TSC
Company Details
Linkedin ID:
telemessage
Website:
Employees number:
99
Number of followers:
6,112
NAICS:
517
Industry Type:
Homepage:
telemessage.com
IP Addresses:
0
Company ID:
TEL_1487638
Scan Status:
In-progress
TeleMessage, a Smarsh Company Company CyberSecurity Posture
telemessage.com
TeleMessage, a Smarsh Company, is Transforming Business Mobile Messaging and Archiving: Managed, Secure, Reliable and IT Ready. The TeleMessage Mobile Archiver effectively addresses compliance, regulatory and eDiscovery response requirements. It reduces risk across a variety of industries, capturing mobile content from any combination of device or carrier and supporting phone ownership either by company or BYOD. We’ve also developed an innovative, all-encompassing messaging suite for enterprises that replicates the ease of use of consumer applications, while providing all the additional tools that businesses need in order to stay on top of corporate mobile messaging. Our offering includes an integrated Android/iOS mobile apps, web portal, Outlook Plug-in, and a range of APIs that connect to any operational IT system. We support archiving both On-prem and in the cloud, working with a wide variety of carriers. TeleMessage has been providing state-of-the-art messaging solutions for over 15 years. Our software has been successfully deployed and used by thousands of enterprises, trusted by dozens of telecom operators, reaches hundreds of millions of users and powers billions of messages through customers’ networks. We support an ever growing number of enterprises, including leading brands across a range of industries such as healthcare, travel, finance and retail, among others.
TeleMessage, a Smarsh Company A.I CyberSecurity Scoring
TSC Risk Score (AI oriented)Between 700 and 749
TSC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
TSC Global Score (TPRM)XXXX
TSC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
TSC Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
TeleMessage
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence
Description: TeleMessage, a secure messaging platform used by government agencies and enterprises, suffered a significant cybersecurity breach due to critical security failures. The attack exploited multiple vulnerabilities, including the lack of end-to-end encryption, misconfigured systems, exposed endpoints, and outdated technology, allowing unauthorized access to sensitive communications. The breach compromised proprietary and potentially classified data, raising concerns about national security risks given the platform’s use by government entities. The incident highlighted systemic weaknesses in TeleMessage’s security posture, particularly in authentication protocols, data storage security, and governance compliance. Unlike marketing claims, the platform failed to enforce modern safeguards such as multi-factor authentication (MFA) or rigorous encryption at rest, leaving archived messages vulnerable to interception and exfiltration. The breach underscored the dangers of bolted-on security rather than a security-by-design approach, exposing users including high-profile government and corporate clients to data leaks, espionage risks, and reputational damage. The fallout extended beyond immediate data exposure, as the breach eroded trust in TeleMessage’s ability to protect critical communications, potentially leading to contract terminations, legal repercussions, and operational disruptions for affected organizations. The incident also occurred during a government shutdown, compounding risks due to reduced oversight and delayed incident response.
Smarsh
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Researchers have observed multiple exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames, passwords, and other sensitive data. The vulnerability is caused by exposing the '/heapdump' endpoint from Spring Boot Actuator without authentication. This flaw lets an attacker download a full Java heap memory dump, which may contain plaintext usernames, passwords, tokens, and other sensitive data. The issue was addressed by TeleMessage, but some on-premises installations remain vulnerable. The event triggered national security concerns in the U.S. after it was revealed that the product was being used by Customs & Border Protection and officials, including Mike Waltz.
TSC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for TSC
Incidents vs Telecommunications Industry Average (This Year)
No incidents recorded for TeleMessage, a Smarsh Company in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for TeleMessage, a Smarsh Company in 2026.
Incident Types TSC vs Telecommunications Industry Avg (This Year)
No incidents recorded for TeleMessage, a Smarsh Company in 2026.
