diff --git a/CHANGELOG.md b/CHANGELOG.md
index f6acac84..46065830 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file. The format
 ## Table of Contents
 
 - [Unreleased](#unreleased)
+- [1.9.26 - 2025-12-10](#1926---2025-12-10)
 - [1.9.25 - 2025-12-09](#1925---2025-12-09)
 - [1.9.24 - 2025-12-09](#1924---2025-12-09)
 - [1.9.23 - 2025-12-08](#1923---2025-12-08)
@@ -198,6 +199,17 @@ All notable changes to this project will be documented in this file. The format
 
 ---
 
+## [1.9.26] - 2025-12-10
+
+### Security
+- Addressed TOB-25 by adding explicit ECDSA and elliptic-curve regression tests
+  ensuring correct propagation and handling of the point at infinity during
+  scalar multiplication and signature verification.
+  These tests prevent regressions where invalid infinity points could be
+  incorrectly treated as valid curve points.
+
+---
+
 ## [1.9.25] - 2025-12-09
 
 ### Added
diff --git a/package-lock.json b/package-lock.json
index 459ae56e..1d95cb55 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.9.25",
+  "version": "1.9.26",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@bsv/sdk",
-      "version": "1.9.25",
+      "version": "1.9.26",
       "license": "SEE LICENSE IN LICENSE.txt",
       "devDependencies": {
         "@eslint/js": "^9.39.1",
diff --git a/package.json b/package.json
index 9e52d969..e3409d7d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.9.25",
+  "version": "1.9.26",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",
diff --git a/src/primitives/__tests/ECDSA.test.ts b/src/primitives/__tests/ECDSA.test.ts
index 9add3c78..d6ded623 100644
--- a/src/primitives/__tests/ECDSA.test.ts
+++ b/src/primitives/__tests/ECDSA.test.ts
@@ -2,6 +2,7 @@ import * as ECDSA from '../../primitives/ECDSA'
 import BigNumber from '../../primitives/BigNumber'
 import Curve from '../../primitives/Curve'
 import Signature from '../../primitives/Signature'
+import Point from '../../primitives/Point'
 
 const msg = new BigNumber('deadbeef', 16)
 const key = new BigNumber(
@@ -90,4 +91,30 @@ describe('ECDSA', () => {
       ECDSA.sign(msg, key, undefined, n)
     ).toThrow()
   })
+
+  it('k·G + (−k·G) results in point at infinity (TOB-25)', () => {
+    const k = new BigNumber('123456789abcdef', 16)
+
+    const P = curve.g.mul(k)
+    const negP = P.neg()
+    const sum = P.add(negP)
+
+    expect(sum.isInfinity()).toBe(true)
+  })
+
+  it('scalar multiplication by zero returns point at infinity (TOB-25)', () => {
+    const zero = new BigNumber(0)
+    const result = curve.g.mul(zero)
+
+    expect(result.isInfinity()).toBe(true)
+  })
+
+  it('ECDSA verify rejects point-at-infinity public key (TOB-25)', () => {
+    const signature = ECDSA.sign(msg, key)
+    const infinityPub = new Point(null, null)
+
+    expect(() =>
+      ECDSA.verify(msg, signature, infinityPub)
+    ).toThrow()
+  })
 })