Michael Stepankin's Avatar

Michael Stepankin

@artsploit.com

Security Researcher at GitHub Security Lab, ex Portswigger. https://artsploit.blogspot.com/

200
Followers 49
Following 1
Posts 15.11.2024
Joined
Posts Following

Latest posts by Michael Stepankin @artsploit.com

Preview
Safeguarding VS Code against prompt injections See how to reduce the risks of an indirect prompt injection, such as the exposure of confidential files or the execution of code without the user's consent.

What if attackers could hijack your coding agent through a simple GitHub issue?

Prompt injections are a real and growing threat for VS Code Copilot Agent.

Learn how these attacks work and how you can defend your environment.

Read the full research: github.blog/security/vul...

25.08.2025 17:53 πŸ‘ 5 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Post image

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...

22.01.2025 18:16 πŸ‘ 28 πŸ” 16 πŸ’¬ 1 πŸ“Œ 0
Remote Code Execution with Spring Properties Recently a past student came to me with a very interesting unauthenticated vulnerability in a Spring application that they were having a hard time exploiting...

I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!

Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...

26.11.2024 23:57 πŸ‘ 76 πŸ” 36 πŸ’¬ 1 πŸ“Œ 2
Post image

How's your day going?

15.11.2024 08:53 πŸ‘ 26 πŸ” 2 πŸ’¬ 2 πŸ“Œ 0