Incident History — TSC (X = Date, Y = Severity)
TSC cyber incidents detection timeline including parent company and subsidiaries
TSC Company Subsidiaries
TeleMessage, a Smarsh Company, is Transforming Business Mobile Messaging and Archiving: Managed, Secure, Reliable and IT Ready. The TeleMessage Mobile Archiver effectively addresses compliance, regulatory and eDiscovery response requirements. It reduces risk across a variety of industries, capturing mobile content from any combination of device or carrier and supporting phone ownership either by company or BYOD. We’ve also developed an innovative, all-encompassing messaging suite for enterprises that replicates the ease of use of consumer applications, while providing all the additional tools that businesses need in order to stay on top of corporate mobile messaging. Our offering includes an integrated Android/iOS mobile apps, web portal, Outlook Plug-in, and a range of APIs that connect to any operational IT system. We support archiving both On-prem and in the cloud, working with a wide variety of carriers. TeleMessage has been providing state-of-the-art messaging solutions for over 15 years. Our software has been successfully deployed and used by thousands of enterprises, trusted by dozens of telecom operators, reaches hundreds of millions of users and powers billions of messages through customers’ networks. We support an ever growing number of enterprises, including leading brands across a range of industries such as healthcare, travel, finance and retail, among others.
Loading...
TSC Similar Companies
Telkom Indonesia
PT Telkom Indonesia (Persero) Tbk (Telkom) is a state-owned information and communications technology enterprise and telecommunications network in Indonesia. The Government of Indonesia is the majority shareholder with 52.09 percent shares while the remaining 47.91 percent shares belong to public sh
Jazz
Pakistan’s number one digital operator and the largest internet and broadband service provider with over 70 million subscribers nationwide. With a legacy of more than 27 years, Jazz maintains market leadership through cutting-edge, integrated technology, the strongest brands and the largest portfoli
Ooredoo Group
We are an award-winning international communications company operating across the Middle East, North Africa and Southeast Asia. Serving consumers and businesses in 10 countries, we deliver a leading data experience through a broad range of content and services via our advanced, data-centric mob
Free
Trublion historique des Télécoms, Free reste un opérateur pas comme les autres. Nous continuons de nous distinguer de nos concurrents par nos produits, par notre politique tarifaire ou encore par le ton employé avec nos abonnés. Cette différence a aussi construit la grande entreprise que nous somme
Nokia
Nokia is a global leader in connectivity for the AI era. With expertise across fixed, mobile, and transport networks, powered by the innovation of Nokia Bell Labs, we’re advancing connectivity to secure a brighter world. Advanced connectivity is key to enable the opportunities of AI – opening new d
Welkom bij de LinkedIn pagina van KPN. Sinds jaar en dag maakt KPN technologie toegankelijk. Hier leest u alles over de ontwikkelingen rondom de thema’s die KPN belangrijk vindt, zoals Het Nieuwe Leven & Werken, Veiligheid & Privacy en ICT-infrastructuur. Ook een transparante en betrouwbare dienstve
BT Group
We’re one of the world’s leading communications services companies. At BT Group, the solutions we sell are integral to modern life. Our purpose is as simple as it is ambitious: we connect for good. There are no limits to what people can do when they connect. And as technology changes our world, co
Vivo (Telefônica Brasil)
Vivo (Telefônica Brasil) is part of the Telefónica Group and with more than 94 million customers, of which 75 million mobile and 19 million fixed, we are the largest telecommunications company in Brazil, with nationwide presence and a complete, convergent portfolio of products, combining fixed, mobi
Bell
We advance how people connect with each other and the world #ConnectionIsEverything. Bell is Canada's largest communications company providing advanced Bell broadband wireless, Internet, TV, media and business communications services. Founded in Montréal in 1880, Bell is wholly owned by BCE Inc. T
.png)
TSC CyberSecurity News
May 19, 2025 07:00 AM
DDoSecrets Adds 410GB of TeleMessage Breach Data to Index
On the 4th of May 2025, TeleMessage, an Israeli company providing modified versions of encrypted messaging apps like Signal,...
May 06, 2025 07:00 AM
Portland firm suspends messaging app used by Trump official after apparent hack
Portland-based tech firm Smarsh has stopped offering a digital messaging app called TeleMessage, notably used by Trump administration official Mike Waltz,...
