DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.

https://drownattack.com/ - The DROWN Attack
https://drownattack.com/drown-attack-paper.pdf - DROWN: Breaking TLS using SSLv2

EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails.

https://efail.de/efail-attack-paper.pdf - Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
https://www.eff.org/deeplinks/2018/05/pgp-and-efail-frequently-asked-questions - PGP and EFAIL: Frequently Asked Questions
https://protonmail.com/blog/pgp-efail-statement/ - Statement from PGP developers about eFail
https://blog.mozilla.org/thunderbird/2018/05/efail-and-thunderbird/ - EFail and Thunderbird, What You Need To Know
https://lists.mayfirst.org/pipermail/autocrypt/2018-May/000340.html - [Autocrypt] EFF/EFAIL and Autocrypt

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).


It is now practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file.