TZUTC: -0500   
   MSGID: 1218.consprcy@1:2320/105 2ccc2384   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Signal clone used by federal agencies hit in attacks targeting major flaws -   
   CISA says patch immediately   
      
   Date:   
   Thu, 03 Jul 2025 13:57:00 +0000   
      
   Description:   
   CISA has warned a federal messaging app is being targeted by hackers, so    
   patch now.   
      
   FULL STORY   
      
   The US Cybersecurity and Infrastructure Security Agency (CISA) has warned a   
   popular Signal messaging app clone being used by federal agencies is under   
   attack.    
      
   The clone, TeleMessage, was found to have some serious issues, including a   
   lack of proper end-to-end encryption.    
      
   Hackers have been exploiting two flaws, CVE-2025-48927 and CVE-2025-48928, to   
   access federal chat logs and metadata. CISA has given federal agencies until   
   July 22 to apply patches.   
      
   Federal chat app hacked    
      
   The new comes months after then-US national security advisor Mike Waltz   
   accidentally added Jeffrey Goldberg, editor in chief at The Atlantic , to a   
   secret Signal chat discussing ongoing US strikes against Houthi rebels in   
   Yemen. Waltz was then removed from his position as a result.    
      
   Following investigations into the fiasco, it emerged that Waltz and others   
   werent using Signal, but a clone of the app called TM SGNL, which was   
   developed by TeleMessage.    
      
   The app was then subsequently targeted in an attack that saw the chat logs    
   and metadata of around 60 government officials including Secret Service   
   members and a White House official leaked online .    
      
   The first flaw listed by CISA, CVE-2025-48927, has a CVSS score of 5.3, and   
   allows hackers to extract sensitive data from memory dumps exposed by a    
   Spring Boot Actuator misconfiguration in the TeleMessage app that exposes the   
   /heapdump endpoint.    
      
   The second flaw, CVE-2025-48928, has a CVSS score of 4.0, and allows an   
   attacker to access exposed passwords sent over HTTP by stealing a memory-dump   
   file through local access to the TeleMessage server.    
      
   No other details on the flaws have been released by CISA, but the agency has   
   said that federal agencies must patch the app by July 22 or stop using it   
   altogether.    
      
   Via The Register   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/signal-clone-used-by-federal-agencies-h   
   it-in-attacks-targeting-major-flaws-cisa-says-patch-immediately   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426