May 06, 2025 07:00 AM
Portland company in national spotlight after Trump official is hacked
Portland company Smarsh faces scrutiny as its TeleMessage business is hacked, compromising messages including those of Mike Waltz.
May 05, 2025 07:00 AM
Message App That Waltz Was Seen Using Is Probing Possible Breach
TeleMessage, the message-archiving app that former National Security Adviser Michael Waltz appeared to be using in a photograph of him communicating with other...
May 05, 2025 07:00 AM
TeleMessage, a modified Signal clone used by US government officials, has been hacked
A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to...
May 05, 2025 07:00 AM
Messaging app seen in use by Mike Waltz suspends services after hackers claim breach
TeleMessage, the app that President Trump's former National Security Advisor, Mike Waltz, appeared to use to archive his group chats,...
May 05, 2025 07:00 AM
Messaging app used by Trump official suspends operations after reported hack
Trump previously discouraged his officials from using Signal following "Signalgate," when Mike Waltz added a journalist to a private chat of...
May 05, 2025 07:00 AM
TeleMessage probes 'hack' of Signal clone used by Feds
An unidentified miscreant is said to have obtained US government communications from TeleMessage, a messaging and archiving app based on the open-source Signal...
May 05, 2025 07:00 AM
Unofficial Signal app used by Trump officials investigates hack
TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some US government officials, has suspended all services after...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
TSC CyberSecurity History Information
Official Website of TeleMessage, a Smarsh Company
The official website of TeleMessage, a Smarsh Company is http://www.telemessage.com.
TeleMessage, a Smarsh Company’s AI-Generated Cybersecurity Score
According to Rankiteo, TeleMessage, a Smarsh Company’s AI-generated cybersecurity score is 731, reflecting their Moderate security posture.
How many security badges does TeleMessage, a Smarsh Company’ have ?
According to Rankiteo, TeleMessage, a Smarsh Company currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has TeleMessage, a Smarsh Company been affected by any supply chain cyber incidents ?
According to Rankiteo, TeleMessage, a Smarsh Company has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does TeleMessage, a Smarsh Company have SOC 2 Type 1 certification ?
According to Rankiteo, TeleMessage, a Smarsh Company is not certified under SOC 2 Type 1.
Does TeleMessage, a Smarsh Company have SOC 2 Type 2 certification ?
According to Rankiteo, TeleMessage, a Smarsh Company does not hold a SOC 2 Type 2 certification.
Does TeleMessage, a Smarsh Company comply with GDPR ?
According to Rankiteo, TeleMessage, a Smarsh Company is not listed as GDPR compliant.
Does TeleMessage, a Smarsh Company have PCI DSS certification ?
According to Rankiteo, TeleMessage, a Smarsh Company does not currently maintain PCI DSS compliance.
Does TeleMessage, a Smarsh Company comply with HIPAA ?
According to Rankiteo, TeleMessage, a Smarsh Company is not compliant with HIPAA regulations.
Does TeleMessage, a Smarsh Company have ISO 27001 certification ?
According to Rankiteo,TeleMessage, a Smarsh Company is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of TeleMessage, a Smarsh Company
TeleMessage, a Smarsh Company operates primarily in the Telecommunications industry.
Number of Employees at TeleMessage, a Smarsh Company
TeleMessage, a Smarsh Company employs approximately 99 people worldwide.
Subsidiaries Owned by TeleMessage, a Smarsh Company
TeleMessage, a Smarsh Company presently has no subsidiaries across any sectors.
TeleMessage, a Smarsh Company’s LinkedIn Followers
TeleMessage, a Smarsh Company’s official LinkedIn profile has approximately 6,112 followers.
NAICS Classification of TeleMessage, a Smarsh Company
TeleMessage, a Smarsh Company is classified under the NAICS code 517, which corresponds to Telecommunications.
TeleMessage, a Smarsh Company’s Presence on Crunchbase
No, TeleMessage, a Smarsh Company does not have a profile on Crunchbase.
TeleMessage, a Smarsh Company’s Presence on LinkedIn
Yes, TeleMessage, a Smarsh Company maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/telemessage.
