The File Search tool in the Gemini API now supports multimodal retrieval by adding support for Gemini Embedding 2. This update allows images, such as charts, product photos, and diagrams, to be natively indexed and searched in the same store as your text-based documents. This post covers how to use the File Search tool end-to-end: creating a store, uploading documents and images, querying with gro
Hi everyone, my name is P Swyom Sanjog. Welcome back to my blog—I hope you’re all doing well. Today, I’m bringing a new topic: Virtual DOM. Let’s understand what the Virtual DOM is in simple terms. We’ll cover key questions like what it is, why it’s used, and how it works. So, let’s get started! Virtual Dom So, let’s break down the topic into “Virtual” and “DOM.” Virtual means something that exi
Your phone will connect to the strongest tower it hears. It does not ask for ID first. It assumes trust, and that assumption is the entire problem. I first noticed this in 2019 outside a security conference in Las Vegas. My test Android dropped from LTE to 2G for 47 seconds, then returned to normal. No user notification. The baseband logs showed a cipher downgrade to A5/0, a location area code tha
In Part 1 of this series, I enumerated a few obstacles for engineers taking vibe coding from side projects to production. Part 2 looked at AI usage from the manager's perspective: measuring adoption, understanding the gap, coaching to fill the gap. Both of those were "Day 1" problems: getting started, getting people on board, figuring out the tools. This article focuses on what comes next: the vib
This technical post walks through the design and implementation of Secure Playground: a local web app that simulates prompt-injection attacks against large language models and demonstrates simple defenses. Provide a minimal, reproducible environment to test payloads and defensive strategies. Make it easy to add new providers and run mutation-based red-team experiments. Offer a leaderboard and scor
Metasploitable2 - FTP Exploitation using vsftpd 2.3.4 Backdoor 1. Objective To identify and exploit a known vulnerability in an FTP service running on a vulnerable target machine using industry-standard reconnaissance and exploitation techniques. 2. Lab Environment Component Description Attacker Machine Kali Linux Target Machine Metasploitable2 Network Type Host-only / NAT
A critical kernel privilege escalation that leaves no trace on disk — and how it works It started with a blog post. On April 29, 2026, Theori's research platform Xint Code quietly dropped a URL: copy.fail. Within hours, security teams across the industry were scrambling. A 732-byte Python script — shorter than most .gitignore files — was rooting every major Linux distribution in existence. No race
MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers. Here's What We Found. April 18, 2026 MCPwn dropped this week. CVE-2026-33032 — CVSS 9.8, actively exploited, 2,600+ instances exposed. Two HTTP requests. No authentication. Full nginx server takeover. Then MCPwnfluence: CVE-2026-27825 and CVE-2026-27826. The most widely used Atlassian MCP server — SSRF chained with arbitrary file wri