Michael Stepankin

Prompt injections are a serious concern for VS Code Copilot Agent. Discover how attackers can create GitHub issues with harmful instructions and find out how to protect the coding agent effectively. github.blog/security/vulne…

The curious case of exploiting locally running web app securitylab.github.com/advisories/GHS…

The industry is ablaze w speculation around yesterday's publicly disclosed Veeam Software Backup & Replication RCE vulnerabilities (CVE-2025-23120). We reported these vulnerabilities to Veeam in early February, tracked as WT-2025-0014 and WT-2025-0015. labs.watchtowr.com/by-executive-o…

@samwcyo @infosec_au Just wow

New blog post with @infosec_au: We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely. The issue was reported and patched. Full post here: samcurry.net/hacking-subaru

Here is the blog post: github.blog/security/vulne…

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵

Hyped to speak at @ekoparty in November!

Just submitted a CFP to @ekoparty where I want to talk about breaking Maven repository managers. This is the one of the craziest and fruitful research projects I've done in my career.

So happy to had the chance to present for second time at #BlackHat USA! I’m already receiving a lot of messages from people using these techniques to get some nice bounties! If you want to learn more about cache exploitation, the research is available at portswigger.net/research/gotta…

Kafka UI can be a juicy target for bug hunters, here is why: github.blog/2024-07-22-3-w…

Time to retire some content! JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory: srcincite.io/blog/2024/07/2…

We take pet’s security seriously!

🚨 New Blog Alert! 🚨 Can an attacker execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities in Ruby can be exploited and how they can be detected with CodeQL. 🔗 Read the full post: github.blog/2024-06-20-exe… Stay safe and code responsibly! 🛡️💻

The first part of the blog series: #Iconv, set the charset to RCE. We'll use #PHP filters and #CVE-2024-2961 to get a very stable code execution exploit from a file read primitive. #cnext

In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. github.blog/2024-03-18-gai…

The SSRF/auth bypass affecting Ivanti Pulse Connect Secure (CVE-2024-21893), is a great example of what can be achieved with a fully blind SSRF vulnerability (RCE). Read the @assetnote blog here which includes a reliable payload and generation steps: assetnote.io/resources/rese…

Discover the latest insights from our @GHSecurityLab team’s audit on @home_assistant security! 🛡️ github.blog/2023-11-30-sec… #CodeReview

In this post I'll use CVE-2023-4069, a type confusion bug in the Maglev JIT compiler of Chrome that I reported in July, to gain RCE in the Chrome renderer sandbox: github.blog/2023-10-17-get…

@0xor0ne Thanks for sharing!

Excellent research on attacking mutual TLS (mTLS) authentication Credits Michael Stepankin (@artsploit) Blog post: github.blog/2023-08-17-mtl… BH 23 slides: i.blackhat.com/BH-US-23/Prese… #mtls #authentication #infosec

Video of my PoC for CVE-2023-43641: out-of-bounds array access in libcue. libcue is used by tracker-miners, which automatically scans new files in ~/Downloads, so the bug is triggered by downloading a file.