New ‘Trojan Source’ Technique Lets Hackers Hide Vulnerabilities in Source Code

A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that’s semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks.
Dubbed “Trojan Source attacks,” the technique “exploits subtleties in text-encoding standards such as Unicode to produce source