<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-unit-42-tuxbot-v3-llm-chain-of-thought-iot-botnet/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T21:15:00.000Z</news:publication_date>
      <news:title>Unit 42: TuxBot v3 shipped LLM chain-of-thought in comments</news:title>
      <news:keywords>TuxBot, Unit 42, Palo Alto Networks, IoT botnet, LLM, Mirai, MHDDoS</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-unit-42-tuxbot-v3-llm-chain-of-thought-iot-botnet/cover.jpg</image:loc>
      <image:title>Unit 42: TuxBot v3 shipped LLM chain-of-thought in comments</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-trend-micro-bandcampro-gemini-cli-c2-botnet-operator/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T20:20:00.000Z</news:publication_date>
      <news:title>Trend Micro: bandcampro ran a C2 botnet on Gemini CLI</news:title>
      <news:keywords>Trend Micro, Gemini CLI, bandcampro, agentic C2, LLM abuse, OpenDental, dental clinic breach</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-trend-micro-bandcampro-gemini-cli-c2-botnet-operator/cover.jpg</image:loc>
      <image:title>Trend Micro: bandcampro ran a C2 botnet on Gemini CLI</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-rapid7-blazek-aws-persistence-iam-lambda-federated-hunt-runbook/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T19:15:00.000Z</news:publication_date>
      <news:title>AWS persistence: four patterns to hunt after an incident</news:title>
      <news:keywords>aws, iam, cloudtrail, lambda, persistence, cloud-security, detection-engineering</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-rapid7-blazek-aws-persistence-iam-lambda-federated-hunt-runbook/cover.jpg</image:loc>
      <image:title>AWS persistence: four patterns to hunt after an incident</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-kaspersky-okobot-seedhunter-ledger-trezor-electron-hook/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T18:15:00.000Z</news:publication_date>
      <news:title>Kaspersky: OkoBot phishes seeds inside Ledger, Trezor apps</news:title>
      <news:keywords>OkoBot, Kaspersky GReAT, SeedHunter, Ledger Live, Trezor Suite, TookPS, hardware wallet phishing</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-kaspersky-okobot-seedhunter-ledger-trezor-electron-hook/cover.jpg</image:loc>
      <image:title>Kaspersky: OkoBot phishes seeds inside Ledger, Trezor apps</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-zyxel-cve-2023-28771-epss-099-three-years-post-patch/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T17:15:00.000Z</news:publication_date>
      <news:title>Zyxel CVE-2023-28771: EPSS 0.99 three years after the patch</news:title>
      <news:keywords>zyxel, cve-2023-28771, kev, epss, firewall, edge-network, command-injection</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-zyxel-cve-2023-28771-epss-099-three-years-post-patch/cover.jpg</image:loc>
      <image:title>Zyxel CVE-2023-28771: EPSS 0.99 three years after the patch</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-chaotic-eclipse-legacyhive-profsvc-lpe-poc-drop/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T16:15:00.000Z</news:publication_date>
      <news:title>LegacyHive: Chaotic Eclipse&apos;s fourth Windows zero-day</news:title>
      <news:keywords>LegacyHive, Chaotic Eclipse, Nightmare-Eclipse, Windows User Profile Service, ProfSvc, local privilege escalation, zero-day</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-chaotic-eclipse-legacyhive-profsvc-lpe-poc-drop/cover.jpg</image:loc>
      <image:title>LegacyHive: Chaotic Eclipse&apos;s fourth Windows zero-day</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-mozilla-firefox-exploit-public-chrome-adobe-coldfusion-patch-day/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T15:15:00.000Z</news:publication_date>
      <news:title>Firefox exploit code public; Chrome, Adobe patch same day</news:title>
      <news:keywords>Firefox, Chrome, Adobe ColdFusion, patch management, CVE-2026-15718, CVE-2026-15719, CVE-2026-48318</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-mozilla-firefox-exploit-public-chrome-adobe-coldfusion-patch-day/cover.jpg</image:loc>
      <image:title>Firefox exploit code public; Chrome, Adobe patch same day</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-cisa-sharepoint-three-cves-bod-26-04-july-17-deadline/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T14:15:00.000Z</news:publication_date>
