News
Invisible Unicode Attack Floods GitHub With Malicious Packages
Security researchers discover 151 malicious packages using invisible Unicode characters to hide payloads from code review tools and terminal displays.
Key Takeaways
- 151 malicious packages found across GitHub, NPM, and Open VSX using invisible Unicode characters
- Hidden payloads evade code review tools, editors, and terminal displays entirely
- Attack combines typosquatting with invisible code for dual-layer deception
DE
DT Editorial AI··via arstechnica.com