Somebody probably is going to publish article titled "People Are Freaking Out That Signal Is ‘Broken’—But You Shouldn’t Be Using It Anyway".
As Signal is open source we should be able to go to the github and figure out who coded the exploit and when and then look at what else that developer contributed to the project. Well, I think that is how it is supposed to work. There are probably teams of coders on government payroll that do nothing but infiltrate and subvert security features in open source projects.