No response returned

The National Security Agency sent out an operational security special bulletin to its employees in February 2025 warning them of vulnerabilities in using the encrypted messaging application Signal, according to internal NSA documents obtained by TheNews. 

News of the NSA bulletin comes amid the continued fallout from an explosive in The Atlantic. The publication's editor-in-chief, Jeffrey Goldberg, detailed how Defense Secretary inadvertently disclosed war plans to him in an encrypted two hours before the U.S. military launched attacks against Houthi militia in Yemen. Goldberg wrote that Hegseth's messages included "precise information about weapons packages, targets, and timing."

The NSA is an arm of the Defense Department and specializes in signals intelligence — which is derived from electronic transmissions — and cybersecurity. The agency is responsible for monitoring, collecting and processing information and data for U.S. national security interests. 

The unclassified but for-official-use-only by a senior U.S. intelligence official are entitled "Signal Vulnerability" and were sent out the month before Goldberg was accidentally added to the allegedly by national security adviser Mike Waltz. 

"A vulnerability has been identified in the Signal Messenger Application. The use of Signal by common targets of surveillance and espionage activity has made the application a high value target to intercept sensitive information," the internal bulletin begins. 

The bulletin warned of professional hacking groups employing phishing scams to gain access to encrypted conversations, bypassing the end-to-end encryption the application uses. 

The bulletin also underscored to NSA employees that third-party messaging applications such as and Whatsapp are permitted for certain "unclassified accountability/recall exercises" but not for communicating more sensitive information. 

NSA employees were also warned to not send "anything compromising over any social media or Internet-based tool or application," and to not "establish connections with people you do not know." 

TheNews contacted the NSA for comment but did not receive a reply prior to publication. 

Signal to the bulletin in a social media post Tuesday, saying the NSA's "memo used the term 'vulnerability' in relation to Signal-but it had nothing to do with Signal's core tech. It was warning against phishing scams targeting Signal users."

"Phishing isn't new, and it's not a flaw in our encryption or any of Signal's underlying technology," the company said. "Phishing attacks are a constant threat for popular apps and websites." 

On Tuesday, National Intelligence Director Tulsi Gabbard and CIA Director John Ratcliffe, both of whom were reportedly in the Signal group chat, before a Senate panel.  

"There was no classified material that was shared in that Signal chat," Gabbard told lawmakers. But the NSA bulletin advises that even information that is not categorized as classified should not be shared on Signal, advising users not to share "unclassified, nonpublic" information on the messaging platform. 

Ratcliffe said Signal "is a permissible use" application that has been approved by the White House for use by senior officials. The group chat, Ratcliffe said, was a "mechanism for communicating between senior level officials but not a substitute for using high side or classified communications."

Both Ratcliffe and Gabbard were asked by Democratic Sen. Martin Heinrich of New Mexico whether the Signal conversation included information on "weapons packages, targets or timing." Ratcliffe replied, "Not that I'm aware of," and Gabbard said, "Same answer and defer to the Department of Defense on that question." Both said they had no knowledge of the chat including operational details of the strike in Yemen.