<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-anyrun-phantomenigma-brazil-gov-br-hijack-dmarc-inno-node/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T17:20:00.000Z</news:publication_date>
      <news:title>PhantomEnigma rides Brazilian .gov.br sites and mailboxes</news:title>
      <news:keywords>PhantomEnigma, ANY.RUN, Brazil, gov.br, DMARC, Inno Setup, banking-trojan</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-anyrun-phantomenigma-brazil-gov-br-hijack-dmarc-inno-node/cover.jpg</image:loc>
      <image:title>PhantomEnigma rides Brazilian .gov.br sites and mailboxes</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-rapid7-attackerkb-public-sunset-august-18-curation/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T16:30:00.000Z</news:publication_date>
      <news:title>AttackerKB&apos;s public tier closes August 18</news:title>
      <news:keywords>AttackerKB, Rapid7, vulnerability intelligence, Douglas McKee, AI-generated submissions, community disclosure</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-rapid7-attackerkb-public-sunset-august-18-curation/cover.jpg</image:loc>
      <image:title>AttackerKB&apos;s public tier closes August 18</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-23andme-chrome-holding-18m-43-state-ag-settlement-2023-breach/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T15:20:00.000Z</news:publication_date>
      <news:title>23andMe settles genetics breach: $18M, 43 states</news:title>
      <news:keywords>23andMe, Chrome Holding, genetic data breach, state attorneys general, Letitia James, credential stuffing, settlement</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-23andme-chrome-holding-18m-43-state-ag-settlement-2023-breach/cover.jpg</image:loc>
      <image:title>23andMe settles genetics breach: $18M, 43 states</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-daxin-srt64-stupig-winlogon-taiwan-digiwin-jdk/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T14:20:00.000Z</news:publication_date>
      <news:title>Daxin resurfaces in Taiwan alongside new Stupig backdoor</news:title>
      <news:keywords>daxin, stupig, symantec, kernel-rootkit, winlogon, taiwan, china-linked</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-daxin-srt64-stupig-winlogon-taiwan-digiwin-jdk/cover.jpg</image:loc>
      <image:title>Daxin resurfaces in Taiwan alongside new Stupig backdoor</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-scattered-spider-tfl-jubair-flowers-nca-cma-sentence/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T13:20:00.000Z</news:publication_date>
      <news:title>Two Scattered Spider affiliates get 5.5 years for TfL hack</news:title>
      <news:keywords>Scattered Spider, Transport for London, Thalha Jubair, Owen Flowers, National Crime Agency, Computer Misuse Act</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-scattered-spider-tfl-jubair-flowers-nca-cma-sentence/cover.jpg</image:loc>
      <image:title>Two Scattered Spider affiliates get 5.5 years for TfL hack</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-sharkninja-tokay0-aws-iot-cert-region-root-no-patch/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T12:00:00.000Z</news:publication_date>
      <news:title>Unpatched Shark vacuums: regional root, no CVE, no patch</news:title>
      <news:keywords>SharkNinja, Shark robot vacuum, AWS IoT, IoT device certificate, tokay0, responsible disclosure, IOT_POLICY_OVERLY_PERMISSIVE_CHECK</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-sharkninja-tokay0-aws-iot-cert-region-root-no-patch/cover.jpg</image:loc>
      <image:title>Unpatched Shark vacuums: regional root, no CVE, no patch</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-symantec-spirals-ransomware-iis-webshell-24h-south-asia/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T11:15:00.000Z</news:publication_date>
      <news:title>Spirals ransomware: full network encrypted in under 24h</news:title>
      <news:keywords>Spirals ransomware, Symantec, IIS web shell, PsExec, WMI lateral movement, Rust ransomware, intermittent encryption</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-symantec-spirals-ransomware-iis-webshell-24h-south-asia/cover.jpg</image:loc>
      <image:title>Spirals ransomware: full network encrypted in under 24h</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-openai-gpt-red-internal-red-teamer-prompt-injection/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T10:00:00.000Z</news:publication_date>
      <news:title>OpenAI discloses GPT-Red, its internal automated red-teamer</news:title>
      <news:keywords>OpenAI, GPT-Red, prompt injection, AI red-teaming, adversarial training, LLM security</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-openai-gpt-red-internal-red-teamer-prompt-injection/cover.jpg</image:loc>
      <image:title>OpenAI discloses GPT-Red, its internal automated red-teamer</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-mindgard-cursor-workspace-git-hijack-windows-no-patch/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T09:15:00.000Z</news:publication_date>
      <news:title>Cursor: opening a repo runs its git.exe. No patch, 7 months.</news:title>
      <news:keywords>Cursor, Mindgard, workspace hijack, untrusted search path, CWE-427, developer tooling, Windows, full disclosure</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-mindgard-cursor-workspace-git-hijack-windows-no-patch/cover.jpg</image:loc>
      <image:title>Cursor: opening a repo runs its git.exe. No patch, 7 months.</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-microsoft-mdash-july-622-cves-ai-attribution-krebs-rapid7/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T08:15:00.000Z</news:publication_date>
      <news:title>The July patch count Microsoft warned would come</news:title>
      <news:keywords>Microsoft, Patch Tuesday, MDASH, AI vulnerability discovery, July 2026, Pavan Davuluri</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-microsoft-mdash-july-622-cves-ai-attribution-krebs-rapid7/cover.jpg</image:loc>
      <image:title>The July patch count Microsoft warned would come</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-microsoft-kb5099539-windows-10-esu-july-22h2-ltsc-2021/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T07:00:00.000Z</news:publication_date>
      <news:title>KB5099539 lands: Windows 10 ESU carries the July zero-days</news:title>
      <news:keywords>Windows 10, Extended Security Updates, KB5099539, LTSC 2021, Patch Tuesday, CVE-2026-56155, CVE-2026-56164</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-microsoft-kb5099539-windows-10-esu-july-22h2-ltsc-2021/cover.jpg</image:loc>
      <image:title>KB5099539 lands: Windows 10 ESU carries the July zero-days</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-intruder-vending-machine-llm-code-slicing-wordpress-zero-day/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T04:15:00.000Z</news:publication_date>
      <news:title>Intruder ships an LLM vuln-discovery product, plus a 0-day</news:title>
      <news:keywords>intruder, llm, vulnerability discovery, code slicing, wordpress, zero-day, ai-assisted security</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-intruder-vending-machine-llm-code-slicing-wordpress-zero-day/cover.jpg</image:loc>
      <image:title>Intruder ships an LLM vuln-discovery product, plus a 0-day</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-cisa-kev-oracle-ebs-cve-2026-46817-payments-file-transmission/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:20:00.000Z</news:publication_date>
      <news:title>CISA KEV: Oracle EBS Payments 9.8 unauth RCE lands</news:title>
      <news:keywords>Oracle E-Business Suite, Oracle Payments, CVE-2026-46817, CISA KEV, BOD 26-04, Critical Patch Update, File Transmission</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-cisa-kev-oracle-ebs-cve-2026-46817-payments-file-transmission/cover.jpg</image:loc>
      <image:title>CISA KEV: Oracle EBS Payments 9.8 unauth RCE lands</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-zoom-psirt-zsb-26014-workplace-windows-cvss-98-unauth-takeover/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:15:00.000Z</news:publication_date>
      <news:title>Zoom PSIRT: patch Workplace 7.0.0, unauth takeover 9.8</news:title>
      <news:keywords>Zoom, Zoom Workplace, Zoom VDI Client, ZSB-26014, account takeover, PSIRT</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-zoom-psirt-zsb-26014-workplace-windows-cvss-98-unauth-takeover/cover.jpg</image:loc>
      <image:title>Zoom PSIRT: patch Workplace 7.0.0, unauth takeover 9.8</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-dutch-politie-100m-investment-fraud-20-call-centers-700-shills/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T22:05:00.000Z</news:publication_date>
      <news:title>Dutch bust €100M fraud ring, 20 call centers, 700 shills</news:title>
      <news:keywords>Dutch Politie, investment fraud, call center fraud, crypto fraud, takedown, Europol, Netherlands</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-dutch-politie-100m-investment-fraud-20-call-centers-700-shills/cover.jpg</image:loc>
      <image:title>Dutch bust €100M fraud ring, 20 call centers, 700 shills</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-rapid7-sma1000-mdr-writeup-mfa-seeds-dc-pivots/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T22:00:00.000Z</news:publication_date>
      <news:title>SonicWall SMA1000: what Rapid7 saw before disclosure</news:title>
      <news:keywords>SonicWall SMA1000, CVE-2026-15409, CVE-2026-15410, Rapid7 MDR, incident response, zero-day, VPN compromise</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-rapid7-sma1000-mdr-writeup-mfa-seeds-dc-pivots/cover.jpg</image:loc>
      <image:title>SonicWall SMA1000: what Rapid7 saw before disclosure</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-unit-42-tuxbot-v3-llm-chain-of-thought-iot-botnet/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T21:15:00.000Z</news:publication_date>
