VulnHub

Real-time Cybersecurity News

FBI: Russian hackers now target Signal backup recovery keys

BleepingComputer
Actively Exploited
PhishingExploit

Overview

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about a phishing campaign linked to Russian hackers that targets users of the messaging app Signal. This campaign has evolved to specifically steal Signal Backup Recovery Keys, which can grant attackers access to a user's past messages. This poses a significant risk for Signal users, as it could expose sensitive communications and personal information. The attackers are likely aiming to exploit this access for espionage or other malicious activities. Users are urged to be vigilant about suspicious messages and to take steps to secure their accounts against potential phishing attempts.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Signal Backup Recovery Keys, Signal messaging app
  • Action Required: Users should be cautious of phishing attempts and verify the authenticity of messages before clicking on links or entering sensitive information.
  • Timeline: Newly disclosed

Original Article Summary

The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims' historical messages. [...]

Impact

Signal Backup Recovery Keys, Signal messaging app

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should be cautious of phishing attempts and verify the authenticity of messages before clicking on links or entering sensitive information.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, Exploit.

Read Original Article

Related Coverage

Security Affairs newsletter Round 583 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

The latest Security Affairs newsletter includes a warning from the FBI about Russian intelligence agencies utilizing Signal Recovery Keys to intercept and access private messages. This development raises concerns for individuals and organizations relying on encrypted communication for privacy. The hospitality sector has also been noted as a target, suggesting that attackers are expanding their focus beyond traditional sectors. These incidents emphasize the need for vigilance in cybersecurity practices, especially in industries handling sensitive information. Organizations should reassess their security measures to better protect against such sophisticated tactics.

Jun 28, 2026

Data breach exposes up to 14.2 million email logins at six ISPs

BleepingComputer

KDDI Corporation, a major telecommunications provider in Japan, has reported a significant data breach affecting its email system, which is also used by five other internet service providers (ISPs). The breach has exposed up to 14.2 million email logins, putting users' personal information at risk. KDDI did not specify how the attackers gained access or whether any sensitive data beyond email logins was compromised. This incident raises concerns about the security measures in place at ISPs and the potential for increased phishing attacks targeting affected users. As the investigation continues, users are advised to change their passwords and remain vigilant against suspicious communications.

Jun 28, 2026

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

The Hacker News

The Security Service of Ukraine (SSU) and the FBI have exposed a campaign by Russian intelligence aimed at infiltrating the messaging accounts of various individuals, including government officials, military personnel, and activists in Ukraine, Europe, and the U.S. The attackers used fake support texts to trick victims into revealing their messaging credentials. This operation is part of a broader strategy to gather sensitive information and undermine trust among key figures in these regions. The implications are significant, as such breaches can lead to the exposure of critical communications and potentially jeopardize national security and public safety.

Jun 27, 2026

Chinese Framework Powers 200,000 Scam Sites

SecurityWeek

A recent report reveals that over 200,000 scam websites are using templates generated by a legitimate Chinese framework called DCloud Uni-App. Attackers are exploiting this toolkit to create investment scam sites that trick users into giving away money. This issue is significant because it highlights how easily legitimate software can be misused for fraudulent purposes, putting countless individuals at risk. As these scams proliferate, it becomes crucial for internet users to be vigilant and recognize potential red flags in online investment opportunities. Companies and regulators need to consider stronger measures to combat such deceptive practices.

Jun 27, 2026

Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

darkreading

Recent breaches involving third-party vendors have put educational institutions on high alert regarding the security of student data. As ransomware attacks become more common, schools and universities are increasingly recognizing the risks associated with relying on external vendors for services. These incidents have revealed vulnerabilities that can expose sensitive information, prompting institutions to strengthen their cybersecurity measures. The need for schools to assess and manage vendor risk is more crucial than ever, as attackers often target less secure third-party systems to gain access to larger networks. This situation not only threatens the privacy of students but also can lead to significant financial and reputational damage for educational organizations.

Jun 27, 2026

2 Linux kernel flaw PoCs published, enabling local privilege escalation

SCM feed for Latest

Recently, two proof-of-concept (PoC) exploits for vulnerabilities in the Linux kernel have been published, enabling local privilege escalation. One of these flaws is known as DirtyClone, which is related to the DirtyFrag vulnerability class. These vulnerabilities could allow attackers with local access to escalate their privileges, potentially gaining control over sensitive system functions. This is particularly concerning for systems that rely heavily on Linux, as it could lead to unauthorized access to critical data and services. Users and administrators should be aware of these vulnerabilities and take necessary precautions to secure their systems against potential exploitation.

Jun 26, 2026