Unicode security issues include homograph attacks (visually identical Unicode characters in domain names), bidirectional text injection (RTL override to reverse text display), and normalization attacks.
Homograph attack: аpple.com uses Cyrillic 'а' instead of Latin 'a' — visually identical. Browsers show punycode for known-homograph domains. Bidirectional override (BIDI) characters can make malicious filenames appear benign.