黑客警报：在加密混乱中利用Telemessage漏洞

正如格雷诺斯（Greynoise）所揭示的那样，黑客正在积极利用远程通讯脆弱性，以及来自Infini Hack Wallet的活动以及1英寸路由器中发现的关键缺陷，突出了加密货币的持续安全挑战。

Hacker Alert: TeleMessage Vulnerability Exploited Amid Crypto Chaos

黑客警报：在加密混乱中利用Telemessage漏洞

Hold on to your hats, folks! The world of cybersecurity is buzzing with activity, and not the good kind. From exploits targeting TeleMessage to dormant crypto wallets springing back to life, it’s a wild ride out there. Let's dive in.

抓住你的帽子，伙计们！网络安全世界正在嗡嗡作响，而不是美好的世界。从针对远程通讯的漏洞到休眠的加密钱包恢复生命，这是一个疯狂的骑行。让我们潜水。

TeleMessage Under Fire: CVE-2025-48927 Exploitation

远程通讯在火下：CVE-2025-48927剥削

According to a recent report from GreyNoise, hackers are actively seeking to exploit the CVE-2025-48927 vulnerability in TeleMessage. This flaw allows hackers to extract data from vulnerable systems due to the platform's use of a legacy confirmation in Spring Boot Actuator, where a diagnostic /heapdump endpoint is publicly accessible without authentication. GreyNoise has detected multiple IP addresses attempting to exploit this since April. TeleMessage, similar to Signal but designed for archiving chats for compliance, suffered a security breach in May, leading to stolen files. While TeleMessage claims the vulnerability has been patched, the timeline for full implementation can vary.

根据Greynoise的最新报告，黑客正在积极寻求利用Telemessage中CVE-2025-48927脆弱性。由于平台在Spring Boot执行器中使用了遗留确认，因此该缺陷允许黑客从弱势系统中提取数据，在春季启动执行器中使用了遗留确认，该诊断 /heapdump端点在没有身份验证的情况下可以公开访问。 Greynoise已检测到自4月以来试图利用此功能的多个IP地址。 Telemessage类似于信号，但设计用于归档的归档聊天，并在5月遭受了安全漏洞，导致文件被盗。尽管Telemessage声称漏洞已经修补，但完整实施的时间表可能会有所不同。

This is significant because TeleMessage isn’t just your average messaging app. It’s used by government organizations and enterprises, including former US government officials. GreyNoise recommends blocking malicious IPs and restricting access to the /heapdump endpoint to mitigate risks.

这很重要，因为Telemessage不仅是您的普通消息传递应用程序。政府组织和企业（包括前美国政府官员）使用了它。 Greynoise建议阻止恶意IP，并限制访问 /HeapDump端点以减轻风险。

Infini Hack Wallet Awakens: $16 Million in Motion

Infini Hack Wallet Awakens：1600万美元的动议

In another corner of the crypto universe, a dormant wallet linked to the Infini hack has sprung back to life. The wallet, associated with a breach that drained $49.5 million in USDC, began moving funds in July 2025 for the first time since February. The attacker has started liquidating stolen funds, profiting from Ethereum's price surge.

在加密货币宇宙的另一个角落，与Infini Hack相关的休眠钱包已经恢复了生命。这块钱包与违反4950万美元的违规行为有关，自2月以来，2025年7月开始汇款。攻击者已经开始清算被盗资金，从以太坊的价格上涨中获利。

The wallet shifted 4,770 ETH, worth around $16 million, using privacy tools like Tornado Cash to obfuscate transactions. This activity has reignited concerns over DeFi security and traceability in on-chain crime. The Infini breach exposed weak governance structures and renewed scrutiny on admin permission management in DeFi protocols.

钱包转移了4,770 ETH，价值约1600万美元，使用龙卷风现金等隐私工具来混淆交易。这项活动重新激发了人们对链接犯罪的防御安全和可追溯性的担忧。 Infini违反了暴露于弱的治理结构，并在DEFI协议中对管理员许可管理进行了重新审查。

1inch Router Vulnerability: A Close Call

1英寸路由器漏洞：密切通话

Adding to the drama, Carbontec, a blockchain security firm, identified a critical vulnerability within the 1inch Router's rescue function. This flaw could have led to a loss of approximately $520,000. The vulnerability, stemming from inadequate transaction verification, could have allowed unauthorized fund transfers. The 1inch team swiftly implemented a patch, demonstrating their commitment to security. This incident highlights the importance of rigorous security audits and collaboration between security firms and DeFi projects.

区块链安全公司Carbontec加上戏剧性，确定了1英寸路由器的救援功能中的关键漏洞。这个缺陷可能导致约52万美元的损失。由于交易验证不足而导致的脆弱性可能允许未经授权的基金转移。 1英寸的团队迅速实施了一个补丁，证明了他们对安全的承诺。该事件强调了严格的安全审核和安全公司与DEFI项目之间的协作的重要性。

Personal Thoughts

个人想法

It's becoming increasingly clear that security in the digital space, especially within the crypto and messaging app ecosystems, requires constant vigilance and proactive measures. The TeleMessage vulnerability, coupled with the Infini hack and the 1inch Router flaw, paints a picture of an environment where threat actors are relentless and ever-evolving. For instance, the fact that the Infini hacker waited for Ethereum's price to surge before moving funds shows a strategic, patient approach. This isn't just about patching vulnerabilities; it's about fostering a culture of security awareness and continuous improvement.

越来越清楚的是，数字空间中的安全性，尤其是在加密和消息应用程序生态系统中，需要持续的警惕和主动措施。电视漏洞，再加上Infini Hack和1英寸路由器的缺陷，描绘了威胁演员不懈且不断发展的环境的图片。例如，Infini Hacker等待以太坊的价格在移动资金之前就表明了一种战略性的患者方法，这一事实。这不仅仅是修补漏洞；这是关于培养安全意识和持续改进的文化。

The Big Picture

大局

These events underscore the ongoing challenges in securing digital platforms. Whether it’s exploiting vulnerabilities in messaging apps or manipulating DeFi protocols, hackers are constantly seeking new opportunities. Users and developers alike must prioritize security to protect sensitive data and assets.

这些事件强调了确保数字平台的持续挑战。无论是利用消息传递应用程序中的漏洞还是操纵Defi协议，黑客都在不断寻求新的机会。用户和开发人员都必须优先考虑安全性以保护敏感的数据和资产。

Wrapping Up

总结

So, what’s the takeaway? Stay vigilant, folks! Keep your apps updated, double-check those smart contracts, and maybe think twice before storing all your crypto in one place. The digital world is a bit like the Wild West, but with better Wi-Fi. Stay safe out there, and happy surfing!

那么，收获是什么？伙计们保持警惕！保持您的应用程序更新，双重检查这些智能合约，也许会三思而后行，然后将所有加密货币存储在一个地方。数字世界有点像野外西部，但有更好的Wi-Fi。保持安全，并开心冲浪！