GlassWorm has compromised 400+ components using invisible Unicode characters that bypass visual code review, linters, and security tools. The supply chain attack hides malicious payloads in variation selectors that render as whitespace but execute as full JavaScript code.
