黑客警報：在加密混亂中利用Telemessage漏洞

正如格雷諾斯（Greynoise）所揭示的那樣，黑客正在積極利用遠程通訊脆弱性，以及來自Infini Hack Wallet的活動以及1英寸路由器中發現的關鍵缺陷，突出了加密貨幣的持續安全挑戰。

Hacker Alert: TeleMessage Vulnerability Exploited Amid Crypto Chaos

黑客警報：在加密混亂中利用Telemessage漏洞

Hold on to your hats, folks! The world of cybersecurity is buzzing with activity, and not the good kind. From exploits targeting TeleMessage to dormant crypto wallets springing back to life, it’s a wild ride out there. Let's dive in.

抓住你的帽子，伙計們！網絡安全世界正在嗡嗡作響，而不是美好的世界。從針對遠程通訊的漏洞到休眠的加密錢包恢復生命，這是一個瘋狂的騎行。讓我們潛水。

TeleMessage Under Fire: CVE-2025-48927 Exploitation

遠程通訊在火下：CVE-2025-48927剝削

According to a recent report from GreyNoise, hackers are actively seeking to exploit the CVE-2025-48927 vulnerability in TeleMessage. This flaw allows hackers to extract data from vulnerable systems due to the platform's use of a legacy confirmation in Spring Boot Actuator, where a diagnostic /heapdump endpoint is publicly accessible without authentication. GreyNoise has detected multiple IP addresses attempting to exploit this since April. TeleMessage, similar to Signal but designed for archiving chats for compliance, suffered a security breach in May, leading to stolen files. While TeleMessage claims the vulnerability has been patched, the timeline for full implementation can vary.

根據Greynoise的最新報告，黑客正在積極尋求利用Telemessage中CVE-2025-48927脆弱性。由於平台在Spring Boot執行器中使用了遺留確認，因此該缺陷允許黑客從弱勢系統中提取數據，在春季啟動執行器中使用了遺留確認，該診斷 /heapdump端點在沒有身份驗證的情況下可以公開訪問。 Greynoise已檢測到自4月以來試圖利用此功能的多個IP地址。 Telemessage類似於信號，但設計用於歸檔的歸檔聊天，並在5月遭受了安全漏洞，導致文件被盜。儘管Telemessage聲稱漏洞已經修補，但完整實施的時間表可能會有所不同。

This is significant because TeleMessage isn’t just your average messaging app. It’s used by government organizations and enterprises, including former US government officials. GreyNoise recommends blocking malicious IPs and restricting access to the /heapdump endpoint to mitigate risks.

這很重要，因為Telemessage不僅是您的普通消息傳遞應用程序。政府組織和企業（包括前美國政府官員）使用了它。 Greynoise建議阻止惡意IP，並限制訪問 /HeapDump端點以減輕風險。

Infini Hack Wallet Awakens: $16 Million in Motion

Infini Hack Wallet Awakens：1600萬美元的動議

In another corner of the crypto universe, a dormant wallet linked to the Infini hack has sprung back to life. The wallet, associated with a breach that drained $49.5 million in USDC, began moving funds in July 2025 for the first time since February. The attacker has started liquidating stolen funds, profiting from Ethereum's price surge.

在加密貨幣宇宙的另一個角落，與Infini Hack相關的休眠錢包已經恢復了生命。這塊錢包與違反4950萬美元的違規行為有關，自2月以來，2025年7月開始匯款。攻擊者已經開始清算被盜資金，從以太坊的價格上漲中獲利。

The wallet shifted 4,770 ETH, worth around $16 million, using privacy tools like Tornado Cash to obfuscate transactions. This activity has reignited concerns over DeFi security and traceability in on-chain crime. The Infini breach exposed weak governance structures and renewed scrutiny on admin permission management in DeFi protocols.

錢包轉移了4,770 ETH，價值約1600萬美元，使用龍捲風現金等隱私工具來混淆交易。這項活動重新激發了人們對鏈接犯罪的防禦安全和可追溯性的擔憂。 Infini違反了暴露於弱的治理結構，並在DEFI協議中對管理員許可管理進行了重新審查。

1inch Router Vulnerability: A Close Call

1英寸路由器漏洞：密切通話

Adding to the drama, Carbontec, a blockchain security firm, identified a critical vulnerability within the 1inch Router's rescue function. This flaw could have led to a loss of approximately $520,000. The vulnerability, stemming from inadequate transaction verification, could have allowed unauthorized fund transfers. The 1inch team swiftly implemented a patch, demonstrating their commitment to security. This incident highlights the importance of rigorous security audits and collaboration between security firms and DeFi projects.

區塊鏈安全公司Carbontec加上戲劇性，確定了1英寸路由器的救援功能中的關鍵漏洞。這個缺陷可能導致約52萬美元的損失。由於交易驗證不足而導致的脆弱性可能允許未經授權的基金轉移。 1英寸的團隊迅速實施了一個補丁，證明了他們對安全的承諾。該事件強調了嚴格的安全審核和安全公司與DEFI項目之間的協作的重要性。

Personal Thoughts

個人想法

It's becoming increasingly clear that security in the digital space, especially within the crypto and messaging app ecosystems, requires constant vigilance and proactive measures. The TeleMessage vulnerability, coupled with the Infini hack and the 1inch Router flaw, paints a picture of an environment where threat actors are relentless and ever-evolving. For instance, the fact that the Infini hacker waited for Ethereum's price to surge before moving funds shows a strategic, patient approach. This isn't just about patching vulnerabilities; it's about fostering a culture of security awareness and continuous improvement.

越來越清楚的是，數字空間中的安全性，尤其是在加密和消息應用程序生態系統中，需要持續的警惕和主動措施。電視漏洞，再加上Infini Hack和1英寸路由器的缺陷，描繪了威脅演員不懈且不斷發展的環境的圖片。例如，Infini Hacker等待以太坊的價格在移動資金之前就表明了一種戰略性的患者方法，這一事實。這不僅僅是修補漏洞；這是關於培養安全意識和持續改進的文化。

The Big Picture

大局

These events underscore the ongoing challenges in securing digital platforms. Whether it’s exploiting vulnerabilities in messaging apps or manipulating DeFi protocols, hackers are constantly seeking new opportunities. Users and developers alike must prioritize security to protect sensitive data and assets.

這些事件強調了確保數字平台的持續挑戰。無論是利用消息傳遞應用程序中的漏洞還是操縱Defi協議，黑客都在不斷尋求新的機會。用戶和開發人員都必須優先考慮安全性以保護敏感的數據和資產。

Wrapping Up

總結

So, what’s the takeaway? Stay vigilant, folks! Keep your apps updated, double-check those smart contracts, and maybe think twice before storing all your crypto in one place. The digital world is a bit like the Wild West, but with better Wi-Fi. Stay safe out there, and happy surfing!

那麼，收穫是什麼？伙計們保持警惕！保持您的應用程序更新，雙重檢查這些智能合約，也許會三思而後行，然後將所有加密貨幣存儲在一個地方。數字世界有點像野外西部，但有更好的Wi-Fi。保持安全，並開心衝浪！