Hacker reconnaissance work continues on TeleMessage app vulnerability — Report
2025-07-18 22:53:35
Main Idea
A vulnerability in the TeleMessage app is being actively exploited by hackers, with at least 11 IP addresses detected attempting the exploit, while the company claims the issue has been patched.
Key Points
1. GreyNoise detected 11 IP addresses attempting to exploit the CVE-2025-48927 vulnerability in TeleMessage, which allows data extraction from vulnerable systems.
2. A total of 2,009 IPs have searched for Spring Boot Actuator endpoints in the past 90 days, with 1,582 specifically targeting the _/health_ endpoints.
3. TeleMessage, similar to Signal but with chat archiving for compliance, was acquired by Smarsh in 2024 and has stated the vulnerability is patched.
4. The vulnerability is significant for government and enterprise users, including former US officials and agencies like Customs and Border Protection.
5. Chainalysis reports over $2.17 billion stolen in crypto-related thefts in 2025, with phishing attacks and credential theft on the rise.
Description
As of Wednesday, at least eleven IP addresses have actively tried to exploit the vulnerability, with thousands more addresses possibly doing reconnaissance work.
Latest News
- They trusted a sealed wallet from TikTok, and it cost them $6.9M2025-07-19 11:42:11
- Ether preps record short squeeze as analysis sees $4K ETH price 'soon'2025-07-19 10:28:29
- Charles Schwab plans to launch Bitcoin, Ether spot trading, CEO says2025-07-19 10:05:09
- Crypto exchange Bullish files for US IPO, targets NYSE listing as “BLSH”2025-07-19 08:14:50
- Jack Dorsey’s Block to join S&P 500, stock surges 9% after-hours2025-07-19 07:27:28