Last month, a company that previously enjoyed the luxury of complete anonymity (and probably preferred it that way) has stumbled loudly back into the spotlight. Meet TeleMessage, the enterprise grade archiving software solution that cheerfully scoops up messages from Signal, Telegram, WhatsApp, WeChat, SMS, MMS, and even good old fashioned voice calls. Think of it as a digital hoover for your entire communications history, because compliance is sexy now.
The company made its first cameo appearance in the headlines when sharp-eyed members of the press caught U.S. national security adviser Mike Waltz casually launching the app on his phone. Turns out, since February 2023, U.S. authorities have been using TeleMessage not just as a toy, but as a mandatory workplace surveillance tool. According to its marketing, TeleMessage helps “protect data and ensure compliance,” which in this case translates loosely to: “We archive everything you say so your government boss doesn’t get fined.”
But while TeleMessage is great at compliance, its security posture appears to be held together with duct tape and optimism. A threat actor claims they broke in, and I wish I were kidding, within 15 to 20 minutes. That’s barely enough time to make a cup of tea, let alone compromise the inner sanctum of a supposedly secure government-adjacent comms archiver. The result? 415GB of juicy plain text dumps, complete with metadata like sender, recipient, timestamp, and all the breadcrumbs any aspiring cybercriminal could ever dream of.
Meanwhile, over in France, home of croissants, strikes, and now possibly compromised legislators, a threat actor has popped up on a dark web forum to announce they’ve been snooping on a French senator. This isn’t your usual "we found some leaked emails" post either. The hacker claims they had live access to sensitive communications, including pre-publication legislative drafts, internal coordination docs, media contacts, and private correspondence that, frankly, wasn’t meant for your eyes or mine.
The hacker ominously closes their message with: “This is not a leak. Not yet. This is a signal. A controlled detonation.”
Chilling stuff, though admittedly a bit theatrical. Ten points for style, I guess?
In other surveillance adjacent absurdity, Microsoft has unveiled its latest dystopian nightmare disguised as a feature: Recall, an AI-driven tool that takes periodic screenshots of your desktop “for your convenience.” You know, so you can search your screen history like a time travelling intern. Great idea. Nothing could possibly go wrong.
Except, of course, within days of this being announced, security researchers found ways to extract these screenshots from memory, because apparently no one at Microsoft has ever met a hacker before. And in what can only be described as a cyberpunk plot twist, Signal stepped in with the kind of elegant resistance we’d all hoped for. Their solution? DRM. Yes, the same annoying tech that prevents you from screen grabbing your favourite Netflix show now doubles as a privacy shield. If Recall tries to screenshot your Signal app window, it’ll get nothing but a blank space, and not the Taylor Swift kind.
Microsoft: "We want to improve productivity by logging your every move."
Security community: "We'd rather eat a firewall than let that fly."
So, to summarise:
- TeleMessage is unintentionally starring in its own zero-day soap opera,
- A hacker has turned a French senator’s inbox into a suspense novel,
- Microsoft invented a surveillance tool and called it a “feature,” and
- Signal decided to throw a digital pie in their face.
What a month. Back to you, compliance officers.
Scan Any Domain for Free https://breachaware.com/scan
https://breachaware.com/research/when-ceos-hack-xai-fumbles-and-your-iphone-becomes-a-brick
A total of 22 breach events were found and analysed resulting in 19,421,865 exposed accounts containing a total of 35 different data types of personal datum . The breaches found publicly and freely available included ULP Alien TxT File - Episode 11, Doxagram, Grayscale, Underworld Empire Forums and ULP 0017.
LockBit Gets Hacked (Again), $45M Vanishes from Coinbase, and Bootleg Signal Apps Blow Up.
https://breachaware.com/research/lockbit-gets-hacked-again-45m-vanishes-from-coinbase-and-bootleg-signal-apps-blow-up
A total of 19 breach events were found and analysed resulting in 34,462,844 exposed accounts containing a total of 28 different data types of personal datum . The breaches found publicly and freely available included VNG Corporation, Pluto TV, ULP Alien TxT File - Episode 12, NextGenUpdate and CNZZ.
VXU Threatened, Coinbase Whales Scammed, Google Fined Big, and Fresh Zero Days all Around.
https://breachaware.com/research/vxu-threatened-coinbase-whales-scammed-google-fined-big-and-fresh-0-days-all-around
A total of 26 breach events were found and analysed resulting in 28,611,135 exposed accounts containing a total of 30 different data types of personal datum . The breaches found publicly and freely available included ULP Alien TxT File - Episode 13, ULP 0019, Email Panther, ULP 0020 and Stealer Log 0526.
Lumma seized, CISA fumbles, scammy forums implode, and critical vulns keep stacking.
https://breachaware.com/research/lumma-seized-cisa-fumbles-scammy-forums-implode-and-critical-vulns-keep-stacking
A total of 22 breach events were found and analysed resulting in 10,356,354 exposed accounts containing a total of 30 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 14, Amazon (Internal), Dow University of Health Sciences, Romano-American Mossad Political Networks and ULP 0021.