      <news:title>CISA: three SharePoint bugs exploited, patch by July 17</news:title>
      <news:keywords>SharePoint, CISA KEV, BOD 26-04, CVE-2026-32201, CVE-2026-45659, CVE-2026-56164, patch management</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-cisa-sharepoint-three-cves-bod-26-04-july-17-deadline/cover.jpg</image:loc>
      <image:title>CISA: three SharePoint bugs exploited, patch by July 17</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-asyncapi-npm-miasma-multi-c2-loader-cicd-compromise/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T13:00:00.000Z</news:publication_date>
      <news:title>Miasma loader shipped in 5 @asyncapi npm package versions</news:title>
      <news:keywords>asyncapi, npm-supply-chain, miasma-loader, cicd-compromise, ipfs-c2, nostr-c2, ox-security, socket</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-asyncapi-npm-miasma-multi-c2-loader-cicd-compromise/cover.jpg</image:loc>
      <image:title>Miasma loader shipped in 5 @asyncapi npm package versions</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-mindgard-cursor-git-exe-workspace-root-no-patch/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T12:20:00.000Z</news:publication_date>
      <news:title>Mindgard: Cursor still runs git.exe from repo root</news:title>
      <news:keywords>Cursor, Mindgard, Aaron Portnoy, Windows executable search order, workspace trust, AI coding editor, full disclosure</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-mindgard-cursor-git-exe-workspace-root-no-patch/cover.jpg</image:loc>
      <image:title>Mindgard: Cursor still runs git.exe from repo root</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-doj-media-land-yalishanda-lockbit-blacksuit-play-bulletproof-hosting-indictment/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T10:15:00.000Z</news:publication_date>
      <news:title>DOJ indicts Media Land trio: LockBit, BlackSuit, Play host</news:title>
      <news:keywords>media-land, ml-cloud, yalishanda, lockbit, blacksuit, play, bulletproof-hosting, doj-indictment</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-doj-media-land-yalishanda-lockbit-blacksuit-play-bulletproof-hosting-indictment/cover.jpg</image:loc>
      <image:title>DOJ indicts Media Land trio: LockBit, BlackSuit, Play host</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-microsoft-safeguard-hold-dell-kb5101650-intel-ipf-shutdowns/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T10:15:00.000Z</news:publication_date>
      <news:title>Microsoft blocks Dell PCs from July KB5101650 rollout</news:title>
      <news:keywords>Microsoft, Windows 11, Dell, KB5101650, KB5095093, safeguard hold, Patch Tuesday</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-microsoft-safeguard-hold-dell-kb5101650-intel-ipf-shutdowns/cover.jpg</image:loc>
      <image:title>Microsoft blocks Dell PCs from July KB5101650 rollout</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-microsoft-entra-id-passkeys-default-september-sms-voice-retirement-feb-2027/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T08:15:00.000Z</news:publication_date>
      <news:title>Entra ID passkeys go default in Sept; SMS/voice out Feb 1</news:title>
      <news:keywords>Microsoft Entra ID, passkeys default, SMS MFA retirement, voice MFA retirement, phishing-resistant MFA, Entra ID rollout September 2026</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-microsoft-entra-id-passkeys-default-september-sms-voice-retirement-feb-2027/cover.jpg</image:loc>
      <image:title>Entra ID passkeys go default in Sept; SMS/voice out Feb 1</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-reliaquest-jalisco-omegalord-m365-device-code-mfa-bypass/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T07:00:00.000Z</news:publication_date>
      <news:title>Jalisco kit auto-refreshes M365 device codes on demand</news:title>
      <news:keywords>reliaquest, jalisco, omegalord, microsoft-365, device-code-phishing, oauth, entra-id</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-reliaquest-jalisco-omegalord-m365-device-code-mfa-bypass/cover.jpg</image:loc>
      <image:title>Jalisco kit auto-refreshes M365 device codes on demand</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-spain-140m-bec-fraud-ring-800-accounts-67-mules/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T05:10:00.000Z</news:publication_date>
