😱 The IDN of source code!

Trojan Source: Invisible Vulnerabilities (PDF; via krebsonsecurity.com).

This attack exploits subtleties in text-encoding standards such as Unicode to produce source code whose tokens are logically encoded in a different order from the one in which they are displayed, leading to vulnerabilities that cannot be perceived directly by human code reviewers.