Threat Post

‘Trojan Source’ Hides Invisible Bugs in Source Code

The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware. Researchers have found a new way to encode ...
Bleeping Computer

'Trojan Source' attack method can hide bugs into open-source code

Academic researchers have released details about a new attack method they call “Trojan Source” that allows injecting vulnerabilities into the source code of a software project in a way that human ...
Krebs on Security

‘Trojan Source’ Bug Threatens the Security of All Code

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted ...