<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">
  <url>
    <loc>https://0daynews.com/articles/2026-07-06-gitlab-exiftool-rce-cve-2021-22205/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T13:00:00.000Z</news:publication_date>
      <news:title>GitLab&apos;s ExifTool RCE: A Patch That Sat Unrecognized for Months</news:title>
      <news:keywords>CVE-2021-22205, GitLab, ExifTool, remote code execution, patch adoption gap</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-06-gitlab-exiftool-rce-cve-2021-22205/cover.jpg</image:loc>
      <image:title>GitLab&apos;s ExifTool RCE: A Patch That Sat Unrecognized for Months</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-05-flipper-zero-firmware-maintenance-only-community-driven/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-05T17:20:00.000Z</news:publication_date>
      <news:title>Flipper Zero firmware goes maintenance-only — the honest timeline</news:title>
      <news:keywords>Flipper Zero, Flipper Devices, firmware, open source, red team tooling, community maintenance</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-05-flipper-zero-firmware-maintenance-only-community-driven/cover.jpg</image:loc>
      <image:title>Flipper Zero firmware goes maintenance-only — the honest timeline</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-05-barracuda-esg-zero-day-cve-2023-2868/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-05T15:30:00.000Z</news:publication_date>
      <news:title>Barracuda Told Customers to Replace Their Appliances, Not Just Patch Them. Here&apos;s Why.</news:title>
      <news:keywords>CVE-2023-2868, Barracuda ESG, Email Security Gateway, appliance replacement, persistent backdoor</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-05-barracuda-esg-zero-day-cve-2023-2868/cover.jpg</image:loc>
      <image:title>Barracuda Told Customers to Replace Their Appliances, Not Just Patch Them. Here&apos;s Why.</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-05-jfrog-rollup-polyfill-npm-six-packages-follow-up/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-05T15:20:00.000Z</news:publication_date>
      <news:title>Four more Rollup polyfill typosquats surface in JFrog&apos;s fuller DPRK writeup</news:title>
      <news:keywords>npm, supply-chain, DPRK, North Korea, Rollup, JFrog, Lazarus, typosquatting, BeaverTail</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-05-jfrog-rollup-polyfill-npm-six-packages-follow-up/cover.jpg</image:loc>
      <image:title>Four more Rollup polyfill typosquats surface in JFrog&apos;s fuller DPRK writeup</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-05-winrar-path-traversal-cve-2023-38831/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-05T13:00:00.000Z</news:publication_date>
      <news:title>The WinRAR Bug That Hid a Malicious Script Behind a Fake Photo</news:title>
      <news:keywords>CVE-2023-38831, WinRAR, RARLAB, path traversal, spoofed file extension</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-05-winrar-path-traversal-cve-2023-38831/cover.jpg</image:loc>
      <image:title>The WinRAR Bug That Hid a Malicious Script Behind a Fake Photo</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-metasploit-weekly-smb-meterpreter-peyara-detection/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T16:20:00.000Z</news:publication_date>
      <news:title>Metasploit&apos;s July 3 drop: SMB-to-Meterpreter and Peyara RCE — the detection tune</news:title>
      <news:keywords>Metasploit, Rapid7, Peyara Remote Mouse, SMB, Meterpreter, PsExec, detection engineering</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-metasploit-weekly-smb-meterpreter-peyara-detection/cover.jpg</image:loc>
      <image:title>Metasploit&apos;s July 3 drop: SMB-to-Meterpreter and Peyara RCE — the detection tune</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-kairos-1m-extortion-payment-us-government-ransom-isac/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T15:35:00.000Z</news:publication_date>
      <news:title>Kairos took $1M from a U.S. government entity — and never encrypted a file</news:title>
      <news:keywords>Kairos, data-theft extortion, Ransom-ISAC, Rakesh Krishnan, Union County Ohio, ransomware payment, blockchain forensics</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-kairos-1m-extortion-payment-us-government-ransom-isac/cover.jpg</image:loc>
      <image:title>Kairos took $1M from a U.S. government entity — and never encrypted a file</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-vmware-vcenter-vsphere-client-rce-cve-2021-21972/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T15:30:00.000Z</news:publication_date>
      <news:title>vCenter&apos;s Unrestricted-Upload Bug: A Reminder That Management Planes Shouldn&apos;t Face the Internet</news:title>
      <news:keywords>CVE-2021-21972, VMware vCenter Server, vSphere Client, unrestricted file upload, virtualization security</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-vmware-vcenter-vsphere-client-rce-cve-2021-21972/cover.jpg</image:loc>
      <image:title>vCenter&apos;s Unrestricted-Upload Bug: A Reminder That Management Planes Shouldn&apos;t Face the Internet</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-bluehammer-defender-lpe-kev-ransomware-confirmed/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T13:00:00.000Z</news:publication_date>
      <news:title>CISA confirms BlueHammer Defender LPE is being used in ransomware attacks</news:title>
      <news:keywords>CVE-2026-33825, BlueHammer, Microsoft Defender, CISA KEV, ransomware, Chaotic Eclipse, local privilege escalation</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-polinrider-108-dprk-packages-contagious-interview/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T13:00:00.000Z</news:publication_date>
      <news:title>PolinRider: North Korean actors seed 108 malicious packages across four ecosystems</news:title>
      <news:keywords>PolinRider, Contagious Interview, North Korea, DPRK, npm, Packagist, Go modules, Chrome extensions, supply-chain</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-polinrider-108-dprk-packages-contagious-interview/cover.jpg</image:loc>
      <image:title>PolinRider: North Korean actors seed 108 malicious packages across four ecosystems</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-spring4shell-vmware-spring-framework-rce/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T13:00:00.000Z</news:publication_date>
      <news:title>Spring4Shell: Why This One Needed Careful Triage, Not Panic</news:title>
