A new web server vulnerability called VENOM was announced yesterday, but customers of Signal's web hosting are safe.
Virtualized Environment Neglected Operations Manipulation (VENOM) can affect so-called "virtual" machines, many of which may operate on a single physical server. The bug can allow a ne'er-do-well to potentially escape the confirms of a compromised virtual machine and gain unwarranted access to the physical host, as well as the other virtual machines it runs.
Though it was revealed yesterday, VENOM apparently has been a potential issue since 2004.
The good news: Amazon Web Services (AWS), the cloud provider Signal uses to host our clients' websites, said yesterday, 'there is no risk to AWS customer data or instances."
A variety of other cloud providers yesterday announced plans for patches to protect against the problem.