RSS
Last updated: May 13, 2026 at 5:42 AM UTC
All 208 Vulnerability 72 Breach 41 Threat 88 Defense 7
Tag: signal (2 articles)Clear
threat
2026-04-25

Russia behind Signal phishing campaign that compromised Bundestag President Julia Klöckner - 300+ German officials affected

Der Spiegel reported on April 25 that German government sources now blame Russia for a large-scale Signal phishing campaign that compromised the account of Bundestag President Julia Klöckner. At least 300 Signal accounts of German political figures were targeted; investigators say attackers accessed chat histories, files, and phone numbers. Chancellor Friedrich Merz was in the same CDU group chat as Klöckner but his device showed no signs of compromise. The attack used pure social engineering - operators posed as Signal support and asked victims to share verification codes or PINs.

signalrussiaklocknerbundestagcdubfvbsisocial-engineeringaccount-takeoverphishing
Check
Brief executives, board members, and political-staff who use Signal that anyone messaging them claiming to be 'Signal support' is hostile - Signal never asks for codes by message.
Affected
Signal users in any role attractive to a state intelligence service: politicians, military, diplomats, defense contractors, investigative journalists, NGOs working on Russia or Ukraine, and the executives and assistants of all of the above. The attack works by tricking users into sharing codes - it does not exploit a Signal flaw.
Fix
Train high-risk staff that Signal will never ask for verification codes via message. Enable Signal's Registration Lock PIN. Periodically check Linked Devices and remove anything unfamiliar. Add detection for Signal phishing pages on perimeter URL filters and add Signal account-takeover scenarios to your tabletop catalogue.
vulnerability
CVE-2026-28950
2026-04-22

Apple pushes emergency iOS patch for notification-storage flaw that let the FBI recover deleted Signal messages (CVE-2026-28950)

Apple released out-of-band iOS and iPadOS updates to fix a Notification Services flaw that kept notifications marked for deletion sitting in internal storage, where they could be pulled off the device later. The bug (CVE-2026-28950) landed after 404 Media reported that the FBI recovered Signal messages from a suspect's iPhone even after the user deleted them and even after Signal itself was uninstalled. The recovered text did not come from Signal's encrypted message store - it came from iPhone's internal notification buffer, which silently preserved incoming notification contents that the app and the OS both thought had been erased. Apple's advisory does not name the FBI case but describes exactly the data-persistence behavior 404 Media documented. Signal's team publicly thanked Apple for the fix. Beyond Signal users, this flaw matters for anyone who assumed that deleting a message or uninstalling an app wiped the underlying notification data from the phone - it did not. Forensic extraction of an unlocked iPhone could have surfaced any sensitive content ever pushed as a notification.

appleiosipadossignalforensic-recoveryemergency-patchprivacy
Check
Update any iPhone or iPad you manage (BYOD or corporate) to the patched build and audit MDM compliance reports for devices that have not yet installed the emergency update.
Affected
All iOS and iPadOS builds prior to iOS 26.4.2 / iPadOS 26.4.2, and prior to iOS 18.7.8 / iPadOS 18.7.8 for older devices on the 18.x train.
Fix
Install iOS 26.4.2 / iPadOS 26.4.2 (or iOS 18.7.8 / iPadOS 18.7.8 on supported older hardware). For Signal users who want belt-and-braces protection against any future notification-storage issue, change Signal Settings > Notifications > Notification content to 'Name Only' or 'No Name or Content' so message bodies never appear in the notification stream in the first place.