A flaw has been discovered in OpenPGP.js, a widely used JavaScript library for OpenPGP encryption. Tracked as CVE-2025-47934, the vulnerability allows threat actors to spoof both signed and encrypted messages, effectively undermining the very foundation of trust in public key cryptography.
https://thecyberexpress.com/cve-2025-47 ... erability/