1. Forum
  2. tqwNet
  3. TQW GENTECH

  • The invisible threat hidden in clear view: how Unicode characters

    From TechnologyDaily@1337:1/100 to All on Friday, April 03, 2026 19:45:35
    The invisible threat hidden in clear view: how Unicode characters are being weaponized to hide malicious commands from human users

    Date:
    Fri, 03 Apr 2026 18:40:00 +0000

    Description:
    Hackers can steal your GitHub tokens through OpenAIs Codex using nothing more than a sneaky branch name.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter A carefully crafted branch name can steal
    your GitHub authentication token Unicode spaces hide malicious payloads from human eyes in plain sight Attackers can automate token theft across multiple users sharing a repository Security researchers have discovered a command injection vulnerability in OpenAIs Codex cloud environment that allowed attackers to steal GitHub authentication tokens using nothing more than a carefully crafted branch name.

    Research from BeyondTrust Phantom Labs found the vulnerability stems from improper input sanitization in how Codex processed GitHub branch names during task execution. By injecting arbitrary commands through the branch name parameter, an attacker could execute malicious payloads inside the agents container and retrieve sensitive authentication tokens that grant access to connected GitHub repositories. Article continues below You may like Security experts discover critical flaw in OpenAI's Codex able to compromise entire organizations Security experts flag multiple issues in Claude Code, warning, 'As AI integration deepens, security controls must evolve to match the new trust boundaries' This 'ZombieAgent' zero click vulnerability allows for silent account takeover - here's what we know A vulnerability in plain sight What makes this attack particularly concerning is the method researchers developed to hide the malicious payload from human detection.

    The team identified a way to disguise the payload using Ideographic Space, a Unicode character designated as U+3000.

    By appending 94 Ideographic Spaces followed by "or true" to the branch name, error conditions can be bypassed while rendering the malicious portion invisible in the Codex user interface.

    The Ideographic Spaces are ignored by Bash during command execution, but they effectively conceal the attack from any user who might view the branch name through the web portal. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    The attack could be automated to compromise multiple users interacting with a shared GitHub repository.

    With proper repository permissions, an attacker could create a new branch containing the obfuscated payload and even set that branch as the default branch for the repository.

    Any user who subsequently interacted with that branch through Codex would
    have their GitHub OAuth token exfiltrated to an external server controlled by the attacker. What to read next OpenAI patches flaw allowing silent data leakage from ChatGPT conversations Be careful what you click - hackers use Claude Code leak to push malware GitHub developers targeted by fake VS Code alerts spreading malware

    The researchers tested this technique by hosting a simple HTTP server on Amazon EC2 to monitor incoming requests, confirming that the stolen tokens were successfully transmitted.

    The vulnerability affected multiple Codex interfaces, including the ChatGPT website, Codex CLI, Codex SDK, and the Codex IDE extension.

    Phantom Labs also discovered that authentication tokens stored locally on developer machines in the auth.json file could be leveraged to replicate the attack via backend APIs.

    Beyond simple token theft, the same technique could steal GitHub Installation Access tokens by referencing Codex in a pull request comment, triggering a code review container that executed the payload.

    All reported issues have since been remediated in coordination with OpenAIs security team.

    However, the discovery raises concerns about AI coding agents operating with privileged access.

    Traditional security tools like antivirus and firewalls cannot prevent this attack because it occurs inside OpenAIs cloud environment, beyond their visibility.

    To stay safe, organizations should audit AI tool permissions, especially agents, and enforce least privilege.

    They should also monitor repositories for unusual branch names containing Unicode spaces, rotate GitHub tokens regularly, and review access logs for suspicious API activity. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/the-invisible-threat-hidden-in-clear-view-how-un icode-characters-are-being-weaponized-to-hide-malicious-commands-from-human-us ers


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)