Cybersecurity Incidents Involving TeleMessage, a Smarsh Company
As of January 21, 2026, Rankiteo reports that TeleMessage, a Smarsh Company has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
TeleMessage, a Smarsh Company has an estimated 9,783 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at TeleMessage, a Smarsh Company ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Cyber Attack.
How does TeleMessage, a Smarsh Company detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with disable or restrict access to the /heapdump endpoint, and remediation measures with limit exposure of all actuator endpoints as much as possible..
Incident Details
Can you provide details on each incident ?
Title: Exploitation of CVE-2025-48927 in TeleMessage SGNL App
Description: Researchers have observed exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, allowing retrieval of usernames, passwords, and other sensitive data. The vulnerability is caused by exposing the '/heapdump' endpoint from Spring Boot Actuator without authentication.
Date Detected: 2025-05-01
Date Publicly Disclosed: 2025-05-01
Type: Vulnerability Exploitation
Attack Vector: Exposed diagnostic endpoint
Vulnerability Exploited: CVE-2025-48927
Motivation: Data Theft
Title: TeleMessage Hack
Description: The TeleMessage hack was a cybersecurity incident where the primary failures included lack of end-to-end encryption, poor misconfiguration, an exposed endpoint, and the use of outdated technology. These vulnerabilities led to a breach compromising proprietary and sensitive communications. The incident highlights broader issues in messaging app security, including weak authentication, inadequate encryption, and insufficient governance controls.
Type: Data Breach
Attack Vector: Exposed EndpointOutdated TechnologyLack of End-to-End EncryptionPoor Misconfiguration
Vulnerability Exploited: Weak or Missing End-to-End EncryptionMisconfigured SystemsOutdated Cryptographic ProtocolsUnsecured Data Storage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Exposed diagnostic endpoint and Exposed EndpointMisconfigured Systems.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability Exploitation TEL713072025
Data Compromised: Usernames, Passwords, Tokens, Sensitive data
Systems Affected: TeleMessage SGNL app
Incident : Data Breach TEL0533405111725
Data Compromised: Proprietary information, Sensitive communications, Potentially national security-related data
Systems Affected: Messaging Platform (TeleMessage)Data Storage (Logs, Backups, Archives)
Operational Impact: Potential Disruption to Government and Enterprise CommunicationsLoss of Trust in Messaging Platforms
Brand Reputation Impact: Erosion of Trust in TeleMessageNegative Perception of Messaging Security Standards
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Usernames, Passwords, Tokens, Sensitive Data, , Proprietary Business Communications, Sensitive Government Communications, Archived Messages, Logs, Backups and .
Which entities were affected by each incident ?
Incident : Vulnerability Exploitation TEL713072025
Entity Name: Smarsh
Entity Type: Company
Industry: Compliance-focused Communication Solutions
Customers Affected: Customs & Border Protection, Mike Waltz
Incident : Data Breach TEL0533405111725
Entity Name: TeleMessage
Entity Type: Enterprise Messaging Provider
Industry: Technology, Government Contracting, Enterprise Communications
Customers Affected: Government Agencies, Enterprises, Potentially National Security-Related Entities
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploitation TEL713072025
Containment Measures: Disable or restrict access to the /heapdump endpoint
Remediation Measures: Limit exposure of all Actuator endpoints as much as possible
Data Breach Information
What type of data was compromised in each breach ?
