{"id":43685,"date":"2021-11-01T14:31:51","date_gmt":"2021-11-01T14:31:51","guid":{"rendered":"http:\/\/6124e5f9-d579-41cb-a215-2e14bbe73776"},"modified":"2021-11-01T14:31:51","modified_gmt":"2021-11-01T14:31:51","slug":"this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/","title":{"rendered":"This sneaky trick could allow attackers to hide &#8216;invisible&#8217; vulnerabilities in code"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/065d07c4077f40f136b8819a9f03df4a39538d34\/2021\/08\/06\/c55fade0-6def-4c6d-b0b7-d501337b05d8\/hands-on-a-keyboard-in-the-dark.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" class=\"ff-og-image-inserted\"><\/div>\n<p>If you&#8217;re using the Rust programming language \u2014 or JavaScript, Java, Go or Python \u2014 in a project, you may want to check for potential differences between reviewed code versus the compiled code that&#8217;s been output.&nbsp;<\/p>\n<p>The Rust Security Response working group (WG) has flagged a strange security vulnerability that is being tracked as CVE-2021-42574 and is urging developers to upgrade Rust version 1.56.1.&nbsp;<\/p>\n<p>News of the <a href=\"https:\/\/groups.google.com\/g\/rustlang-security-announcements\/c\/bKPH8XYMvJU\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">obscure bug was disseminated in a mailing list today<\/a>. The Rust project has also <a href=\"https:\/\/blog.rust-lang.org\/2021\/11\/01\/cve-2021-42574.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">flagged the Unicode &#8220;bidirectional override&#8221; issue in a blogpost<\/a>. But it&#8217;s a general bug that doesn&#8217;t affect just Rust but all code that&#8217;s written in popular languages that use Unicode. &nbsp;<\/p>\n<p>Since it is Unicode, this bug affects not just Rust but other top languages, such as Java, JavaScript, Python, C-based languages and code written in other modern languages, <a href=\"https:\/\/www.lightbluetouchpaper.org\/2021\/11\/01\/trojan-source-invisible-vulnerabilities\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">according to security researcher Ross Anderson.<\/a>&nbsp;<\/p>\n<p>Open-source projects such as operating systems often rely on human review of all new code to detect any potentially malicious contributions by volunteers. But the security researchers at Cambridge University said they have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic.&nbsp;<\/p>\n<p>&#8220;We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic. One particularly pernicious method uses Unicode directionality override characters to display code as an anagram of its true logic. We&#8217;ve verified that this attack works against C, C++, C#, JavaScript, Java, Rust, Go, and Python, and suspect that it will work against most other modern languages,&#8221;&nbsp;<a href=\"https:\/\/www.lightbluetouchpaper.org\/2021\/11\/01\/trojan-source-invisible-vulnerabilities\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">writes Anderson, detailing this bug and a similar &#8220;homoglyph&#8221; issue tracked as CVE-2021-42694<\/a>.<\/p>\n<p>&#8220;The trick is to use Unicode control characters to reorder tokens in source code at the encoding level. These visually reordered tokens can be used to display logic that, while semantically correct, diverges from the logic presented by the logical ordering of source code tokens. Compilers and interpreters adhere to the logical ordering of source code, not the visual order,&#8221; the <a href=\"https:\/\/trojansource.codes\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">researchers said<\/a>. The attack is to use control characters embedded in comments and strings to reorder source code characters in a way that changes its logic.<\/p>\n<section class=\"sharethrough-top placeholder\"> <\/section>\n<p>Software development is international and Unicode \u2014 a foundation for text and emoji \u2014 supports left-to-right languages, such as English, and right-to-left languages, such as Persian. It does this through &#8220;bidirectional override&#8221;, an invisible feature called a codepoint that enables embedding left-to-right words inside a right-to-left sentence and vice versa.&nbsp;<\/p>\n<p>While they&#8217;re normally used to embed a word inside a sentence constructed in the reverse direction, Anderson and Microsoft security researcher Nicholas Boucher discovered that they could be used to change how source code is displayed in certain editors and code review tools.&nbsp;<\/p>\n<p>It means that reviewed code can be different than the compiled code and shows how organizations could be hacked through tampered open-source code.&nbsp;<\/p>\n<p>&#8220;This attack is particularly powerful within the context of software supply chains. If an adversary successfully commits targeted vulnerabilities into open source code by deceiving human reviewers, downstream software will likely inherit the vulnerability,&#8221; the researchers warn.<\/p>\n<p>Google <a href=\"https:\/\/www.zdnet.com\/article\/open-source-security-google-has-a-new-plan-to-stop-software-supply-chain-attacks\/\" target=\"_blank\" rel=\"noopener\">has found that open-source software supply chain attacks have escalated in the past year<\/a>.&nbsp;<\/p>\n<p>Rust isn&#8217;t a widely used programming language, but it has been adopted for systems (versus application) programming by <a href=\"https:\/\/www.zdnet.com\/article\/linux-foundation-well-host-mozillas-rust-programming-language-based-servo-web-engine\/?ftag=COS-05-10aaa0h&amp;utm_campaign=trueAnthem:%20Trending%20Content&amp;utm_medium=trueAnthem&amp;utm_source=facebook&amp;fbclid=IwAR3y9NWOJnepqGmbe4TAkTd6KYf9xnKc2GjvxSMQkJLKubNqn20bU3qOlj0\">Google, Facebook, Microsoft, Amazon Web Services (AWS) and more<\/a> for its memory-related safety guarantees.