Java Psychic Signatures: Completely broken ECDSA implementation accepts any signature including a blank one in Java 15-18. Breaks JWT verification (ES256/ES384/ES512), TLS client auth, and code signing. Update JDK immediately. Audit all JWT libraries using Java crypto for ECDSA.
Faulty implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) in Java 15-18 allows attackers to forge any signature by sending a blank signature (Psychic Signatures in Java).
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →