CurveBall/NSA disclosure: Windows fails to validate ECC certificate parameters enabling spoofing of code signing certificates and HTTPS connections. Apply January 2020 patches immediately. NSA publicly disclosed this — indicates active exploitation concerns.
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. CurveBall/Chain of Fools.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →