<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-doj-chen-zhang-queens-brooklyn-43m-investment-fraud-laundering-140-accounts-45-shells/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T18:15:00.000Z</news:publication_date>
      <news:title>Two indicted over $43M laundered from investment scams</news:title>
      <news:keywords>money laundering, investment fraud, pig butchering, DOJ indictment, shell companies, HSI</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-doj-chen-zhang-queens-brooklyn-43m-investment-fraud-laundering-140-accounts-45-shells/cover.jpg</image:loc>
      <image:title>Two indicted over $43M laundered from investment scams</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-nadmesh-go-botnet-shodan-comfyui-ollama-3811-aws-keys/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T16:15:00.000Z</news:publication_date>
      <news:title>NadMesh botnet raids exposed AI tools for 3,811 AWS keys</news:title>
      <news:keywords>nadmesh, ollama, comfyui, langflow, n8n, open-webui, gradio, aws-keys, kubernetes, shodan, cloud-security</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-nadmesh-go-botnet-shodan-comfyui-ollama-3811-aws-keys/cover.jpg</image:loc>
      <image:title>NadMesh botnet raids exposed AI tools for 3,811 AWS keys</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-expel-digicert-goldeneyedog-cylindricalcanine-27-ev-code-signing-certs-zhong-stealer/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T15:00:00.000Z</news:publication_date>
      <news:title>Expel: GoldenEyeDog stole 27 EV certs from DigiCert</news:title>
      <news:keywords>digicert, goldeneyedog, cylindricalcanine, ev-code-signing, zhong-stealer, expel, supply-chain</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-expel-digicert-goldeneyedog-cylindricalcanine-27-ev-code-signing-certs-zhong-stealer/cover.jpg</image:loc>
      <image:title>Expel: GoldenEyeDog stole 27 EV certs from DigiCert</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-abbott-shinyhunters-vishing-exact-sciences-labcentral-disputed/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T14:15:00.000Z</news:publication_date>
      <news:title>Abbott confirms Exact Sciences hit; LabCentral disputed</news:title>
      <news:keywords>Abbott, Exact Sciences, LabCentral, ShinyHunters, vishing, Microsoft Entra, data extortion</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-abbott-shinyhunters-vishing-exact-sciences-labcentral-disputed/cover.jpg</image:loc>
      <image:title>Abbott confirms Exact Sciences hit; LabCentral disputed</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-checkmarx-vitevenom-chainveil-seven-npm-tron-blockchain-c2/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T14:00:00.000Z</news:publication_date>
      <news:title>Seven Vite-adjacent npm packages route a RAT through Tron</news:title>
      <news:keywords>ViteVenom, ChainVeil, Checkmarx, npm supply chain, Vite, blockchain C2, Tron</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-checkmarx-vitevenom-chainveil-seven-npm-tron-blockchain-c2/cover.jpg</image:loc>
      <image:title>Seven Vite-adjacent npm packages route a RAT through Tron</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-okta-hollowbyte-openssl-dos-june-silent-fix/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T13:15:00.000Z</news:publication_date>
      <news:title>HollowByte: 11-byte OpenSSL DoS, no CVE, silent June fix</news:title>
      <news:keywords>OpenSSL, HollowByte, denial-of-service, Okta Red Team, TLS, memory exhaustion, glibc</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-okta-hollowbyte-openssl-dos-june-silent-fix/cover.jpg</image:loc>
      <image:title>HollowByte: 11-byte OpenSSL DoS, no CVE, silent June fix</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-wordpress-core-cve-2026-63030-wp2shell-rce-poc-public/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T13:05:00.000Z</news:publication_date>
      <news:title>WordPress Core RCE (wp2shell): CVE-2026-63030, PoC public</news:title>
      <news:keywords>CVE-2026-63030, wp2shell, WordPress, WordPress Core, unauthenticated RCE, GitHub Security Advisory, public PoC</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-wordpress-core-cve-2026-63030-wp2shell-rce-poc-public/cover.jpg</image:loc>
      <image:title>WordPress Core RCE (wp2shell): CVE-2026-63030, PoC public</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-choi-lee-seoul-uiuc-adi-agent-data-injection-web-coding-agents/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T10:15:00.000Z</news:publication_date>
      <news:title>Agent Data Injection: The Bug Under Every AI Agent</news:title>
      <news:keywords>Agent Data Injection, AI agent security, indirect prompt injection, arXiv 2607.05120, Claude Code, Google Antigravity, probabilistic delimiter injection</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-choi-lee-seoul-uiuc-adi-agent-data-injection-web-coding-agents/cover.jpg</image:loc>
      <image:title>Agent Data Injection: The Bug Under Every AI Agent</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-ec-google-android-qaap-mic-cam-screen-hotword-rival-ai/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T22:15:00.000Z</news:publication_date>
      <news:title>EU order opens Android mic, cam, screen to rival AI agents</news:title>
      <news:keywords>Android, Google, European Commission, Digital Markets Act, Gemini, QAAP, hotword, prompt injection</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-ec-google-android-qaap-mic-cam-screen-hotword-rival-ai/cover.jpg</image:loc>
      <image:title>EU order opens Android mic, cam, screen to rival AI agents</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-flare-2889-underground-posts-clean-residential-proxies-post-netnut/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T18:15:00.000Z</news:publication_date>
      <news:title>Flare finds carders still hunting clean IPs post-NetNut</news:title>
      <news:keywords>Flare, residential proxies, carding, NetNut, Popa botnet, underground economy, antidetect browser</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-flare-2889-underground-posts-clean-residential-proxies-post-netnut/cover.jpg</image:loc>
      <image:title>Flare finds carders still hunting clean IPs post-NetNut</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-ernst-young-third-party-support-ticket-breach-mar-apr-window/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T17:35:00.000Z</news:publication_date>
      <news:title>EY discloses breach via third-party IT ticket system</news:title>
      <news:keywords>Ernst &amp; Young, EY, third-party breach, support ticket system, tax data, Experian identity monitoring, Big Four</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-ernst-young-third-party-support-ticket-breach-mar-apr-window/cover.jpg</image:loc>
      <image:title>EY discloses breach via third-party IT ticket system</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-armenia-detains-ermakov-yerevan-revil-warrant-identity-dispute/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T16:15:00.000Z</news:publication_date>
      <news:title>Armenia detains Aleksandr Ermakov on US REvil warrant</news:title>
      <news:keywords>REvil, Sodinokibi, Aleksandr Ermakov, Armenia extradition, Interpol, Medibank, ransomware prosecution</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-armenia-detains-ermakov-yerevan-revil-warrant-identity-dispute/cover.jpg</image:loc>
      <image:title>Armenia detains Aleksandr Ermakov on US REvil warrant</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-elastic-ottercookie-svg-flag-steganography-ai-tool-configs/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T15:15:00.000Z</news:publication_date>
      <news:title>OtterCookie&apos;s fake interview now steals AI-tool configs</news:title>
      <news:keywords>OtterCookie, Contagious Interview, Elastic Security Labs, DPRK, SVG steganography, AI assistant configs, Slack recruiting lure, REF9403</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-elastic-ottercookie-svg-flag-steganography-ai-tool-configs/cover.jpg</image:loc>
      <image:title>OtterCookie&apos;s fake interview now steals AI-tool configs</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-kaspersky-goserpent-go-rat-tetrisphantom-overlap-apac-diplomatic/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T14:05:00.000Z</news:publication_date>
      <news:title>GoSerpent: Go RAT hits APAC gov, TetrisPhantom overlap</news:title>
      <news:keywords>GoSerpent, TetrisPhantom, Kaspersky, Southeast Asia espionage, Go malware, Stowaway, McMx RAT</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-kaspersky-goserpent-go-rat-tetrisphantom-overlap-apac-diplomatic/cover.jpg</image:loc>
      <image:title>GoSerpent: Go RAT hits APAC gov, TetrisPhantom overlap</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-nightmare-eclipse-legacyhive-windows-user-profile-service-lpe-zero-day/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T13:00:00.000Z</news:publication_date>
      <news:title>LegacyHive: unpatched Windows LPE zero-day, PoC public</news:title>
      <news:keywords>LegacyHive, Nightmare Eclipse, Windows LPE, User Profile Service, usrclass.dat, registry hive, zero-day, Kevin Beaumont</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-nightmare-eclipse-legacyhive-windows-user-profile-service-lpe-zero-day/cover.jpg</image:loc>
      <image:title>LegacyHive: unpatched Windows LPE zero-day, PoC public</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-microsoft-defender-experts-acr-stealer-clickfix-run-box-paste-and-run/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T11:15:00.000Z</news:publication_date>
      <news:title>ACR Stealer, ClickFix, and why the Run box still works</news:title>
      <news:keywords>ACR Stealer, Amatera, AcridRain, ClickFix, infostealer, Microsoft Defender Experts, Microsoft 365</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-microsoft-defender-experts-acr-stealer-clickfix-run-box-paste-and-run/cover.jpg</image:loc>
      <image:title>ACR Stealer, ClickFix, and why the Run box still works</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-microsoft-windows-server-2022-mainstream-eos-october-13-extended-2031/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T10:15:00.000Z</news:publication_date>
      <news:title>Windows Server 2022 mainstream support ends Oct 13</news:title>
      <news:keywords>Windows Server 2022, Microsoft, end of mainstream support, extended support, Windows Server 2025, lifecycle</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-microsoft-windows-server-2022-mainstream-eos-october-13-extended-2031/cover.jpg</image:loc>
      <image:title>Windows Server 2022 mainstream support ends Oct 13</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-doj-chen-zhang-43m-money-laundering-140-accounts-45-shells/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T09:15:00.000Z</news:publication_date>
