Michael Stepankin
@artsploit.com
Security Researcher at GitHub Security Lab, ex Portswigger.
https://artsploit.blogspot.com/
https://artsploit.blogspot.com/
Reposted by Michael Stepankin
What if attackers could hijack your coding agent through a simple GitHub issue?
Prompt injections are a real and growing threat for VS Code Copilot Agent.
Learn how these attacks work and how you can defend your environment.
Read the full research: github.blog/security/vul...
Prompt injections are a real and growing threat for VS Code Copilot Agent.
Learn how these attacks work and how you can defend your environment.
Read the full research: github.blog/security/vul...
Safeguarding VS Code against prompt injections
See how to reduce the risks of an indirect prompt injection, such as the exposure of confidential files or the execution of code without the user's consent.
github.blog
August 25, 2025 at 5:53 PM
What if attackers could hijack your coding agent through a simple GitHub issue?
Prompt injections are a real and growing threat for VS Code Copilot Agent.
Learn how these attacks work and how you can defend your environment.
Read the full research: github.blog/security/vul...
Prompt injections are a real and growing threat for VS Code Copilot Agent.
Learn how these attacks work and how you can defend your environment.
Read the full research: github.blog/security/vul...
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...
January 22, 2025 at 6:16 PM
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...
Reposted by Michael Stepankin
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties
Recently a past student came to me with a very interesting unauthenticated vulnerability in a Spring application that they were having a hard time exploiting...
srcincite.io
November 26, 2024 at 11:57 PM
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Reposted by Michael Stepankin
How's your day going?
November 15, 2024 at 8:53 AM
How's your day going?