fter some digging, I found that many devices are still open and vulnerable to this.”
According to the researcher, exploiting this flaw is “trivial,” and it seems that hackers have taken notice.
Contact Us
Do you have more information about these attacks? Or about TeleMessage? We’d love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
In early July, U.S. cybersecurity agency CISA listed the flaw — designated officially as CVE-2025-48927 — to its catalog of Known Exploited Vulnerabilities, a database that collects security bugs that are known to have been exploited by hackers.
In other words, CISA says hackers are successfully exploiting this bug. At this point, however, no hacks against TeleMessage customers have been publicly reported.
In May, TeleMessage, which at that point was a little-known alternative to Signal, became a household name after then-U.S. National Security Advisor Mike Waltz accidentally revealed he was using the app. Waltz had previously added a journalist to a highly sensitive group chat with other Trump administration officials, where the group discussed plans to bomb Yemen, an operational security snafu that caused a scandal leading to Waltz’s ousting.
After TeleMessage was identified as the app Waltz and others in the administration used to communicate, the company was hacked. Unknown attackers stole the contents of users’ private messages and group chats, including from Customs and Border Protection, and the cryptocurrency giant Coinbase, according to 404 Media, which first reported the hack.
TeleMessage did not immediately respond to a request for comment.
