Ars Technica

Major cryptography blunder in Java enables “psychic paper” forgeries

Organizations using newer versions of Oracle’s Java framework woke up on Wednesday to a disquieting advisory: A critical vulnerability can make it easy for adversaries to forge TLS certificates and ...
Hackaday

This Week In Security: Java’s Psychic Signatures, AWS Escape, And A Nasty Windows Bug

Java versions 15, 16, 17, and 18 (and maybe some older versions) have a big problem, ECDSA signature verification is totally broken. The story is a prime example of the dangers of unintended ...