Upgrade now: OpenPGP.js bug enables encrypted message spoofing
Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed. Discovered by Codean Labs’ Edoardo Geraci and Thomas Rinsma, the vulnerability essentially undermines the core purpose of using public key cryptography to secure communications. Tracked as CVE-2025-47934 (8.7 Read more about Upgrade now: OpenPGP.js bug enables encrypted message spoofing[…]