      <news:title>Unit 42: TuxBot v3 shipped LLM chain-of-thought in comments</news:title>
      <news:keywords>TuxBot, Unit 42, Palo Alto Networks, IoT botnet, LLM, Mirai, MHDDoS</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-unit-42-tuxbot-v3-llm-chain-of-thought-iot-botnet/cover.jpg</image:loc>
      <image:title>Unit 42: TuxBot v3 shipped LLM chain-of-thought in comments</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-trend-micro-bandcampro-gemini-cli-c2-botnet-operator/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T20:20:00.000Z</news:publication_date>
      <news:title>Trend Micro: bandcampro ran a C2 botnet on Gemini CLI</news:title>
      <news:keywords>Trend Micro, Gemini CLI, bandcampro, agentic C2, LLM abuse, OpenDental, dental clinic breach</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-trend-micro-bandcampro-gemini-cli-c2-botnet-operator/cover.jpg</image:loc>
      <image:title>Trend Micro: bandcampro ran a C2 botnet on Gemini CLI</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-knx-cve-2023-4346-cisa-kev-account-lockout-bod-26-04/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T20:15:00.000Z</news:publication_date>
      <news:title>KNX account-lockout flaw added to CISA KEV, three years on</news:title>
      <news:keywords>knx, cve-2023-4346, kev, bod-26-04, ics-ot, building-automation, cisa</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-knx-cve-2023-4346-cisa-kev-account-lockout-bod-26-04/cover.jpg</image:loc>
      <image:title>KNX account-lockout flaw added to CISA KEV, three years on</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-rapid7-blazek-aws-persistence-iam-lambda-federated-hunt-runbook/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T19:15:00.000Z</news:publication_date>
      <news:title>AWS persistence: four patterns to hunt after an incident</news:title>
      <news:keywords>aws, iam, cloudtrail, lambda, persistence, cloud-security, detection-engineering</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-rapid7-blazek-aws-persistence-iam-lambda-federated-hunt-runbook/cover.jpg</image:loc>
      <image:title>AWS persistence: four patterns to hunt after an incident</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-kaspersky-okobot-seedhunter-ledger-trezor-electron-hook/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T18:15:00.000Z</news:publication_date>
      <news:title>Kaspersky: OkoBot phishes seeds inside Ledger, Trezor apps</news:title>
      <news:keywords>OkoBot, Kaspersky GReAT, SeedHunter, Ledger Live, Trezor Suite, TookPS, hardware wallet phishing</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-kaspersky-okobot-seedhunter-ledger-trezor-electron-hook/cover.jpg</image:loc>
      <image:title>Kaspersky: OkoBot phishes seeds inside Ledger, Trezor apps</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-zyxel-cve-2023-28771-epss-099-three-years-post-patch/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T17:15:00.000Z</news:publication_date>
      <news:title>Zyxel CVE-2023-28771: EPSS 0.99 three years after the patch</news:title>
      <news:keywords>zyxel, cve-2023-28771, kev, epss, firewall, edge-network, command-injection</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-zyxel-cve-2023-28771-epss-099-three-years-post-patch/cover.jpg</image:loc>
      <image:title>Zyxel CVE-2023-28771: EPSS 0.99 three years after the patch</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-chaotic-eclipse-legacyhive-profsvc-lpe-poc-drop/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T16:15:00.000Z</news:publication_date>
      <news:title>LegacyHive: Chaotic Eclipse&apos;s fourth Windows zero-day</news:title>
      <news:keywords>LegacyHive, Chaotic Eclipse, Nightmare-Eclipse, Windows User Profile Service, ProfSvc, local privilege escalation, zero-day</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-chaotic-eclipse-legacyhive-profsvc-lpe-poc-drop/cover.jpg</image:loc>
      <image:title>LegacyHive: Chaotic Eclipse&apos;s fourth Windows zero-day</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-mozilla-firefox-exploit-public-chrome-adobe-coldfusion-patch-day/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T15:15:00.000Z</news:publication_date>
      <news:title>Firefox exploit code public; Chrome, Adobe patch same day</news:title>
      <news:keywords>Firefox, Chrome, Adobe ColdFusion, patch management, CVE-2026-15718, CVE-2026-15719, CVE-2026-48318</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-mozilla-firefox-exploit-public-chrome-adobe-coldfusion-patch-day/cover.jpg</image:loc>
      <image:title>Firefox exploit code public; Chrome, Adobe patch same day</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-cisa-sharepoint-three-cves-bod-26-04-july-17-deadline/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T14:15:00.000Z</news:publication_date>
      <news:title>CISA: three SharePoint bugs exploited, patch by July 17</news:title>
