aschmitz @aschmitz

If you use Signal's "Desktop" app and haven't updated it today, do that *now*.

(They just fixed a relatively-easily exploitable issue that could at least steal your messages, and possibly do much more.)

It appears as though if you've been attacked that way, you'll also get a message to your phone with the exploit code in a not-executed form too, so at least you'll know, but it could be too late then anyway.

@aschmitz ugh is this a javascript XSS-style attack