The company made its first cameo appearance in the headlines when sharp-eyed members of the press caught U.S. national security adviser Mike Waltz casually launching the app on his phone. Turns out, since February 2023, U.S. authorities have been using TeleMessage not just as a toy, but as a mandatory workplace surveillance tool. According to its marketing, TeleMessage helps “protect data and ensure compliance,” which in this case translates loosely to: “We archive everything you say so your government boss doesn’t get fined.”
But while TeleMessage is great at compliance, its security posture appears to be held together with duct tape and optimism. A threat actor claims they broke in, and I wish I were kidding, within 15 to 20 minutes. That’s barely enough time to make a cup of tea, let alone compromise the inner sanctum of a supposedly secure government-adjacent comms archiver. The result? 415GB of juicy plain text dumps, complete with metadata like sender, recipient, timestamp, and all the breadcrumbs any aspiring cybercriminal could ever dream of.
Meanwhile, over in France, home of croissants, strikes, and now possibly compromised legislators, a threat actor has popped up on a dark web forum to announce they’ve been snooping on a French senator. This isn’t your usual "we found some leaked emails" post either. The hacker claims they had live access to sensitive communications, including pre-publication legislative drafts, internal coordination docs, media contacts, and private correspondence that, frankly, wasn’t meant for your eyes or mine.
The hacker ominously closes their message with: “This is not a leak. Not yet. This is a signal. A controlled detonation.”
Chilling stuff, though admittedly a bit theatrical. Ten points for style, I guess?
In other surveillance adjacent absurdity, Microsoft has unveiled its latest dystopian nightmare disguised as a feature: Recall, an AI-driven tool that takes periodic screenshots of your desktop “for your convenience.” You know, so you can search your screen history like a time travelling intern. Great idea. Nothing could possibly go wrong.
Except, of course, within days of this being announced, security researchers found ways to extract these screenshots from memory, because apparently no one at Microsoft has ever met a hacker before. And in what can only be described as a cyberpunk plot twist, Signal stepped in with the kind of elegant resistance we’d all hoped for. Their solution? DRM. Yes, the same annoying tech that prevents you from screen grabbing your favourite Netflix show now doubles as a privacy shield. If Recall tries to screenshot your Signal app window, it’ll get nothing but a blank space, and not the Taylor Swift kind.
Microsoft: "We want to improve productivity by logging your every move."
Security community: "We'd rather eat a firewall than let that fly."
So, to summarise:
- TeleMessage is unintentionally starring in its own zero-day soap opera,
- A hacker has turned a French senator’s inbox into a suspense novel,
- Microsoft invented a surveillance tool and called it a “feature,” and
- Signal decided to throw a digital pie in their face.
What a month. Back to you, compliance officers.
Scan Any Domain for Free https://breachaware.com/scan
This months spotlight, vulnerability chat & privacy headlines.
When CEOs Hack, xAI Fumbles, and Your iPhone Becomes a Brick.https://breachaware.com/research/when-ceos-hack-xai-fumbles-and-your-iphone-becomes-a-brick
A total of 22 breach events were found and analysed resulting in 19,421,865 exposed accounts containing a total of 35 different data types of personal datum . The breaches found publicly and freely available included ULP Alien TxT File - Episode 11, Doxagram, Grayscale, Underworld Empire Forums and ULP 0017.
LockBit Gets Hacked (Again), $45M Vanishes from Coinbase, and Bootleg Signal Apps Blow Up.
https://breachaware.com/research/lockbit-gets-hacked-again-45m-vanishes-from-coinbase-and-bootleg-signal-apps-blow-up
A total of 19 breach events were found and analysed resulting in 34,462,844 exposed accounts containing a total of 28 different data types of personal datum . The breaches found publicly and freely available included VNG Corporation, Pluto TV, ULP Alien TxT File - Episode 12, NextGenUpdate and CNZZ.
VXU Threatened, Coinbase Whales Scammed, Google Fined Big, and Fresh Zero Days all Around.
https://breachaware.com/research/vxu-threatened-coinbase-whales-scammed-google-fined-big-and-fresh-0-days-all-around
A total of 26 breach events were found and analysed resulting in 28,611,135 exposed accounts containing a total of 30 different data types of personal datum . The breaches found publicly and freely available included ULP Alien TxT File - Episode 13, ULP 0019, Email Panther, ULP 0020 and Stealer Log 0526.
Lumma seized, CISA fumbles, scammy forums implode, and critical vulns keep stacking.
https://breachaware.com/research/lumma-seized-cisa-fumbles-scammy-forums-implode-and-critical-vulns-keep-stacking
A total of 22 breach events were found and analysed resulting in 10,356,354 exposed accounts containing a total of 30 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 14, Amazon (Internal), Dow University of Health Sciences, Romano-American Mossad Political Networks and ULP 0021.