Incident : Vulnerability Exploitation TEL713072025
Type of Data Compromised: Usernames, Passwords, Tokens, Sensitive data
Sensitivity of Data: High
Incident : Data Breach TEL0533405111725
Type of Data Compromised: Proprietary business communications, Sensitive government communications, Archived messages, Logs, Backups
Sensitivity of Data: High (Potentially National Security-Related)
Data Encryption: ['Lack of End-to-End Encryption', 'Potentially Unencrypted Storage']
File Types Exposed: Message LogsArchived ConversationsBackup Files
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Limit exposure of all Actuator endpoints as much as possible.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disable or restrict access to the /heapdump endpoint.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Vulnerability Exploitation TEL713072025
Regulatory Notifications: CISA added to KEV catalog
Incident : Data Breach TEL0533405111725
Regulations Violated: Potential Violations of SOC 2, HIPAA (if healthcare data involved), FedRAMP (if government data involved),
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability Exploitation TEL713072025
Lessons Learned: Importance of securing diagnostic endpoints and limiting exposure of Actuator endpoints
Incident : Data Breach TEL0533405111725
Lessons Learned: Security in messaging must be holistic, addressing authentication, encryption (in transit and at rest), privacy controls, data storage security, and governance certifications (e.g., SOC 2, FedRAMP)., End-to-end encryption alone is insufficient if implementation is weak or misconfigured., Outdated technology and exposed endpoints create critical vulnerabilities., Security must be built into messaging platforms by design, not added as an afterthought., Vendors without rigorous certifications often lack disciplined security practices., Government shutdowns may indirectly weaken messaging security through reduced oversight and degraded infrastructure.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Exploitation TEL713072025
Recommendations: Disable or restrict access to the /heapdump endpoint and limit exposure of all Actuator endpoints
Incident : Data Breach TEL0533405111725
Recommendations: Adopt messaging platforms with **modern authentication** (e.g., MFA, SSO) and **properly implemented end-to-end encryption**., Ensure **data storage security** by encrypting logs, backups, and archives to prevent breaches via unsecured storage., Verify vendor **privacy controls** to prevent data mining or misuse of user conversations., Prioritize platforms with **industry certifications** (e.g., SOC 2, HIPAA, FedRAMP) to validate security claims., Implement **security by design**, embedding governance, retention policies, and continuous monitoring from the ground up., Avoid platforms with **outdated technology** or **misconfigured endpoints** that expose critical vulnerabilities., For regulated industries, rigorously evaluate messaging solutions against **authentication, encryption, privacy, and compliance** standards.Adopt messaging platforms with **modern authentication** (e.g., MFA, SSO) and **properly implemented end-to-end encryption**., Ensure **data storage security** by encrypting logs, backups, and archives to prevent breaches via unsecured storage., Verify vendor **privacy controls** to prevent data mining or misuse of user conversations., Prioritize platforms with **industry certifications** (e.g., SOC 2, HIPAA, FedRAMP) to validate security claims., Implement **security by design**, embedding governance, retention policies, and continuous monitoring from the ground up., Avoid platforms with **outdated technology** or **misconfigured endpoints** that expose critical vulnerabilities., For regulated industries, rigorously evaluate messaging solutions against **authentication, encryption, privacy, and compliance** standards.Adopt messaging platforms with **modern authentication** (e.g., MFA, SSO) and **properly implemented end-to-end encryption**., Ensure **data storage security** by encrypting logs, backups, and archives to prevent breaches via unsecured storage., Verify vendor **privacy controls** to prevent data mining or misuse of user conversations., Prioritize platforms with **industry certifications** (e.g., SOC 2, HIPAA, FedRAMP) to validate security claims., Implement **security by design**, embedding governance, retention policies, and continuous monitoring from the ground up., Avoid platforms with **outdated technology** or **misconfigured endpoints** that expose critical vulnerabilities., For regulated industries, rigorously evaluate messaging solutions against **authentication, encryption, privacy, and compliance** standards.Adopt messaging platforms with **modern authentication** (e.g., MFA, SSO) and **properly implemented end-to-end encryption**., Ensure **data storage security** by encrypting logs, backups, and archives to prevent breaches via unsecured storage., Verify vendor **privacy controls** to prevent data mining or misuse of user conversations., Prioritize platforms with **industry certifications** (e.g., SOC 2, HIPAA, FedRAMP) to validate security