      <news:title>Spain Dismantles €140M BEC Ring; 800 Accounts, 67 Mules</news:title>
      <news:keywords>BEC, business email compromise, Spanish National Police, Europol, Interpol, money mules, investment fraud, financial crime</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-spain-140m-bec-fraud-ring-800-accounts-67-mules/cover.jpg</image:loc>
      <image:title>Spain Dismantles €140M BEC Ring; 800 Accounts, 67 Mules</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-lastpass-bitwarden-compliance-lookalike-domain-phishing/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T04:15:00.000Z</news:publication_date>
      <news:title>LastPass, Bitwarden users hit by lookalike-domain phishing</news:title>
      <news:keywords>LastPass, Bitwarden, password manager phishing, lookalike domain, DocuSign lure, credential theft</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-lastpass-bitwarden-compliance-lookalike-domain-phishing/cover.jpg</image:loc>
      <image:title>LastPass, Bitwarden users hit by lookalike-domain phishing</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-blackpoint-labubarat-rust-nvidia-sysruntime-maas/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T03:15:00.000Z</news:publication_date>
      <news:title>Blackpoint flags LabubaRAT: Rust MaaS RAT poses as NVIDIA</news:title>
      <news:keywords>LabubaRAT, Blackpoint Cyber, Rust, RAT, malware-as-a-service, NVIDIA, Windows</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-blackpoint-labubarat-rust-nvidia-sysruntime-maas/cover.jpg</image:loc>
      <image:title>Blackpoint flags LabubaRAT: Rust MaaS RAT poses as NVIDIA</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-arctic-wolf-292-fake-github-repos-boryptgrab-infostealer/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T22:15:00.000Z</news:publication_date>
      <news:title>Arctic Wolf: 292 fake GitHub repos push BoryptGrab stealer</news:title>
      <news:keywords>github, arctic-wolf, boryptgrab, infostealer, supply-chain, typosquatting, chrome-app-bound-encryption</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-arctic-wolf-292-fake-github-repos-boryptgrab-infostealer/cover.jpg</image:loc>
      <image:title>Arctic Wolf: 292 fake GitHub repos push BoryptGrab stealer</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-sonicwall-sma1000-cve-2026-15409-15410-kev-active-exploitation/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T21:45:00.000Z</news:publication_date>
      <news:title>SonicWall SMA1000 zero-days on CISA KEV: patch by July 17</news:title>
      <news:keywords>SonicWall SMA1000, CVE-2026-15409, CVE-2026-15410, CISA KEV, zero-day, remote access, vendor patch</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-sonicwall-sma1000-cve-2026-15409-15410-kev-active-exploitation/cover.jpg</image:loc>
      <image:title>SonicWall SMA1000 zero-days on CISA KEV: patch by July 17</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-manifold-claude-for-chrome-trust-boundary-still-open/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T21:30:00.000Z</news:publication_date>
      <news:title>Claude for Chrome flaw lets other extensions read Gmail</news:title>
      <news:keywords>claude for chrome, manifold security, anthropic, claudebleed, layerx security, browser extension, prompt injection, trust boundary</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-manifold-claude-for-chrome-trust-boundary-still-open/cover.jpg</image:loc>
      <image:title>Claude for Chrome flaw lets other extensions read Gmail</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-rapid7-sharepoint-cve-2026-55040-jwt-auth-bypass-rce-chain-half/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:15:00.000Z</news:publication_date>
      <news:title>SharePoint JWT bypass fixed; RCE half of chain still open</news:title>
      <news:keywords>microsoft, sharepoint, cve-2026-55040, authentication-bypass, rapid7, jwt, patch-tuesday</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-rapid7-sharepoint-cve-2026-55040-jwt-auth-bypass-rce-chain-half/cover.jpg</image:loc>
      <image:title>SharePoint JWT bypass fixed; RCE half of chain still open</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-microsoft-july-patch-tuesday-570-cves-adfs-sharepoint-bitlocker-zero-days/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T19:15:00.000Z</news:publication_date>
      <news:title>Microsoft July Patch Tuesday: 570 CVEs, 3 zero-days out</news:title>
