Bleeping Computer

Invisible characters could be hiding backdoors in your JavaScript code

Could malicious backdoors be hiding in your code, that otherwise appears perfectly clean to the human eye and text editors alike? A security researcher has shed light on how invisible characters can ...
Threat Post

‘Trojan Source’ Hides Invisible Bugs in Source Code

The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware. Researchers have found a new way to encode ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

I’d expect this to come in linters and formatters before becoming a language requirement. For example, converting a string to the explicit Unicode escape sequences or Python’s \N{UNICODE NAME} syntax ...
Dark Reading

Attackers Use Unicode & HTML to Bypass Email Security Tools

Cybercriminals have been spotted using HTML/CSS and Unicode tricks to bypass tools meant to block malicious emails, marking a new twist in phishing techniques, security researchers report. Attackers ...