TZUTC: -0500
MSGID: 1218.consprcy@1:2320/105 2ccc2384
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
Signal clone used by federal agencies hit in attacks targeting major flaws -
CISA says patch immediately

Date:
Thu, 03 Jul 2025 13:57:00 +0000

Description:
CISA has warned a federal messaging app is being targeted by hackers, so 
patch now.

FULL STORY

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned a
popular Signal messaging app clone being used by federal agencies is under
attack. 

The clone, TeleMessage, was found to have some serious issues, including a
lack of proper end-to-end encryption. 

Hackers have been exploiting two flaws, CVE-2025-48927 and CVE-2025-48928, to
access federal chat logs and metadata. CISA has given federal agencies until
July 22 to apply patches.

Federal chat app hacked 

The new comes months after then-US national security advisor Mike Waltz
accidentally added Jeffrey Goldberg, editor in chief at The Atlantic , to a
secret Signal chat discussing ongoing US strikes against Houthi rebels in
Yemen. Waltz was then removed from his position as a result. 

Following investigations into the fiasco, it emerged that Waltz and others
werent using Signal, but a clone of the app called TM SGNL, which was
developed by TeleMessage. 

The app was then subsequently targeted in an attack that saw the chat logs 
and metadata of around 60 government officials including Secret Service
members and a White House official leaked online . 

The first flaw listed by CISA, CVE-2025-48927, has a CVSS score of 5.3, and
allows hackers to extract sensitive data from memory dumps exposed by a 
Spring Boot Actuator misconfiguration in the TeleMessage app that exposes the
/heapdump endpoint. 

The second flaw, CVE-2025-48928, has a CVSS score of 4.0, and allows an
attacker to access exposed passwords sent over HTTP by stealing a memory-dump
file through local access to the TeleMessage server. 

No other details on the flaws have been released by CISA, but the agency has
said that federal agencies must patch the app by July 22 or stop using it
altogether. 

Via The Register

======================================================================
Link to news story:
https://www.techradar.com/pro/security/signal-clone-used-by-federal-agencies-h
it-in-attacks-targeting-major-flaws-cisa-says-patch-immediately

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426