Post · Bonfire Dinteg Labs

Heads up you code maintainers who take submissions from people, delete unicode characters. See this: https://arstechnica.com/security/2026/03/supply-chain-attack-using-invisible-code-hits-github-and-other-repositories/ Yes, people put back doors in code using unicode characters that don't show up on the screen. #infosec #foss #github

Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Unicode that's invisible to the human eye was largely abandoned—until attackers took notice.

Bonfire Dinteg Labs

This is a bonfire demo instance for testing purposes. This is not a production site. There are no backups for now. Data, including profiles may be wiped without notice. No service or other guarantees expressed or implied.

Bonfire Dinteg Labs: About · Code of conduct · Privacy ·

Bonfire social · 1.0.0 no JS en

Automatic federation enabled