Safeguarding VS Code against prompt injections See how to reduce the risks of an indirect prompt injection, such as the exposure of confidential files or the execution of code without the user's consent.

What if attackers could hijack your coding agent through a simple GitHub issue?

Prompt injections are a real and growing threat for VS Code Copilot Agent.

Learn how these attacks work and how you can defend your environment.

Read the full research: github.blog/security/vul...

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...

Remote Code Execution with Spring Properties Recently a past student came to me with a very interesting unauthenticated vulnerability in a Spring application that they were having a hard time exploiting...

I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!

Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...

How's your day going?