Punycode being an attack vector is recently in the news:
just a reminder that Firefox has an attempt at some mitigations:
With help from Google, impersonated Brave.com website pushes malware
With a valid TLS certificate, faux Bravė.com could fool even security-savvy people.
arstechnica.com
Show IDN punycode in Firefox to avoid phishing URLs
Pop quiz: can you tell the difference between these 2 domains? Both host a version of the popular crypto exchange Binance.
ma.ttias.be