Threat actors are aggressively scanning for CVE-2025-48927, a critical flaw in TeleMessage's SGNL Signal clone, allowing unauthorized access to Java heap dumps containing plaintext credentials and sensitive data. With confirmed exploitation attempts and federal agencies like CBP among users, this vulnerability in improperly secured Spring Boot Actuator endpoints poses significant compliance and national security risks. Mitigation deadlines loom as CISA races to secure systems.