- Computer pirates are actively aimed at a messaging application used by federal agencies
- The application was also involved in the signalgate scandal
- Computer pirates have already stolen chats and metadata of 60 government officials
The United States Cybersecurity and Infrastructure Security Agency (CISA) warned that a popular signal messaging applications that are using federal agencies is under attack.
It was discovered that the clone, Telemassage, had some serious problems, including the lack of adequate end -to -end encryption.
Computer pirates have been exploiting two defects, CVE-2025-48927 and CVE-2025-48928, to access federal chat records and metadata. CISA has granted federal agencies until July 22 to apply patches.
Application of federal pirated chat
The new one produces months after the then US National Security Advisor. Uu. Mike Waltz accidentally added to Jeffrey Goldberg, editor in chief of The Atlanticto a secret signal chat that discusses the ongoing attacks in the United States against the hutis rebels in Yemen. Waltz was removed from his position as a result.
After research on the fiasco, it was learned that Waltz and others were not using Signal, but a clone of the application called TM SGNL, which was developed by Telemassage.
Subsequently, the application was attacked in an attack that saw the chat records and the metadata of around 60 government officials, including members of the Secret Service and a White House official filtered online.
The first defect listed by CISA, CVE-2025-48927, has a 5.3 CVSS score, and allows computer pirates to extract confidential data from the memory landfills set forth by an incorrect configuration of the spring start actuator in the Telessage application that exposes the end point /Heapdump.
The second defect, CVE-2025-48928, has a 4.0 CVSS score, and allows an attacker to access exposed passwords sent through HTTP stealing a memory file file through local access to the Telemassage server.
CISA has not published other details about defects, but the agency has said that federal agencies must patch the application before July 22 or stop using it completely.
Through The registration