      <news:title>The plumbing behind $43M in investment-fraud losses</news:title>
      <news:keywords>pig-butchering, money laundering, investment fraud, HSI, shell companies, Zhuoying Chen, Haojie Zhang</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-doj-chen-zhang-43m-money-laundering-140-accounts-45-shells/cover.jpg</image:loc>
      <image:title>The plumbing behind $43M in investment-fraud losses</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-microsoft-windows-11-24h2-home-pro-eos-october-13-25h2-enablement/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T01:30:00.000Z</news:publication_date>
      <news:title>Windows 11 24H2 Home and Pro: 90 days to end of updates</news:title>
      <news:keywords>Windows 11, 24H2, 25H2, end of support, lifecycle, Microsoft, LTSB 2016</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-microsoft-windows-11-24h2-home-pro-eos-october-13-25h2-enablement/cover.jpg</image:loc>
      <image:title>Windows 11 24H2 Home and Pro: 90 days to end of updates</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-n8n-cve-2026-59208-cross-issuer-token-exchange-sub-iss/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T00:20:00.000Z</news:publication_date>
      <news:title>n8n cross-issuer JWT bypass logs attackers in as anyone</news:title>
      <news:keywords>n8n, CVE-2026-59208, token exchange, JWT, multi-issuer, SSO, workflow automation</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-n8n-cve-2026-59208-cross-issuer-token-exchange-sub-iss/cover.jpg</image:loc>
      <image:title>n8n cross-issuer JWT bypass logs attackers in as anyone</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-talos-uat-11795-starland-rat-wldr-c2-trojanized-installers/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T23:30:00.000Z</news:publication_date>
      <news:title>UAT-11795 hides Starland RAT in trojanized installers</news:title>
      <news:keywords>UAT-11795, Starland RAT, WLDR C2, Cisco Talos, CastleStealer, Remcos RAT, trojanized installer</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-talos-uat-11795-starland-rat-wldr-c2-trojanized-installers/cover.jpg</image:loc>
      <image:title>UAT-11795 hides Starland RAT in trojanized installers</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-sans-stephen-sims-bugcrowd-ai-triage-proof-standard/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T23:15:00.000Z</news:publication_date>
      <news:title>AI can find the bug. Proving it is still the job.</news:title>
      <news:keywords>ai security, bug bounty, bugcrowd, sans, vulnerability discovery, proof of exploit, stephen sims</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-sans-stephen-sims-bugcrowd-ai-triage-proof-standard/cover.jpg</image:loc>
      <image:title>AI can find the bug. Proving it is still the job.</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-elastic-telepuz-clickfix-maas-vidar-stage-two/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T22:20:00.000Z</news:publication_date>
      <news:title>Elastic: TELEPUZ ClickFix stealer confirmed since April</news:title>
      <news:keywords>TELEPUZ, Elastic Security Labs, ClickFix, Vidar Stealer, malware-as-a-service, Polygon smart contract, infostealer</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-elastic-telepuz-clickfix-maas-vidar-stage-two/cover.jpg</image:loc>
      <image:title>Elastic: TELEPUZ ClickFix stealer confirmed since April</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-coca-cola-fairlife-ransomware-sec-8k-us-production-halt/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T22:00:00.000Z</news:publication_date>
      <news:title>Coca-Cola halts Fairlife US production after ransomware</news:title>
      <news:keywords>Fairlife ransomware, Coca-Cola SEC 8-K, dairy production halt, ransomware disclosure, food and beverage ransomware</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-coca-cola-fairlife-ransomware-sec-8k-us-production-halt/cover.jpg</image:loc>
      <image:title>Coca-Cola halts Fairlife US production after ransomware</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-cisa-kev-sharepoint-cve-2026-58644-deserialization-fourth-in-week/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T21:15:00.000Z</news:publication_date>
      <news:title>CISA adds a fourth SharePoint bug to KEV in 48 hours</news:title>
      <news:keywords>SharePoint, CISA KEV, CVE-2026-58644, deserialization, BOD 26-04, patch management</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-cisa-kev-sharepoint-cve-2026-58644-deserialization-fourth-in-week/cover.jpg</image:loc>
      <image:title>CISA adds a fourth SharePoint bug to KEV in 48 hours</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-agent-data-injection-choi-snu-uiuc-probabilistic-delimiter/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:15:00.000Z</news:publication_date>
      <news:title>Agent Data Injection: SQL injection, different decade</news:title>
      <news:keywords>agent data injection, prompt injection, ai agents, llm security, claude in chrome, coding agents, trust boundary</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-agent-data-injection-choi-snu-uiuc-probabilistic-delimiter/cover.jpg</image:loc>
      <image:title>Agent Data Injection: SQL injection, different decade</image:title>
    </image:image>
  </url>
</urlset>