Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Critical OpenPGP.js Vulnerability Allows Signature Spoofing

2025-06-10
Critical OpenPGP.js Vulnerability Allows Signature Spoofing

Codean Labs discovered a critical vulnerability (CVE-2025-47934) in the OpenPGP.js library that allows attackers to spoof arbitrary signatures. By leveraging a valid signature and appending a malicious data packet, attackers can trick OpenPGP.js verifiers into accepting the malicious data as signed, effectively forging signatures. This vulnerability impacts several web-based email clients, posing a critical risk. Versions 5.11.3 and 6.1.1 patch this vulnerability; immediate updates are recommended.

(codeanlabs.com)
Development signature spoofing
Pydoll: WebDriver-less Browser Automation
Mistral AI Unveils Magistral: A Transparent, Multilingual Reasoning Model