According to security researchers and US government agencies, hackers are targeting previously reported bugs in the signal clone app telemesh to steal user private data.
Telemessage, which was revealed to be in use by senior Trump administration officials earlier this year, had already experienced at least one data breaches in May. The company sells modified versions of signal, WhatsApp and telegrams for businesses and government agencies that need to archive chats for legal and compliance reasons.
On Thursday, Greynoise, a cybersecurity company with visibility into what hackers are doing on the internet thanks to a network of sensors, published a post saying it saw several attempts to exploit the telemedge flaws originally disclosed in May.
If hackers can take advantage of vulnerabilities to their targets, the company says they have access to “plain text usernames, passwords and other sensitive data.”
“I was distrustful of the simplicity of this exploit,” Gray Noise researcher Howdy Fisher wrote in a post analyzing the flaws. “After digging, we found that many of the devices were still open and vulnerable to this.”
Researchers say exploitation of this flaw is “trivial” and hackers are paying attention to it.
Contact Us Do you have any more information about these attacks? Or about Telemedge? We look forward to hearing from you. From unprocessed devices and networks, you can safely contact Lorenzo Franceschi-Bicchierai with a signal of +1 917 257 1382, via Telegram and Keybase @lorenzofb, or by email.
In early July, the US cybersecurity agency CISA listed the flaws designated as CVE-2025-48927 in its catalog of known exploited vulnerabilities, a database that collects security bugs known to have been exploited by hackers.
In other words, the CISA says hackers are making good use of this bug. However, at this point, no hacking of Telemedge customers has been made public.
In May, Telemessage, which at the time was a little known alternative to signaling, became a well-known name after then-US national security adviser Mike Waltz misrepresented that he was using the app. Waltz had previously added journalists to very sensitive group chats with other Trump administration officials. There, the group discussed plans to bomb Yemen, the operational security SNAFU that caused the scandal that led to the ouster of the Waltz.
The company was hacked after Telemedge was identified as app Waltz and other people used to communicate with administrators. An unknown attacker stole customs, border security, and content from users' private messages and group chats, including Cryptocurrency Giant Coinbase, according to 404 Media, which first reported the hack.
Telemessage did not respond immediately to requests for comment.