<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-jamf-crashstealer-werkbit-notarized-macos-stealer/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T20:00:00.000Z</news:publication_date>
      <news:title>Notarized Werkbit.app carries CrashStealer past Gatekeeper</news:title>
      <news:keywords>CrashStealer, Werkbit, Jamf Threat Labs, macOS, notarization, Gatekeeper, infostealer</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-jamf-crashstealer-werkbit-notarized-macos-stealer/cover.jpg</image:loc>
      <image:title>Notarized Werkbit.app carries CrashStealer past Gatekeeper</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-modheader-stripe-olt-stanfordstudies-dormant-collector/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T19:20:00.000Z</news:publication_date>
      <news:title>ModHeader carried a dormant collector to 1.6M installs</news:title>
      <news:keywords>ModHeader, browser extension, supply chain, Chrome Web Store, Edge Add-ons, Stripe OLT, dormant collector</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-modheader-stripe-olt-stanfordstudies-dormant-collector/cover.jpg</image:loc>
      <image:title>ModHeader carried a dormant collector to 1.6M installs</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-cisa-kev-cve-2008-4128-cisco-ios-12-4-csrf/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:30:00.000Z</news:publication_date>
      <news:title>Cisco IOS 12.4 CSRF From 2008 Lands in CISA KEV</news:title>
      <news:keywords>CISA KEV, Cisco IOS, CVE-2008-4128, Cisco IOS 12.4, cross-site request forgery, CSRF, BOD 26-04, end-of-life hardware</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-cisa-kev-cve-2008-4128-cisco-ios-12-4-csrf/cover.jpg</image:loc>
      <image:title>Cisco IOS 12.4 CSRF From 2008 Lands in CISA KEV</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-memghost-arxiv-persistent-memory-poison-openclaw/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:15:00.000Z</news:publication_date>
      <news:title>MemGhost: an email that rewrites an AI agent&apos;s memory</news:title>
      <news:keywords>MemGhost, prompt injection, AI agent memory, OpenClaw, persistent memory, Claude Code SDK</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-memghost-arxiv-persistent-memory-poison-openclaw/cover.jpg</image:loc>
      <image:title>MemGhost: an email that rewrites an AI agent&apos;s memory</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-cisa-github-leak-postmortem-nine-alerts-six-months/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T16:15:00.000Z</news:publication_date>
      <news:title>CISA postmortem: nine alerts ignored, six months exposed</news:title>
      <news:keywords>CISA, GitHub, GitGuardian, AWS GovCloud, incident response, KrebsOnSecurity</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-cisa-github-leak-postmortem-nine-alerts-six-months/cover.jpg</image:loc>
      <image:title>CISA postmortem: nine alerts ignored, six months exposed</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-lidl-online-shop-breach-de-be-nl-service-provider/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T15:00:00.000Z</news:publication_date>
      <news:title>Lidl online shop breach hits DE, BE, NL via provider</news:title>
      <news:keywords>lidl, data breach, third-party breach, service provider, germany, netherlands, belgium</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-lidl-online-shop-breach-de-be-nl-service-provider/cover.jpg</image:loc>
      <image:title>Lidl online shop breach hits DE, BE, NL via provider</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-huntress-ai-generated-powershell-ad-enum/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T14:20:00.000Z</news:publication_date>
      <news:title>Huntress Flags Suspected AI-Written PowerShell in AD Case</news:title>
      <news:keywords>Huntress, AD enumeration, PowerShell, LLM, SharpShares, s5cmd</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-huntress-ai-generated-powershell-ad-enum/cover.jpg</image:loc>
      <image:title>Huntress Flags Suspected AI-Written PowerShell in AD Case</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-eu-uk-first-joint-cyber-sanctions-russia-33-named/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T12:30:00.000Z</news:publication_date>
      <news:title>First joint EU-UK cyber sanctions name 33 Russian targets</news:title>
      <news:keywords>eu sanctions, uk sanctions, russia, gru, fsb center 16, sandworm, turla, lumma stealer</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-eu-uk-first-joint-cyber-sanctions-russia-33-named/cover.jpg</image:loc>
      <image:title>First joint EU-UK cyber sanctions name 33 Russian targets</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-fsb-centre-16-cve-2018-0171-router-hygiene-csa/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T11:20:00.000Z</news:publication_date>
      <news:title>Seven years on, CVE-2018-0171 draws a 13-state advisory</news:title>
      <news:keywords>fsb-centre-16, berserk-bear, static-tundra, cisco-smart-install, cve-2018-0171, critical-infrastructure, router-hygiene</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-fsb-centre-16-cve-2018-0171-router-hygiene-csa/cover.jpg</image:loc>
      <image:title>Seven years on, CVE-2018-0171 draws a 13-state advisory</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-lexfo-evilginx-three-crews-open-directory/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T09:15:00.000Z</news:publication_date>
      <news:title>Three Evilginx Crews, One Forgotten Bash History</news:title>
      <news:keywords>evilginx, phishing, microsoft-365, aitm, oauth-device-code, lexfo, threat-intel</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-lexfo-evilginx-three-crews-open-directory/cover.jpg</image:loc>
      <image:title>Three Evilginx Crews, One Forgotten Bash History</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-12-redhook-group-ib-wireless-adb-loopback-shizuku-uid-2000/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-12T15:00:00.000Z</news:publication_date>
      <news:title>RedHook Android RAT pairs Wireless ADB on-device</news:title>
      <news:keywords>RedHook, Android, Wireless ADB, Wireless Debugging, Accessibility Service, Shizuku, Group-IB</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-12-redhook-group-ib-wireless-adb-loopback-shizuku-uid-2000/cover.jpg</image:loc>
      <image:title>RedHook Android RAT pairs Wireless ADB on-device</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-12-coinspect-ill-bloom-weak-prng-wallet-seed-5-1m-drained/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-12T09:15:00.000Z</news:publication_date>
      <news:title>Ill Bloom: Weak PRNG Drained $5.1M From Crypto Wallets</news:title>
      <news:keywords>ill bloom, coinspect, cryptocurrency wallet, weak prng, seed phrase, wallet drain</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-12-coinspect-ill-bloom-weak-prng-wallet-seed-5-1m-drained/cover.jpg</image:loc>
      <image:title>Ill Bloom: Weak PRNG Drained $5.1M From Crypto Wallets</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-sentinellabs-balochistan-police-china-india-converge/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T21:20:00.000Z</news:publication_date>
      <news:title>China, India APTs Converge on Balochistan Police</news:title>
      <news:keywords>SentinelLABS, Balochistan Police, Mysterious Elephant, PlugX, ShadowPad, Pakistan, APT-C-08</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-sentinellabs-balochistan-police-china-india-converge/cover.jpg</image:loc>
      <image:title>China, India APTs Converge on Balochistan Police</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-jscrambler-npm-8-14-0-preinstall-rust-infostealer/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T20:15:00.000Z</news:publication_date>
      <news:title>jscrambler 8.14.0 npm hijack: Rust stealer on install</news:title>
      <news:keywords>jscrambler, npm, supply-chain, preinstall, infostealer, Rust, Socket</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-jscrambler-npm-8-14-0-preinstall-rust-infostealer/cover.jpg</image:loc>
      <image:title>jscrambler 8.14.0 npm hijack: Rust stealer on install</image:title>
    </image:image>
  </url>
</urlset>