Michael Stepankin

Posts by this author

Vulnerability research

Safeguarding VS Code against prompt injections

When a chat conversation is poisoned by indirect prompt injection, it can result in the exposure of GitHub tokens, confidential files, or even the execution of arbitrary code without the user’s explicit consent. In this blog post, we’ll explain which VS Code features may reduce these risks.

Michael StepankinAugust 25, 2025

Vulnerability research
Attacks on Maven proxy repositories
Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.Michael StepankinJanuary 22, 2025
Learn more
Vulnerability research
3 ways to get Remote Code Execution in Kafka UI
In this blog post, we’ll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited.Michael StepankinJuly 22, 2024
Learn more
Vulnerability research
mTLS: When certificate authentication is done wrong
In this post, we’ll deep dive into some interesting attacks on mTLS authentication. We’ll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation, and information leakages.Michael StepankinAugust 17, 2023
Learn more