      <news:keywords>Microsoft Patch Tuesday, AD FS, SharePoint, BitLocker, zero-day, CVE-2026-56155, CVE-2026-56164</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-microsoft-july-patch-tuesday-570-cves-adfs-sharepoint-bitlocker-zero-days/cover.jpg</image:loc>
      <image:title>Microsoft July Patch Tuesday: 570 CVEs, 3 zero-days out</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-ku-leuven-distrinet-85-crypto-wallet-extensions-address-linking/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T18:20:00.000Z</news:publication_date>
      <news:title>KU Leuven: 85 wallet extensions leak addresses cross-site</news:title>
      <news:keywords>KU Leuven, DistriNet, crypto wallet extension, address linking, browser extension privacy, PETS 2026, wallet fingerprinting</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-ku-leuven-distrinet-85-crypto-wallet-extensions-address-linking/cover.jpg</image:loc>
      <image:title>KU Leuven: 85 wallet extensions leak addresses cross-site</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-progress-sharefile-storage-zone-5-12-5-6-0-2-path-traversal-patch/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T17:20:00.000Z</news:publication_date>
      <news:title>Progress patches ShareFile zero-day: 5.12.5 and 6.0.2 out</news:title>
      <news:keywords>Progress ShareFile, Storage Zone Controller, path traversal, vendor patch, managed file transfer, zero-day</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-progress-sharefile-storage-zone-5-12-5-6-0-2-path-traversal-patch/cover.jpg</image:loc>
      <image:title>Progress patches ShareFile zero-day: 5.12.5 and 6.0.2 out</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-rabbitmq-miggo-oauth-secret-cross-tenant-cve-2026-57219/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T16:20:00.000Z</news:publication_date>
      <news:title>Miggo: RabbitMQ leaked OAuth secret via obsolete endpoint</news:title>
      <news:keywords>rabbitmq, oauth, cve-2026-57219, message-broker, miggo, cross-tenant, cloud-security</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-rabbitmq-miggo-oauth-secret-cross-tenant-cve-2026-57219/cover.jpg</image:loc>
      <image:title>Miggo: RabbitMQ leaked OAuth secret via obsolete endpoint</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-proofpoint-oauth-client-id-spoofing-entra-signin-logs-blind/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T15:00:00.000Z</news:publication_date>
      <news:title>OAuth client ID spoofing sneaks past Entra sign-in logs</news:title>
      <news:keywords>microsoft-entra-id, oauth, credential-stuffing, proofpoint, ropc, conditional-access, detection-engineering</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-proofpoint-oauth-client-id-spoofing-entra-signin-logs-blind/cover.jpg</image:loc>
      <image:title>OAuth client ID spoofing sneaks past Entra sign-in logs</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-eset-uefi-shim-cve-2026-8863-secure-boot-bypass/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T14:15:00.000Z</news:publication_date>
      <news:title>ESET: 11 old signed UEFI shims still bypass Secure Boot</news:title>
      <news:keywords>uefi, secure boot, shim, eset, microsoft, cve-2026-8863, dbx</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-eset-uefi-shim-cve-2026-8863-secure-boot-bypass/cover.jpg</image:loc>
      <image:title>ESET: 11 old signed UEFI shims still bypass Secure Boot</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-sap-july-patch-day-three-criticals-netweaver-approuter-commerce/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T13:15:00.000Z</news:publication_date>
      <news:title>SAP&apos;s July Patch Day: three criticals, worst is 9.9</news:title>
      <news:keywords>sap, netweaver, approuter, commerce cloud, patch day, cve-2026-44747, cve-2026-27690, cve-2026-44761</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-sap-july-patch-day-three-criticals-netweaver-approuter-commerce/cover.jpg</image:loc>
      <image:title>SAP&apos;s July Patch Day: three criticals, worst is 9.9</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-ofac-1vpns-rashevskyi-silayev-sb0559-cryptor-designation/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T11:20:00.000Z</news:publication_date>
      <news:title>OFAC sanctions 1VPNS admin plus Belarusian cryptor seller</news:title>
