INSUBCONTINENT EXCLUSIVE:
Hackers are continuing to seek out opportunities to exploit the infamous CVE-2025-48927 vulnerability involved in TeleMessage, according to
a new report from threat intelligence company GreyNoise
Other IP addresses may be performing reconnaissance work: A total of 2,009 IPs have searched for Spring Boot Actuator endpoints in the past
90 days, and 1,582 IPs have specifically targeted the /health endpoints, which commonly detect Spring Boot Actuator deployments.The flaw
allows hackers to extract data from vulnerable systems
TeleMessage is similar to the Signal App but allows for the archiving of chats for compliance purposes
Based in Israel, the company was acquired by US company Smarsh in 2024, before temporarily suspending services after a security breach in
May that resulted in files being stolen from the app
TeleMessage vulnerability could be significant for its users: government organizations and enterprises
Users of the app may include former US government officials like Mike Waltz, US Customs and Border Protection and crypto exchange
Coinbase.GreyNoise recommends users block malicious IPs and disable or restrict access to the /heapdump endpoint
would take crypto-related thefts to new highs
February hack of crypto exchange Bybit.Attempts to steal credentials often involve phishing attacks, malicious malware, and social
