Ethical Hacking News
Hackers are targeting TeleMessage SGNL app due to the presence of CVE-2025-48927 vulnerability which allows retrieval of usernames, passwords, and other sensitive data. The app has been involved in a recent discovery regarding its ability to maintain end-to-end encryption, with concerns raised about its handling of sensitive information.
The TeleMessage SGNL app's CVE-2025-48927 vulnerability makes it a target for hackers. Over 11 IPs have attempted to exploit the vulnerability, with related reconnaissance behavior observed. More than 2,000 IPs have scanned for Spring Boot Actuator endpoints, with 75% targeting the '/health' endpoint. The app's handling of sensitive data has raised concerns about its ability to maintain end-to-end encryption.
The security landscape has become increasingly complex, with numerous software applications and services being targeted by malicious actors on a daily basis. In recent times, the TeleMessage SGNL app, which is a signal clone application owned by Smarsh, a compliance-focused company, has found itself at the center of attention for hackers. The CVE-2025-48927 vulnerability in this particular software has attracted significant attention from threat monitoring firms and security researchers alike.
According to GreyNoise, a threat monitoring firm that specializes in tracking and analyzing various types of cyber threats, numerous attempts have been made by different threat actors to exploit the CVE-2025-48927 vulnerability. The experts at GreyNoise report that as of July 16th, they had observed over 11 IPs attempting to exploit this specific vulnerability. Moreover, related reconnaissance behavior has also been observed, with active scanning for Spring Boot Actuator endpoints being a potential precursor to identifying systems affected by the CVE-2025-48927.
GreyNoise further notes that more than two thousand IPs have scanned for Spring Boot Actuator endpoints over the past few months, with approximately 75% of them specifically targeting the '/health' endpoints. The experts believe that this is likely due to the fact that exposing the ' /heapdump' endpoint from Spring Boot Actuator without authentication can result in an attacker downloading a full Java heap memory dump containing plaintext usernames, passwords, tokens, and other sensitive data.
It's worth noting that when using outdated Spring Boot configurations that do not restrict access to diagnostic endpoints, this vulnerability allows an attacker to download such information. To defend against these attacks, it is recommended to disable or restrict access to the '/heapdump' endpoint only to trusted IP ranges and limit the exposure of all Actuator endpoints as much as possible.
Furthermore, a recent discovery related to TeleMessage SGNL app has sparked concerns regarding the application's ability to maintain end-to-end encryption. Past research had disputed claims made by the developers that the application provides encrypted communication with built-in archival capabilities. The discovery revealed that sensitive data, including messages, was actually stored in plaintext, which raised significant concerns about national security.
The event triggered a wave of concern and sparked an investigation into the application's handling of sensitive information. Following the revelation, the issue was brought to the attention of Customs & Border Protection officials, as well as other government agencies that had previously used the app for official purposes. The discovery highlights the importance of thoroughly vetting software applications before using them in high-stakes environments.
In light of these recent developments, it is clear that TeleMessage SGNL app owners and users need to be on high alert when it comes to ensuring the security and integrity of sensitive data. With numerous vulnerabilities being discovered on a daily basis, it's crucial for individuals and organizations alike to stay informed about potential threats and take proactive steps to mitigate them.
Summary:
Hackers are targeting TeleMessage SGNL app due to the presence of CVE-2025-48927 vulnerability which allows retrieval of usernames, passwords, and other sensitive data. The app has been involved in a recent discovery regarding its ability to maintain end-to-end encryption, with concerns raised about its handling of sensitive information.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-Target-TeleMessage-Signal-Clone-App-for-Exploiting-Passwords-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-scanning-for-telemessage-signal-clone-flaw-exposing-passwords/
Published: Fri Jul 18 10:38:30 2025 by llama3.2 3B Q4_K_M