claims., Implement **security by design**, embedding governance, retention policies, and continuous monitoring from the ground up., Avoid platforms with **outdated technology** or **misconfigured endpoints** that expose critical vulnerabilities., For regulated industries, rigorously evaluate messaging solutions against **authentication, encryption, privacy, and compliance** standards.Adopt messaging platforms with **modern authentication** (e.g., MFA, SSO) and **properly implemented end-to-end encryption**., Ensure **data storage security** by encrypting logs, backups, and archives to prevent breaches via unsecured storage., Verify vendor **privacy controls** to prevent data mining or misuse of user conversations., Prioritize platforms with **industry certifications** (e.g., SOC 2, HIPAA, FedRAMP) to validate security claims., Implement **security by design**, embedding governance, retention policies, and continuous monitoring from the ground up., Avoid platforms with **outdated technology** or **misconfigured endpoints** that expose critical vulnerabilities., For regulated industries, rigorously evaluate messaging solutions against **authentication, encryption, privacy, and compliance** standards.Adopt messaging platforms with **modern authentication** (e.g., MFA, SSO) and **properly implemented end-to-end encryption**., Ensure **data storage security** by encrypting logs, backups, and archives to prevent breaches via unsecured storage., Verify vendor **privacy controls** to prevent data mining or misuse of user conversations., Prioritize platforms with **industry certifications** (e.g., SOC 2, HIPAA, FedRAMP) to validate security claims., Implement **security by design**, embedding governance, retention policies, and continuous monitoring from the ground up., Avoid platforms with **outdated technology** or **misconfigured endpoints** that expose critical vulnerabilities., For regulated industries, rigorously evaluate messaging solutions against **authentication, encryption, privacy, and compliance** standards.Adopt messaging platforms with **modern authentication** (e.g., MFA, SSO) and **properly implemented end-to-end encryption**., Ensure **data storage security** by encrypting logs, backups, and archives to prevent breaches via unsecured storage., Verify vendor **privacy controls** to prevent data mining or misuse of user conversations., Prioritize platforms with **industry certifications** (e.g., SOC 2, HIPAA, FedRAMP) to validate security claims., Implement **security by design**, embedding governance, retention policies, and continuous monitoring from the ground up., Avoid platforms with **outdated technology** or **misconfigured endpoints** that expose critical vulnerabilities., For regulated industries, rigorously evaluate messaging solutions against **authentication, encryption, privacy, and compliance** standards.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Importance of securing diagnostic endpoints and limiting exposure of Actuator endpointsSecurity in messaging must be holistic, addressing authentication, encryption (in transit and at rest), privacy controls, data storage security, and governance certifications (e.g., SOC 2, FedRAMP).,End-to-end encryption alone is insufficient if implementation is weak or misconfigured.,Outdated technology and exposed endpoints create critical vulnerabilities.,Security must be built into messaging platforms by design, not added as an afterthought.,Vendors without rigorous certifications often lack disciplined security practices.,Government shutdowns may indirectly weaken messaging security through reduced oversight and degraded infrastructure.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Disable or restrict access to the /heapdump endpoint and limit exposure of all Actuator endpoints.
References
Where can I find more information about each incident ?
Incident : Vulnerability Exploitation TEL713072025
Source: GreyNoise
Incident : Vulnerability Exploitation TEL713072025
Source: Smarsh spokesperson
Incident : Data Breach TEL0533405111725
Source: The Fast Mode
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: GreyNoise, and Source: Smarsh spokesperson, and Source: The Fast Mode.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Vulnerability Exploitation TEL713072025
Investigation Status: Ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Vulnerability Exploitation TEL713072025
Entry Point: Exposed diagnostic endpoint
Reconnaissance Period: Ongoing
Incident : Data Breach TEL0533405111725
Entry Point: Exposed Endpoint, Misconfigured Systems,
High Value Targets: Government Communications, Enterprise Proprietary Data,
Data Sold on Dark Web: Government Communications, Enterprise Proprietary Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Exploitation TEL713072025
Root Causes: Exposing the '/heapdump' endpoint without authentication
Corrective Actions: Disable or restrict access to the /heapdump endpoint
Incident : Data Breach TEL0533405111725
