German security experts warn that state-backed hackers are using social engineering tactics to infiltrate the Signal messaging app of military leaders and journalists. They trick victims into revealing security codes or scanning malicious QR codes, allowing the attackers to access private conversations without detection.

APT28, a Russian state-sponsored hacking group, has been using Signal chats to target Ukrainian government entities with new malware families, BeardShell and SlimAgent. These attacks involve phishing tactics to deliver malicious documents that exploit Windows vulnerabilities, allowing for data exfiltration and unauthorized access to sensitive information. CERT-UA has identified these activities, emphasizing the need for vigilance against threats linked to Signal's usage.

US Defense Secretary Pete Hegseth has set up a private computer in his office connected to the public internet to use the messaging app Signal, circumventing official security protocols. Despite having access to secure government communication systems, Hegseth's actions raise concerns about security and compliance with Pentagon regulations. His communications center, SecDef Cables, provides extensive support, making his need for Signal particularly noteworthy.