bug-bounty516
xss283
rce171
google161
facebook134
microsoft128
exploit121
account-takeover118
bragging-post117
malware117
cve96
privilege-escalation92
csrf87
open-source85
authentication-bypass83
stored-xss75
phishing70
access-control69
apple67
ai-agents66
web-security64
reflected-xss63
input-validation53
sql-injection51
writeup51
reverse-engineering49
cross-site-scripting49
ssrf49
defi48
smart-contract48
api-security47
ethereum45
dos44
information-disclosure44
privacy43
supply-chain42
tool42
browser40
cloudflare39
web-application39
web338
burp-suite37
lfi37
vulnerability-disclosure37
automation36
race-condition36
opinion36
ai-security36
llm35
responsible-disclosure34
0
6/10
Researchers discovered 151 malicious packages using invisible Unicode characters to hide executable code in repositories including GitHub and npm. The technique leverages Public Use Area characters that appear as whitespace to humans but execute as code at runtime, making traditional code reviews ineffective and suspected to be AI-generated at scale.
supply-chain-attack
malicious-packages
invisible-code
unicode-obfuscation
github
npm
code-injection
ai-generated-malware
public-use-area
javascript
eval-injection
typosquatting
solana
credential-theft
token-stealing
Aikido Security
Glassworm
Koi
GitHub
npm
Open VSX
VS Code
Solana
Dan Goodin