      <news:keywords>ofac, sanctions, 1vpns, ransomware, cryptor, operation-saffron, us-treasury</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-ofac-1vpns-rashevskyi-silayev-sb0559-cryptor-designation/cover.jpg</image:loc>
      <image:title>OFAC sanctions 1VPNS admin plus Belarusian cryptor seller</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-cereblab-grok-build-0-2-93-git-repo-upload-gcs/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T10:15:00.000Z</news:publication_date>
      <news:title>Grok Build v0.2.93 uploaded whole repos to xAI&apos;s bucket</news:title>
      <news:keywords>grok-build, xai, ai-coding-cli, data-exposure, secrets-leak, gcs-bucket</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-cereblab-grok-build-0-2-93-git-repo-upload-gcs/cover.jpg</image:loc>
      <image:title>Grok Build v0.2.93 uploaded whole repos to xAI&apos;s bucket</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-jfrog-148-npm-packages-browser-ddos-botnet-may/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T09:15:00.000Z</news:publication_date>
      <news:title>148 npm packages ran a browser-based DDoS botnet in May</news:title>
      <news:keywords>npm, supply-chain, JFrog, DDoS botnet, web proxy, browser abuse</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-jfrog-148-npm-packages-browser-ddos-botnet-may/cover.jpg</image:loc>
      <image:title>148 npm packages ran a browser-based DDoS botnet in May</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-microsoft-shinyhunters-salesforce-oauth-three-paths/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T08:20:00.000Z</news:publication_date>
      <news:title>A year of ShinyHunters OAuth abuse, mapped by Microsoft</news:title>
      <news:keywords>microsoft, shinyhunters, salesforce, oauth, storm-3138, saas-supply-chain, klue</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-microsoft-shinyhunters-salesforce-oauth-three-paths/cover.jpg</image:loc>
      <image:title>A year of ShinyHunters OAuth abuse, mapped by Microsoft</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-forg365-phaas-m365-device-code-aitm-market/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T05:45:00.000Z</news:publication_date>
      <news:title>Forg365 shows PhaaS became a $400/mo rental market</news:title>
      <news:keywords>forg365, phishing-as-a-service, microsoft-365, device-code-phishing, aitm, telegram, threat-intel</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-forg365-phaas-m365-device-code-aitm-market/cover.jpg</image:loc>
      <image:title>Forg365 shows PhaaS became a $400/mo rental market</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-jscrambler-npm-post-mortem-four-versions-8-22-clean/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T02:15:00.000Z</news:publication_date>
      <news:title>Jscrambler: four npm versions hit, publish creds revoked</news:title>
      <news:keywords>jscrambler, npm, supply-chain, publish credentials, preinstall, infostealer, Socket</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-jscrambler-npm-post-mortem-four-versions-8-22-clean/cover.jpg</image:loc>
      <image:title>Jscrambler: four npm versions hit, publish creds revoked</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-nca-russian-coms-five-charged-1-8m-spoofed-calls/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T22:15:00.000Z</news:publication_date>
      <news:title>NCA charges five over Russian Coms spoofing platform</news:title>
      <news:keywords>Russian Coms, NCA, caller-ID spoofing, Operation Henhouse, vishing, STIR/SHAKEN, Ofcom</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-nca-russian-coms-five-charged-1-8m-spoofed-calls/cover.jpg</image:loc>
      <image:title>NCA charges five over Russian Coms spoofing platform</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-meta-2026-0182881-lachlan-dunn-emotion-listening-patent/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T22:00:00.000Z</news:publication_date>
      <news:title>Meta patent describes an always-on emotion-reading AI</news:title>
      <news:keywords>meta, ai patent, ambient listening, emotion analysis, surveillance, privacy, smart glasses</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-meta-2026-0182881-lachlan-dunn-emotion-listening-patent/cover.jpg</image:loc>
      <image:title>Meta patent describes an always-on emotion-reading AI</image:title>
    </image:image>
  </url>
</urlset>