An OpenPGP.js flaw just broke public key cryptography

There is a way to verify fake messages as if they were legitimate The bug affects multiple versions of OpenPGP.jsA patch is available. There is currently no confirmed evidence of abuse in the wild.