      <news:keywords>Spring4Shell, CVE-2022-22965, Spring Framework, VMware, data binding</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-spring4shell-vmware-spring-framework-rce/cover.jpg</image:loc>
      <image:title>Spring4Shell: Why This One Needed Careful Triage, Not Panic</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-orchid-iga-ai-agents-lifecycle-gaps/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T11:15:00.000Z</news:publication_date>
      <news:title>IGA was built around employment records. Agents don&apos;t have those.</news:title>
      <news:keywords>identity governance, IGA, AI agents, non-human identity, OAuth, service accounts, joiner-mover-leaver</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-orchid-iga-ai-agents-lifecycle-gaps/cover.jpg</image:loc>
      <image:title>IGA was built around employment records. Agents don&apos;t have those.</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-avalon-crownx-modular-malware-framework/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T08:00:00.000Z</news:publication_date>
      <news:title>Blackpoint: Avalon framework bundles theft, wiper, and CrownX ransomware</news:title>
      <news:keywords>Avalon, CrownX, ransomware, Blackpoint Cyber, MSBuild, ETW evasion, infostealer</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-avalon-crownx-modular-malware-framework/cover.jpg</image:loc>
      <image:title>Blackpoint: Avalon framework bundles theft, wiper, and CrownX ransomware</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-toddycat-umbrij-oauth-gmail-kaspersky/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T07:20:00.000Z</news:publication_date>
      <news:title>Umbrij: ToddyCat grants itself Gmail OAuth by hijacking a live browser</news:title>
      <news:keywords>ToddyCat, Umbrij, Kaspersky, OAuth, Gmail, Google Workspace, APT, DLL sideloading</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-toddycat-umbrij-oauth-gmail-kaspersky/cover.jpg</image:loc>
      <image:title>Umbrij: ToddyCat grants itself Gmail OAuth by hijacking a live browser</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-artoken-eviltokens-m365-device-code-phishing-talos/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T06:20:00.000Z</news:publication_date>
      <news:title>ARToken PhaaS: device-code phishing is the M365 lane defenders keep leaving open</news:title>
      <news:keywords>ARToken, EvilTokens, device code phishing, Microsoft 365, phishing-as-a-service, Conditional Access, Cisco Talos</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-artoken-eviltokens-m365-device-code-phishing-talos/cover.jpg</image:loc>
      <image:title>ARToken PhaaS: device-code phishing is the M365 lane defenders keep leaving open</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-talos-catan-and-mouse-curiosity-defensive-skill/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T05:30:00.000Z</news:publication_date>
      <news:title>Talos on curiosity: the defensive skill that still doesn&apos;t scale</news:title>
      <news:keywords>Cisco Talos, Threat Source, William Largent, defender skills, pattern recognition, security operations, curiosity</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-armored-likho-busysnake-power-sector-kaspersky/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T05:15:00.000Z</news:publication_date>
      <news:title>Armored Likho: Kaspersky ties BusySnake stealer to power-sector espionage</news:title>
      <news:keywords>Armored Likho, BusySnake, Kaspersky, electric power sector, ICS/OT, threat intelligence, critical infrastructure</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-armored-likho-busysnake-power-sector-kaspersky/cover.jpg</image:loc>
      <image:title>Armored Likho: Kaspersky ties BusySnake stealer to power-sector espionage</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-consentfix-clickfix-m365-oauth-consent-phishing/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T04:15:00.000Z</news:publication_date>
      <news:title>ConsentFix + ClickFix: M365 grants that outlive a password reset</news:title>
      <news:keywords>ConsentFix, ClickFix, OAuth consent phishing, Microsoft 365, Opera Paste Protect, token theft, MFA bypass</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-consentfix-clickfix-m365-oauth-consent-phishing/cover.jpg</image:loc>
      <image:title>ConsentFix + ClickFix: M365 grants that outlive a password reset</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-03-fortibleed-inc-lynx-ransomware-attribution/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T02:30:00.000Z</news:publication_date>
      <news:title>FortiBleed operators tied directly to INC and Lynx ransomware crews</news:title>
      <news:keywords>FortiBleed, FortiGate, Fortinet, INC ransomware, Lynx ransomware, credential theft, initial access</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-03-fortibleed-inc-lynx-ransomware-attribution/cover.jpg</image:loc>
      <image:title>FortiBleed operators tied directly to INC and Lynx ransomware crews</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-03-pegasus-mep-kouloglou-citizen-lab-analysis/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-03T23:15:00.000Z</news:publication_date>
      <news:title>Pegasus on the MEP investigating Pegasus</news:title>
      <news:keywords>Pegasus, NSO Group, Citizen Lab, Stelios Kouloglou, European Parliament, PEGA committee, commercial spyware</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-03-chocopoc-rat-fake-poc-github-pypi-yeswehack/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-03T22:30:00.000Z</news:publication_date>
      <news:title>ChocoPoC: fake CVE PoC repos are shipping a stealer aimed at researchers</news:title>
      <news:keywords>ChocoPoC, YesWeHack, Sekoia, PyPI supply chain, fake PoC repos, vulnerability researcher targeting, GitHub malware</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-03-chocopoc-rat-fake-poc-github-pypi-yeswehack/cover.jpg</image:loc>
      <image:title>ChocoPoC: fake CVE PoC repos are shipping a stealer aimed at researchers</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-03-fatfs-runzero-seven-flaws-embedded-firmware/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-03T22:15:00.000Z</news:publication_date>
      <news:title>runZero discloses seven FatFs flaws in embedded firmware, six unpatched</news:title>
      <news:keywords>FatFs, embedded firmware, supply chain, runZero, CVE-2026-6682, JPCERT/CC, RTOS</news:keywords>
    </news:news>
  </url>
</urlset>