Español
Cybersecurity researchers and U.S. government officials are raising alarms over a growing wave of attacks exploiting a serious vulnerability in TeleMessage, a secure messaging platform used by government agencies and corporations for archiving communications.
Originally exposed in May 2025, the flaw allows cybercriminals to gain access to highly sensitive information such as usernames and passwords in plaintext, along with other private data. According to cybersecurity firm GreyNoise, which monitors global hacker activity through a network of sensors, there has been a spike in exploitation attempts targeting this vulnerability in recent weeks.
“This is one of the simplest exploits I’ve ever seen,” said Howdy Fisher, a researcher at GreyNoise. “Despite being disclosed months ago, many systems remain exposed and vulnerable.”
What is TeleMessage?
TeleMessage is a commercial platform offering modified versions of encrypted messaging apps like Signal, WhatsApp, and Telegram, tailored for enterprise and government use. Its core function is to archive communications for legal and compliance purposes. However, a data breach in May already compromised the platform, exposing internal chats and data.
The issue gained broader attention after it was revealed that TeleMessage was used by senior Trump administration officials, including former National Security Advisor Mike Waltz. Waltz accidentally added a journalist to a classified group chat discussing military operations—an incident that led to his resignation and exposed the app to public scrutiny.
Vulnerability Under Active Exploitation
The security flaw, officially cataloged as CVE-2025-48927, was added to the Cybersecurity and Infrastructure Security Agency (CISA) list of Known Exploited Vulnerabilities in early July. This inclusion means that threat actors are actively leveraging the bug in real-world attacks.
So far, no specific attacks on TeleMessage customers have been publicly confirmed, but the growing interest from the hacker community suggests heightened risk. Past breaches reportedly affected organizations such as Customs and Border Protection and the crypto firm Coinbase, according to reporting by 404 Media.
A Call for Urgent Patching and Awareness
Despite the high-profile nature of the vulnerability and ongoing exploitation attempts, many affected systems remain unpatched. Security experts are urging organizations to apply updates immediately and audit their systems for signs of compromise.
As of now, TeleMessage has not issued an official statement regarding the new wave of attacks.