      <news:keywords>SharePoint, CISA KEV, BOD 26-04, CVE-2026-32201, CVE-2026-45659, CVE-2026-56164, patch management</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-cisa-sharepoint-three-cves-bod-26-04-july-17-deadline/cover.jpg</image:loc>
      <image:title>CISA: three SharePoint bugs exploited, patch by July 17</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-asyncapi-npm-miasma-multi-c2-loader-cicd-compromise/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T13:00:00.000Z</news:publication_date>
      <news:title>Miasma loader shipped in 5 @asyncapi npm package versions</news:title>
      <news:keywords>asyncapi, npm-supply-chain, miasma-loader, cicd-compromise, ipfs-c2, nostr-c2, ox-security, socket</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-asyncapi-npm-miasma-multi-c2-loader-cicd-compromise/cover.jpg</image:loc>
      <image:title>Miasma loader shipped in 5 @asyncapi npm package versions</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-mindgard-cursor-git-exe-workspace-root-no-patch/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T12:20:00.000Z</news:publication_date>
      <news:title>Mindgard: Cursor still runs git.exe from repo root</news:title>
      <news:keywords>Cursor, Mindgard, Aaron Portnoy, Windows executable search order, workspace trust, AI coding editor, full disclosure</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-mindgard-cursor-git-exe-workspace-root-no-patch/cover.jpg</image:loc>
      <image:title>Mindgard: Cursor still runs git.exe from repo root</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-doj-media-land-yalishanda-lockbit-blacksuit-play-bulletproof-hosting-indictment/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T10:15:00.000Z</news:publication_date>
      <news:title>DOJ indicts Media Land trio: LockBit, BlackSuit, Play host</news:title>
      <news:keywords>media-land, ml-cloud, yalishanda, lockbit, blacksuit, play, bulletproof-hosting, doj-indictment</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-doj-media-land-yalishanda-lockbit-blacksuit-play-bulletproof-hosting-indictment/cover.jpg</image:loc>
      <image:title>DOJ indicts Media Land trio: LockBit, BlackSuit, Play host</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-microsoft-safeguard-hold-dell-kb5101650-intel-ipf-shutdowns/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T10:15:00.000Z</news:publication_date>
      <news:title>Microsoft blocks Dell PCs from July KB5101650 rollout</news:title>
      <news:keywords>Microsoft, Windows 11, Dell, KB5101650, KB5095093, safeguard hold, Patch Tuesday</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-microsoft-safeguard-hold-dell-kb5101650-intel-ipf-shutdowns/cover.jpg</image:loc>
      <image:title>Microsoft blocks Dell PCs from July KB5101650 rollout</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-microsoft-entra-id-passkeys-default-september-sms-voice-retirement-feb-2027/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T08:15:00.000Z</news:publication_date>
      <news:title>Entra ID passkeys go default in Sept; SMS/voice out Feb 1</news:title>
      <news:keywords>Microsoft Entra ID, passkeys default, SMS MFA retirement, voice MFA retirement, phishing-resistant MFA, Entra ID rollout September 2026</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-microsoft-entra-id-passkeys-default-september-sms-voice-retirement-feb-2027/cover.jpg</image:loc>
      <image:title>Entra ID passkeys go default in Sept; SMS/voice out Feb 1</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-reliaquest-jalisco-omegalord-m365-device-code-mfa-bypass/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T07:00:00.000Z</news:publication_date>
      <news:title>Jalisco kit auto-refreshes M365 device codes on demand</news:title>
      <news:keywords>reliaquest, jalisco, omegalord, microsoft-365, device-code-phishing, oauth, entra-id</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-reliaquest-jalisco-omegalord-m365-device-code-mfa-bypass/cover.jpg</image:loc>
      <image:title>Jalisco kit auto-refreshes M365 device codes on demand</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-spain-140m-bec-fraud-ring-800-accounts-67-mules/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T05:10:00.000Z</news:publication_date>
      <news:title>Spain Dismantles €140M BEC Ring; 800 Accounts, 67 Mules</news:title>
      <news:keywords>BEC, business email compromise, Spanish National Police, Europol, Interpol, money mules, investment fraud, financial crime</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-spain-140m-bec-fraud-ring-800-accounts-67-mules/cover.jpg</image:loc>
      <image:title>Spain Dismantles €140M BEC Ring; 800 Accounts, 67 Mules</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-lastpass-bitwarden-compliance-lookalike-domain-phishing/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T04:15:00.000Z</news:publication_date>
      <news:title>LastPass, Bitwarden users hit by lookalike-domain phishing</news:title>
