Waqas reports:
TeleMessage SGNL, a made-in-Israel clone of the Signal app used by US government agencies and regulated businesses, has been found running with an outdated configuration that exposes sensitive internal data to the internet, no login required.
The main cause of the problem is how some deployments of TeleMessage SGNL are using older versions of Spring Boot, a Java-based framework. These versions leave a diagnostic endpoint called
/heapdumpexposed by default.When not locked down, this endpoint returns a full memory snapshot of the app, weighing in at around 150MB. These dumps can contain usernames, passwords, session details, and other data that should never be public.
According to cybersecurity researchers at GreyNoise, who identified this exploitation and shared its details with Hackread.com earlier today, say that even though newer Spring Boot releases disable this by default, TeleMessage instances were still running the insecure configuration as late as May 5, 2025.
Read more at HackRead.