U.S. Cybersecurity Officials Warn: Hackers Are Stealing Passwords from TeleMessage Users

Cybersecurity researchers and U.S. government officials have issued urgent warnings about an ongoing cyberattack campaign targeting TeleMessage, a corporate messaging service modeled after Signal. Hackers are using a known vulnerability in the app to steal users' passwords, usernames, and private communications.

TeleMessage is designed for companies and government agencies that need to archive encrypted chats for legal compliance. Unlike regular versions of Signal or WhatsApp, TeleMessage stores conversations so they can be reviewed for regulatory or legal purposes. The platform also offers versions of Telegram and WhatsApp with similar archiving features.

Hackers Are Actively Exploiting the Flaw

Security firm GreyNoise, which monitors hacking activity across the internet, reported this week that attackers are repeatedly trying to exploit the TeleMessage security bug. The vulnerability was first made public in May 2025 but remains unpatched on many systems.

“If attackers are successful, they can gain access to sensitive data like usernames and passwords in plain text—not encrypted,” said Howdy Fisher, a researcher at GreyNoise. Fisher described the exploit as shockingly simple to carry out, and warned that many organizations have not yet secured their systems.

GreyNoise has detected several ongoing attempts to break into TeleMessage servers using this method, confirming that hackers are still actively targeting the flaw.

U.S. Government Confirms the Threat

The Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security, officially added this flaw to its Known Exploited Vulnerabilities (KEV) list earlier this month. The designation is serious: It means hackers aren’t just testing the flaw—they’re using it in real attacks.

The vulnerability is cataloged as CVE-2025-48927 in federal security databases. By including it in the KEV list, CISA is signaling to federal agencies, critical infrastructure companies, and private businesses that they must patch the issue immediately to protect sensitive data.

No Public Reports of Breached Organizations—Yet

So far, no specific government agency or business has publicly confirmed that they were hacked through this latest TeleMessage flaw. However, based on both CISA’s warning and GreyNoise’s monitoring, security experts believe real-world exploitation is happening right now.

TeleMessage’s Troubled History with Security

This isn’t the first time TeleMessage has been at the center of a cybersecurity crisis.

In May 2025, hackers broke into TeleMessage servers and stole private messages and group chats from high-profile users. Victims included:

• Customs and Border Protection (CBP), a U.S. government agency

• Coinbase, one of the largest cryptocurrency exchanges

• Members of the Trump administration, including officials involved in military planning

That breach came to light after then-National Security Advisor Mike Waltz accidentally revealed he was using TeleMessage. Waltz had mistakenly added a journalist to a secret group chat where administration officials were discussing plans for a military operation in Yemen. The resulting scandal led to Waltz’s removal from his position.

After this incident, TeleMessage, which had been relatively unknown outside corporate IT circles, became widely recognized—and scrutinized—for its role in government communications.

What Makes This Vulnerability So Dangerous?

According to cybersecurity experts, the current TeleMessage flaw is especially concerning for several reasons:

• It’s easy to exploit. Hackers don’t need advanced tools or insider knowledge.

• It exposes plaintext data. Normally, messaging apps encrypt usernames, passwords, and messages. This flaw leaves that information unprotected during an attack.

• It affects compliance-focused organizations. Companies and agencies using TeleMessage often store sensitive conversations for legal reasons. If those messages are stolen, it could lead to regulatory violations, lawsuits, or national security risks.

• The issue is still unpatched in many systems. Despite public warnings in May, GreyNoise has confirmed that many servers remain vulnerable.

Why Is TeleMessage Used Instead of Signal?

TeleMessage markets itself as a "compliant alternative" to popular apps like Signal, WhatsApp, and Telegram. For businesses and government agencies that are required to archive chat logs for legal or security reasons, TeleMessage offers versions of these apps with added storage and monitoring features.

These archived communications are often sensitive. In regulated industries like finance, healthcare, or defense, unauthorized leaks could have serious consequences.

No Comment from TeleMessage

Despite repeated security warnings, TeleMessage has not released a public statement about the vulnerability or the ongoing hacking attempts. Requests for comment sent to the company were not answered as of publication.

How Can Organizations Protect Themselves?

Cybersecurity experts recommend that all TeleMessage users:

• Immediately apply security patches if available

• Check server configurations to close exposed systems

• Monitor networks for unusual activity related to login credentials or data transfers

• Use secure channels for high-risk communications until the flaw is confirmed resolved

If your organization uses TeleMessage and you haven’t updated or reviewed your systems since May 2025, your data could be at risk.

How to Report Security Incidents

Anyone with information about these attacks or vulnerabilities can contact reporter Lorenzo Franceschi-Bicchieraisecurely for further investigation:

• Signal: +1 917 257 1382

• Telegram / Keybase: @lorenzofb

• Email: Use a personal device and non-work network for safety

Also Read:

• Microsoft Exits Pakistan After 25 Years of Operations – Key Reasons Behind the Exit
• Nvidia Receives Dozens of Site Offers for Planned AI Campus in Israel
• TikTok Developing New U.S.-Only App as Trump Signals Sale Deal Is Close