Description: An attack on the messaging service TeleMessage, which is used by some officials of the Trump administration, has resulted in the leak of details of over 60 government workers, a White House staffer, and members of the Secret Service. The White House acknowledged the cyber security incident but did not provide further comments. TeleMessage servers are reportedly closed while an investigation is carried out.

Description: TeleMessage, an enterprise communications and archiving platform used by US government officials, was compromised when a hacker gained unauthorized access and exfiltrated private message archives. The attacker claimed to have broken into the service, obtaining files that contained user communications across SMS, MMS, voice calls and messages from apps like WhatsApp, WeChat, Telegram and Signal. Although the stolen data included private conversations, no messages from US government accounts or officials were found in the breach. The hack was confirmed when portions of the archive were reviewed by a security publication, verifying the authenticity of the stolen content. Details on the attack vector remain unclear: it is not known whether a zero-day vulnerability was exploited, or if malware or credential theft played a role. TeleMessage and US authorities have yet to comment publicly, while Signal has warned users about the risks of unofficial forks of its application. The incident raises concerns over the security of third-party messaging services, potential regulatory compliance lapses and the exposure of sensitive personal communications on a platform that had been chosen for its supposed privacy features.

Description: A serious flaw in TM SGNL, a messaging app by US-Israeli firm TeleMessage used by former Trump administration officials, has been exploited, exposing sensitive communications and backend data. The breach compromised the platform’s core security claims, raising concerns about the encryption model and the security of high-level communications. The vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV) list, with a three-week deadline for federal agencies to address the issue.

Description: TeleMessage, a secure messaging platform used by government agencies and enterprises, suffered a significant cybersecurity breach due to critical security failures. The attack exploited multiple vulnerabilities, including the **lack of end-to-end encryption**, **misconfigured systems**, **exposed endpoints**, and **outdated technology**, allowing unauthorized access to sensitive communications. The breach compromised proprietary and potentially classified data, raising concerns about national security risks given the platform’s use by government entities. The incident highlighted systemic weaknesses in TeleMessage’s security posture, particularly in **authentication protocols**, **data storage security**, and **governance compliance**. Unlike marketing claims, the platform failed to enforce modern safeguards such as **multi-factor authentication (MFA)** or **rigorous encryption at rest**, leaving archived messages vulnerable to interception and exfiltration. The breach underscored the dangers of **bolted-on security** rather than a **security-by-design** approach, exposing users—including high-profile government and corporate clients—to data leaks, espionage risks, and reputational damage. The fallout extended beyond immediate data exposure, as the breach eroded trust in TeleMessage’s ability to protect critical communications, potentially leading to **contract terminations**, **legal repercussions**, and **operational disruptions** for affected organizations. The incident also occurred during a **government shutdown**, compounding risks due to reduced oversight and delayed incident response.

Description: Researchers have observed multiple exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames, passwords, and other sensitive data. The vulnerability is caused by exposing the '/heapdump' endpoint from Spring Boot Actuator without authentication. This flaw lets an attacker download a full Java heap memory dump, which may contain plaintext usernames, passwords, tokens, and other sensitive data. The issue was addressed by TeleMessage, but some on-premises installations remain vulnerable. The event triggered national security concerns in the U.S. after it was revealed that the product was being used by Customs & Border Protection and officials, including Mike Waltz.