ZDNet

Java zero-day malware 'was signed with certificates stolen from security vendor'

Malware used in a zero-day Java exploit was signed with certificates stolen from a security firm, researchers have found. The editions of Java targeted by the malware, Java 6 Update 41 and Java 7 ...
Hackaday

This Week In Security: Java’s Psychic Signatures, AWS Escape, And A Nasty Windows Bug

Java versions 15, 16, 17, and 18 (and maybe some older versions) have a big problem, ECDSA signature verification is totally broken. The story is a prime example of the dangers of unintended ...