2022.08.29 10:29:51 (1564168440251748352) from Daniel J. Bernstein:
New paper "A one-time single-bit fault leaks all previous NTRU-HRSS session keys to a chosen-ciphertext attack": https://cr.yp.to/papers.html#ntrw Attack was enabled by a change to NTRU-HRSS in 2019. Attack software (using a simulated DRAM fault): "attackntrw" from https://pqsrc.cr.yp.to/downloads.html