chats, including from Customs and Border Protection, and the cryptocurrency giant Coinbase, according to 404 Media, which first reported the hack.
TeleMessage did not immediately respond to a request for comment.
