Bidi Swap: Unmasking The Art Of URL Misleading With Bidirectional Text Tricks
Varonis, September 17,2025
Varonis reveals a decade-old Unicode flaw that enables BiDi URL spoofing and poses phishing risks. Learn how attackers exploit RTL/LTR scripts and browser gaps.
Varonis Threat Labs is shining a spotlight on a decade-old vulnerability that opens the door to URL spoofing.
By exploiting how browsers handle Right-to-Left (RTL) and Left-to-Right (LTR) scripts, attackers can craft URLs that appear trustworthy but actually lead somewhere else, therefore this method, known as BiDi Swap, can be often abused in phishing attacks.