&nbsp;<\/p>\n<p>&#8220;Rust 1.56.1 introduces two new lints to detect and reject code containing the affected codepoints. Rust 1.0.0 through Rust 1.56.0 do not include such lints, leaving your source code vulnerable to this attack if you do not perform out-of-band checks for the presence of those codepoints,&#8221; the Rust project said.&nbsp;<\/p>\n<p>The Rust project analyzed its add-on software packages, dubbed &#8220;crates&#8221; \u2014 it reviewed everything published on crates.io from 17 October 2021 \u2014 and determined that five crates have the affected codepoints in their source code. However, it didn&#8217;t find any malicious codepoints.<\/p>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rust programming language project has an update that addresses Unicode security flaw that affects it, Java, Python and more.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-43685","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>This sneaky trick could allow attackers to hide &#039;invisible&#039; vulnerabilities in code 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"This sneaky trick could allow attackers to hide &#039;invisible&#039; vulnerabilities in code 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-01T14:31:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/065d07c4077f40f136b8819a9f03df4a39538d34\/2021\/08\/06\/c55fade0-6def-4c6d-b0b7-d501337b05d8\/hands-on-a-keyboard-in-the-dark.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"This sneaky trick could allow attackers to hide &#8216;invisible&#8217; vulnerabilities in code\",\"datePublished\":\"2021-11-01T14:31:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\\\/\"},\"wordCount\":683,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/065d07c4077f40f136b8819a9f03df4a39538d34\\\/2021\\\/08\\\/06\\\/c55fade0-6def-4c6d-b0b7-d501337b05d8\\\/hands-on-a-keyboard-in-the-dark.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\\\/\",\"name\":\"This sneaky trick could allow attackers to hide 'invisible' vulnerabilities in code 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/065d07c4077f40f136b8819a9f03df4a39538d34\\\/2021\\\/08\\\/06\\\/c55fade0-6def-4c6d-b0b7-d501337b05d8\\\/hands-on-a-keyboard-in-the-dark.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2021-11-01T14:31:51+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/065d07c4077f40f136b8819a9f03df4a39538d34\\\/2021\\\/08\\\/06\\\/c55fade0-6def-4c6d-b0b7-d501337b05d8\\\/hands-on-a-keyboard-in-the-dark.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/065d07c4077f40f136b8819a9f03df4a39538d34\\\/2021\\\/08\\\/06\\\/c55fade0-6def-4c6d-b0b7-d501337b05d8\\\/hands-on-a-keyboard-in-the-dark.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"This sneaky trick could allow attackers to hide &#8216;invisible&#8217; vulnerabilities in code\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"This sneaky trick could allow attackers to hide 'invisible' vulnerabilities in code 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/","og_locale":"en_US","og_type":"article","og_title":"This sneaky trick could allow attackers to hide 'invisible' vulnerabilities in code 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-11-01T14:31:51+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/065d07c4077f40f136b8819a9f03df4a39538d34\/2021\/08\/06\/c55fade0-6def-4c6d-b0b7-d501337b05d8\/hands-on-a-keyboard-in-the-dark.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"This sneaky trick could allow attackers to hide &#8216;invisible&#8217; vulnerabilities in code","datePublished":"2021-11-01T14:31:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/"},"wordCount":683,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/065d07c4077f40f136b8819a9f03df4a39538d34\/2021\/08\/06\/c55fade0-6def-4c6d-b0b7-d501337b05d8\/hands-on-a-keyboard-in-the-dark.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/","url":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/","name":"This sneaky trick could allow attackers to hide 'invisible' vulnerabilities in code 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/065d07c4077f40f136b8819a9f03df4a39538d34\/2021\/08\/06\/c55fade0-6def-4c6d-b0b7-d501337b05d8\/hands-on-a-keyboard-in-the-dark.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","datePublished":"2021-11-01T14:31:51+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/065d07c4077f40f136b8819a9f03df4a39538d34\/2021\/08\/06\/c55fade0-6def-4c6d-b0b7-d501337b05d8\/hands-on-a-keyboard-in-the-dark.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/065d07c4077f40f136b8819a9f03df4a39538d34\/2021\/08\/06\/c55fade0-6def-4c6d-b0b7-d501337b05d8\/hands-on-a-keyboard-in-the-dark.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"This sneaky trick could allow attackers to hide &#8216;invisible&#8217; vulnerabilities in code"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43685","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=43685"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43685\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=43685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=43685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=43685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}