CISA: Attacks exploiting TeleMessage bugs ongoing

Ongoing intrusions leveraging a pair of medium-severity flaws impacting the TeleMessage platform's Signal clone have prompted the security defects' inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, which has urged federal agencies to apply remediations by July 22, The Register reports.

More severe of the vulnerabilities is the TM SGNL Spring Boot Actuator misconfiguration bug, tracked as CVE-2025-48927, which could be abused for memory dump downloads, while the other flaw, tracked as CVE-2025-48928, could be exploited to reveal passwords delivered via HTTP, according to CISA, which has only confirmed that both have not yet been utilized in ransomware intrusions so far. Such a development comes after TeleMessage, which has been used by officials part of the Trump administration, was reported to have been hacked. More than 60 U.S. government users, including Secret Service members, had their metadata and chat logs exposed by threat actors on the Distributed Denial of Secrets site in May.