TeleMessage Exploit: Inside the Messaging Flaw That Hit Coinbase and CBP

In this episode, we dissect CVE-2025-47729, a critical vulnerability in TeleMessage, a message archiving app recently thrust into the spotlight due to its use by former National Security Advisor Mike Waltz. Following Waltz’s controversial tenure—marked by the "Signalgate" leak and the subsequent appearance of TeleMessage on his phone—researchers uncovered a major flaw: a lack of end-to-end encryption between the app and its archive server.Hackers have exploited this flaw in the wild, accessing unencrypted chat logs—including internal communications from Coinbase and a list of Customs and Border Protection employees. The breach has raised red flags at the federal level, with CISA adding CVE-2025-47729 to its Known Exploited Vulnerabilities (KEV) catalog, mandating urgent action from federal agencies.We explore:How TeleMessage works and why it was adopted in sensitive government contextsWhat independent code analysis revealed about its flawed encryption modelWhat was stolen—and what wasn’t—in the confirmed breachesSmarsh’s response and the suspension of TeleMessage servicesWhy CISA is effectively advising users to stop using the app altogetherWhether you’re in cybersecurity, compliance, or just concerned about how message archiving can become a liability, this episode lays out the facts—and the failures—behind the latest messaging app security scandal.

There are no comments yet.

Please log in to write the first comment.