CuraSec

tag: Cryptography · 1 items

2026-07-12 · HN (cve) · source ↗ #cryptography#supply-chain#go
  • Engineer — Plan: If your Go codebase depends on github.com/cloudflare/circl and uses the FourQ elliptic curve (key exchange or signatures), audit that usage and schedule an upgrade; EPSS is 0.00 and no KEV listing, but a public PoC exists and cryptographic correctness flaws can enable key-recovery or signature-forgery scenarios.
  • SOC/IR — Skip
  • Leader — Skip
  • Signals: CVE-2025-8556 — CISA KEV: not listed, EPSS 0.00, public PoC on GitHub