Telegram proxy-link warning rollout
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Telegram is adding a warning for proxy links after clicks on disguised links were shown to expose users' real IP addresses. The mitigation targets Android and iOS clients, where a tapped t.me/proxy link can trigger an automatic proxy test before any confirmation. The added prompt is meant to reduce targeted deanonymization and abuse from attacker-controlled proxies.
Related Happenings
Telegram mobile clients proxy-link IP disclosure security flaw
Vulnerability
First: 12.01.2026 18:20
Last: 12.01.2026 18:20
Sources 1
How related:
Security researchers have demonstrated this week that Telegram clients on both Android and iOS automatically attempt to connect to a proxy when a user taps a specially crafted internal link.
About this happening:
Researchers demonstrated that **Telegram** mobile clients on **Android and iOS** can leak a user's **real IP address** when a disguised proxy link is tapped. The clients automatic...
Telegram mobile clients proxy-link IP disclosure security flaw
VulnerabilityHow related: Security researchers have demonstrated this week that Telegram clients on both Android and iOS automatically attempt to connect to a proxy when a user taps a specially crafted internal link.
About this happening: Researchers demonstrated that **Telegram** mobile clients on **Android and iOS** can leak a user's **real IP address** when a disguised proxy link is tapped. The clients automatic...
AI-assisted Truman Show investment fraud campaign
Campaign
First: 09.01.2026 13:00
Last: 09.01.2026 13:00
Sources 1
About this happening:
The **Truman Show** operation is an **AI-assisted investment fraud campaign** that uses **fake personas** and **attacker-controlled infrastructure** to lure victims into crypto sc...
AI-assisted Truman Show investment fraud campaign
CampaignAbout this happening: The **Truman Show** operation is an **AI-assisted investment fraud campaign** that uses **fake personas** and **attacker-controlled infrastructure** to lure victims into crypto sc...
Android tap-to-pay malware relays NFC card data for fraudulent payments
Malware Activity
First: 07.01.2026 18:00
Last: 07.01.2026 18:00
Sources 1
About this happening:
A wave of **Android tap-to-pay malware** is enabling **unauthorized contactless payments** by relaying **NFC card data** from victims’ phones to criminal devices. The operation us...
Android tap-to-pay malware relays NFC card data for fraudulent payments
Malware ActivityAbout this happening: A wave of **Android tap-to-pay malware** is enabling **unauthorized contactless payments** by relaying **NFC card data** from victims’ phones to criminal devices. The operation us...
UAC-0184 targets Ukrainian military and government entities via Viber-delivered malware
Campaign
First: 05.01.2026 19:56
Last: 05.01.2026 19:56
Sources 1
About this happening:
**UAC-0184** has shifted to **Viber-delivered malware** to target **Ukrainian military and government entities**, extending an active **2025** espionage operation. The initial lur...
UAC-0184 targets Ukrainian military and government entities via Viber-delivered malware
CampaignAbout this happening: **UAC-0184** has shifted to **Viber-delivered malware** to target **Ukrainian military and government entities**, extending an active **2025** espionage operation. The initial lur...
RondoDox persistent IoT and web app botnet campaign
Campaign
First: 01.01.2026 11:19
Last: 01.01.2026 11:19
Sources 1
About this happening:
**Scattered Lapsus$ Hunters** claimed they breached **Resecurity** and stole internal chats, logs, employee data, threat intelligence reports, and a complete client list, but Rese...
RondoDox persistent IoT and web app botnet campaign
CampaignAbout this happening: **Scattered Lapsus$ Hunters** claimed they breached **Resecurity** and stole internal chats, logs, employee data, threat intelligence reports, and a complete client list, but Rese...
Latest development: 03.01.2026 22:34
Scattered Lapsus$ Hunters claimed they gained full access to Resecurity systems and stole internal chats, logs, employee data, threat intelligence reports, and a complete client list, while Resecurity said the accessed environment was a deliberately deployed honeypot with fake employee, customer, and payment data used to monitor the actor.
Timeline
-
12.01.2026 18:20 2 articles · 4mo ago
Telegram adds warnings for disguised proxy links
Mitigation Patch UpdateTelegram said it will add a warning when users click proxy links, after researchers showed that specially crafted links disguised as ordinary usernames or harmless URLs on Android and iOS can trigger an automatic proxy test and expose a user's real IP address to the proxy operator.
Show sources
- Hidden Telegram proxy links can reveal your IP address in one click — www.bleepingcomputer.com — 12.01.2026 18:20
- Hidden Telegram proxy links can reveal your IP address in one click — www.bleepingcomputer.com — 12.01.2026 18:20