Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...

The invisible threat hidden in clear view: how Unicode characters are being weaponized to hide malicious commands from human users

Research from BeyondTrust Phantom Labs found the vulnerability stems from improper input sanitization in how Codex processed ...
Bleeping Computer

Invisible characters could be hiding backdoors in your JavaScript code

Could malicious backdoors be hiding in your code, that otherwise appears perfectly clean to the human eye and text editors alike? A security researcher has shed light on how invisible characters can ...
AOL

GlassWorm malware hides in invisible open-source code

The danger in the code came from characters that are invisible to the human eye. In early March researchers at several security firms examined what looked like empty space and found hidden Unicode ...
Threat Post

‘Trojan Source’ Hides Invisible Bugs in Source Code

The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware. Researchers have found a new way to encode ...
Dark Reading

Attackers Use Unicode & HTML to Bypass Email Security Tools

Cybercriminals have been spotted using HTML/CSS and Unicode tricks to bypass tools meant to block malicious emails, marking a new twist in phishing techniques, security researchers report. Attackers ...