Description: TeleMessage, an enterprise communications and archiving platform used by US government officials, was compromised when a hacker gained unauthorized access and exfiltrated private message archives. The attacker claimed to have broken into the service, obtaining files that contained user communications across SMS, MMS, voice calls and messages from apps like WhatsApp, WeChat, Telegram and Signal. Although the stolen data included private conversations, no messages from US government accounts or officials were found in the breach. The hack was confirmed when portions of the archive were reviewed by a security publication, verifying the authenticity of the stolen content. Details on the attack vector remain unclear: it is not known whether a zero-day vulnerability was exploited, or if malware or credential theft played a role. TeleMessage and US authorities have yet to comment publicly, while Signal has warned users about the risks of unofficial forks of its application. The incident raises concerns over the security of third-party messaging services, potential regulatory compliance lapses and the exposure of sensitive personal communications on a platform that had been chosen for its supposed privacy features.

Description: A serious flaw in TM SGNL, a messaging app by US-Israeli firm TeleMessage used by former Trump administration officials, has been exploited, exposing sensitive communications and backend data. The breach compromised the platform’s core security claims, raising concerns about the encryption model and the security of high-level communications. The vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV) list, with a three-week deadline for federal agencies to address the issue.

Description: An attack on the messaging service TeleMessage, which is used by some officials of the Trump administration, has resulted in the leak of details of over 60 government workers, a White House staffer, and members of the Secret Service. The White House acknowledged the cyber security incident but did not provide further comments. TeleMessage servers are reportedly closed while an investigation is carried out.

Description: Researchers have observed multiple exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames, passwords, and other sensitive data. The vulnerability is caused by exposing the '/heapdump' endpoint from Spring Boot Actuator without authentication. This flaw lets an attacker download a full Java heap memory dump, which may contain plaintext usernames, passwords, tokens, and other sensitive data. The issue was addressed by TeleMessage, but some on-premises installations remain vulnerable. The event triggered national security concerns in the U.S. after it was revealed that the product was being used by Customs & Border Protection and officials, including Mike Waltz.