Root Causes: Lack Of End-To-End Encryption Or Weak Implementation Thereof., Poor System Misconfiguration Leading To Exposed Endpoints., Use Of Outdated Technology With Known Vulnerabilities., Inadequate Data Storage Security (Unencrypted Logs/Backups)., Absence Of Rigorous Governance Certifications (E.G., Soc 2, Fedramp)., Over-Reliance On Basic Authentication (Username/Password) Without Mfa Or Sso.,
Corrective Actions: Migrate To Modern Authentication Protocols (Mfa, Sso)., Implement And Audit **Strong End-To-End Encryption** For All Messages., Secure Data Storage With **Encryption At Rest** For Logs, Backups, And Archives., Conduct **Regular Security Audits** And Penetration Testing To Identify Misconfigurations., Replace Outdated Technology With **Up-To-Date Cryptographic Frameworks**., Obtain And Maintain **Industry Certifications** (Soc 2, Fedramp) To Enforce Disciplined Security Practices., Adopt A **Security-By-Design** Approach, Embedding Protections From Development Through Deployment.,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Disable or restrict access to the /heapdump endpoint, Migrate To Modern Authentication Protocols (Mfa, Sso)., Implement And Audit **Strong End-To-End Encryption** For All Messages., Secure Data Storage With **Encryption At Rest** For Logs, Backups, And Archives., Conduct **Regular Security Audits** And Penetration Testing To Identify Misconfigurations., Replace Outdated Technology With **Up-To-Date Cryptographic Frameworks**., Obtain And Maintain **Industry Certifications** (Soc 2, Fedramp) To Enforce Disciplined Security Practices., Adopt A **Security-By-Design** Approach, Embedding Protections From Development Through Deployment., .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-05-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-05-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were usernames, passwords, tokens, sensitive data, , Proprietary Information, Sensitive Communications, Potentially National Security-Related Data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were TeleMessage SGNL app and Messaging Platform (TeleMessage)Data Storage (Logs, Backups, Archives).
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Disable or restrict access to the /heapdump endpoint.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were usernames, sensitive data, Proprietary Information, tokens, Potentially National Security-Related Data, passwords and Sensitive Communications.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Government shutdowns may indirectly weaken messaging security through reduced oversight and degraded infrastructure.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Adopt messaging platforms with **modern authentication** (e.g., MFA, SSO) and **properly implemented end-to-end encryption**., Implement **security by design**, embedding governance, retention policies, and continuous monitoring from the ground up., Avoid platforms with **outdated technology** or **misconfigured endpoints** that expose critical vulnerabilities., Disable or restrict access to the /heapdump endpoint and limit exposure of all Actuator endpoints, Ensure **data storage security** by encrypting logs, backups, and archives to prevent breaches via unsecured storage., For regulated industries, rigorously evaluate messaging solutions against **authentication, encryption, privacy, and compliance** standards., Prioritize platforms with **industry certifications** (e.g., SOC 2, HIPAA, FedRAMP) to validate security claims. and Verify vendor **privacy controls** to prevent data mining or misuse of user conversations..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are GreyNoise, The Fast Mode and Smarsh spokesperson.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Exposed diagnostic endpoint.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Ongoing.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Exposing the '/heapdump' endpoint without authentication, Lack of end-to-end encryption or weak implementation thereof.Poor system misconfiguration leading to exposed endpoints.Use of outdated technology with known vulnerabilities.Inadequate data storage security (unencrypted logs/backups).Absence of rigorous governance certifications (e.g., SOC 2, FedRAMP).Over-reliance on basic authentication (username/password) without MFA or SSO..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Disable or restrict access to the /heapdump endpoint, Migrate to modern authentication protocols (MFA, SSO).Implement and audit **strong end-to-end encryption** for all messages.Secure data storage with **encryption at rest** for logs, backups, and archives.Conduct **regular security audits** and penetration testing to identify misconfigurations.Replace outdated technology with **up-to-date cryptographic frameworks**.Obtain and maintain **industry certifications** (SOC 2, FedRAMP) to enforce disciplined security practices.Adopt a **security-by-design** approach, embedding protections from development through deployment..
.png)
Latest Global CVEs (Not Company-Specific)
Description
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Risk Information
cvss3
Base: 8.1
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=telemessage' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
