This posting is here to collect cyber security news in May 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in May 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
8 Comments
Tomi Engdahl says:
Nyt tuli kirjaimellisesti sairas huijausviesti
Viesti kehottaa hakeutumaan kiireelliseen hoitoon.
Nyt tuli kirjaimellisesti sairas huijausviesti
https://www.is.fi/digitoday/tietoturva/art-2000011206073.html
Tomi Engdahl says:
Nämä kaikki tietosi Meta kaappaa käyttöönsä – vain hetki aikaa estää
https://www.is.fi/digitoday/tietoturva/art-2000011202349.html
Tomi Engdahl says:
Micah Lee / micahflee:
A hacker breaches TeleMessage, which makes modified versions of apps like Signal used by US officials including JD Vance, leaking some chats, contacts, and more — TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked
The Signal Clone the Trump Admin Uses Was Hacked
https://micahflee.com/the-signal-clone-the-trump-admin-uses-was-hacked/
TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.
A hacker has gained access to the Signal message archiving tool which Mike Waltz accidentally revealed to the world.
A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages, 404 Media has learned. The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat. TeleMessage was recently the center of a wave of media coverage after Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump.
The hack shows that an app gathering messages of the highest ranking officials in the government—Waltz’s chats on the app include recipients that appear to be Marco Rubio, Tulsi Gabbard, and JD Vance—contained serious vulnerabilities that allowed a hacker to trivially access the archived chats of some people who used the same tool. The hacker has not obtained the messages of cabinet members, Waltz, and people he spoke to, but the hack shows that the archived chat logs are not end-to-end encrypted between the modified version of the messaging app and the ultimate archive destination controlled by the TeleMessage customer.
Kevin Breuninger / CNBC:
TeleMessage’s parent company says it is “investigating a potential security incident” and has suspended all of its services “out of an abundance of caution”
Messaging app used by Trump official suspends operations after reported hack
https://www.cnbc.com/2025/05/05/signal-telemessage-hack-trump-waltz.html
Key Points
The messaging app seen being used by President Donald Trump’s former national security advisor, Michael Waltz, is temporarily suspending services following a reported hack.
“Out of an abundance of caution, all TeleMessage services have been temporarily suspended,” a spokesperson for TeleMessage’s parent company, Smarsh, said.
A recent photo of Waltz indicated he was communicating on TeleMessage with Vice President JD Vance, Secretary of State Marco Rubio, director of national intelligence Tulsi Gabbard and special envoy Steve Witkoff.
Tomi Engdahl says:
Matt Burgess / Wired:
Researchers warn that open-source Go serialization tool easyjson, owned by Russia’s VK Group and used by the US DOD and others, poses a national security risk — The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK …
Security Researchers Warn a Widely Used Open Source Tool Poses a ‘Persistent’ Risk to the US
The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm.
https://www.wired.com/story/easyjson-open-source-vk-ties/
Since Russian troops invaded Ukraine more than three years ago, Russian technology companies and executives have been widely sanctioned for supporting the Kremlin. That includes Vladimir Kiriyenko, the son of one of Vladimir Putin’s top aides and the CEO of VK Group, which runs VK, Russia’s Facebook equivalent that has increasingly shifted towards the regime’s repressive positioning.
Now cybersecurity researchers are warning that a widely used piece of open source code—which is linked to Kiriyenko’s company and managed by Russian developers—may pose a “persistent” national security risk to the United States. The open source software (OSS), called easyjson, has been widely used by the US Department of Defense and “extensively” across software used in the finance, technology, and healthcare sectors, say researchers at security company Hunted Labs, which is behind the claims. The fear is that Russia could alter easyjson to steal data or otherwise be abused.
Tomi Engdahl says:
Geoffrey A. Fowler / Washington Post:
Meta AI brings more privacy risks than ChatGPT and Gemini, building a Memory file including the user’s sensitive personal info, like fertility and payday loans — Meta’s chatbot remembers everything, even what you might not want it to. — Mark Zuckerberg has a new way to invade your privacy: a creepier version of ChatGPT.
https://www.washingtonpost.com/technology/2025/05/05/meta-ai-privacy/
Tomi Engdahl says:
Kommentti: Nordeaan hyökättiin – tiedämme sen, koska viime syksynä tapahtui jotain poikkeuksellista
Suomalaiset osaavat olla herkkänahkaisia joutuessaan vaikuttamisen kohteeksi, kirjoittaa Ilta-Sanomien toimittaja Henrik Kärkkäinen.
Kommentti: Nordeaan hyökättiin – tiedämme sen, koska viime syksynä tapahtui jotain poikkeuksellista
https://www.is.fi/digitoday/tietoturva/art-2000011135639.html
Harald thomos says:
Thanks for the valuable info! Need help with your Netgear Extender setup? We’ll get you connected in no time!
Tomi Engdahl says:
Tivi: Viranomainen alkoi selvittää Postin toimintaa
Viranomainen on saanut useamman yhteydenoton, kertoo Tivi.
Tivi: Viranomainen alkoi selvittää Postin toimintaa
https://www.is.fi/digitoday/tietoturva/art-2000011211446.html