- Pirates actively target a messaging application used by federal agencies
- The application was also involved in the signalgate scandal
- Pirates have already stolen cats and metadata from 60 government representatives
The American Cybersecurity and Infrastructure Safety Agency (CISA) warned that a popular signal messaging application used by federal agencies is attacked.
The clone, Telemessage, turned out to have serious problems, including a lack of end -to -end encryption.
The hackers have exploited two faults, CVE-2025-48927 and CVE-2025-48928, to access cat newspapers and federal metadata. The CISA gave federal agencies until July 22 to apply fixes.
Application of pirated federal chat
The new months occur after the national security advisor at the time, Mike Waltz, accidentally added to Jeffrey Goldberg, editor in chief at The AtlanticTo a secret signal cat discussing the current American strikes against the Houthi rebels in Yemen. Waltz was then removed from its position accordingly.
Following surveys on fiasco, it appeared that the waltz and others did not use the signal, but a clone of the application called TM SGNL, which was developed by Telemessage.
The application was then targeted thereafter in an attack that saw the discussion newspapers and the metadata of a 60 government manager, including members of the secret service and a White House official disclosed online.
The first defect listed by CISA, CVE-2025-48927, has a 5.3 CVSS score, and allows hackers to extract sensitive data from memory emptying exposed by an implementation errors of the Spring start-up actuator in the Telemessage application that exposes the end point / Heapdump.
The second defect, CVE-2025-48928, has a CVSS score of 4.0 and allows an attacker to access the exposed passwords sent to HTTP by stealing a memory file via local access to the telemontal server.
No other details on defects were published by CISA, but the agency said that federal agencies had to correct the application by July 22 or stop using it completely.
Via The register