      <news:keywords>LastPass, Bitwarden, password manager phishing, lookalike domain, DocuSign lure, credential theft</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-lastpass-bitwarden-compliance-lookalike-domain-phishing/cover.jpg</image:loc>
      <image:title>LastPass, Bitwarden users hit by lookalike-domain phishing</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-blackpoint-labubarat-rust-nvidia-sysruntime-maas/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T03:15:00.000Z</news:publication_date>
      <news:title>Blackpoint flags LabubaRAT: Rust MaaS RAT poses as NVIDIA</news:title>
      <news:keywords>LabubaRAT, Blackpoint Cyber, Rust, RAT, malware-as-a-service, NVIDIA, Windows</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-blackpoint-labubarat-rust-nvidia-sysruntime-maas/cover.jpg</image:loc>
      <image:title>Blackpoint flags LabubaRAT: Rust MaaS RAT poses as NVIDIA</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-arctic-wolf-292-fake-github-repos-boryptgrab-infostealer/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T22:15:00.000Z</news:publication_date>
      <news:title>Arctic Wolf: 292 fake GitHub repos push BoryptGrab stealer</news:title>
      <news:keywords>github, arctic-wolf, boryptgrab, infostealer, supply-chain, typosquatting, chrome-app-bound-encryption</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-arctic-wolf-292-fake-github-repos-boryptgrab-infostealer/cover.jpg</image:loc>
      <image:title>Arctic Wolf: 292 fake GitHub repos push BoryptGrab stealer</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-sonicwall-sma1000-cve-2026-15409-15410-kev-active-exploitation/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T21:45:00.000Z</news:publication_date>
      <news:title>SonicWall SMA1000 zero-days on CISA KEV: patch by July 17</news:title>
      <news:keywords>SonicWall SMA1000, CVE-2026-15409, CVE-2026-15410, CISA KEV, zero-day, remote access, vendor patch</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-sonicwall-sma1000-cve-2026-15409-15410-kev-active-exploitation/cover.jpg</image:loc>
      <image:title>SonicWall SMA1000 zero-days on CISA KEV: patch by July 17</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-manifold-claude-for-chrome-trust-boundary-still-open/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T21:30:00.000Z</news:publication_date>
      <news:title>Claude for Chrome flaw lets other extensions read Gmail</news:title>
      <news:keywords>claude for chrome, manifold security, anthropic, claudebleed, layerx security, browser extension, prompt injection, trust boundary</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-manifold-claude-for-chrome-trust-boundary-still-open/cover.jpg</image:loc>
      <image:title>Claude for Chrome flaw lets other extensions read Gmail</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-rapid7-sharepoint-cve-2026-55040-jwt-auth-bypass-rce-chain-half/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:15:00.000Z</news:publication_date>
      <news:title>SharePoint JWT bypass fixed; RCE half of chain still open</news:title>
      <news:keywords>microsoft, sharepoint, cve-2026-55040, authentication-bypass, rapid7, jwt, patch-tuesday</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-rapid7-sharepoint-cve-2026-55040-jwt-auth-bypass-rce-chain-half/cover.jpg</image:loc>
      <image:title>SharePoint JWT bypass fixed; RCE half of chain still open</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-microsoft-july-patch-tuesday-570-cves-adfs-sharepoint-bitlocker-zero-days/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T19:15:00.000Z</news:publication_date>
      <news:title>Microsoft July Patch Tuesday: 570 CVEs, 3 zero-days out</news:title>
      <news:keywords>Microsoft Patch Tuesday, AD FS, SharePoint, BitLocker, zero-day, CVE-2026-56155, CVE-2026-56164</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-microsoft-july-patch-tuesday-570-cves-adfs-sharepoint-bitlocker-zero-days/cover.jpg</image:loc>
      <image:title>Microsoft July Patch Tuesday: 570 CVEs, 3 zero-days out</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-ku-leuven-distrinet-85-crypto-wallet-extensions-address-linking/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T18:20:00.000Z</news:publication_date>
      <news:title>KU Leuven: 85 wallet extensions leak addresses cross-site</news:title>
      <news:keywords>KU Leuven, DistriNet, crypto wallet extension, address linking, browser extension privacy, PETS 2026, wallet fingerprinting</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-ku-leuven-distrinet-85-crypto-wallet-extensions-address-linking/cover.jpg</image:loc>
      <image:title>KU Leuven: 85 wallet extensions leak addresses cross-site</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-progress-sharefile-storage-zone-5-12-5-6-0-2-path-traversal-patch/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T17:20:00.000Z</news:publication_date>
      <news:title>Progress patches ShareFile zero-day: 5.12.5 and 6.0.2 out</news:title>
      <news:keywords>Progress ShareFile, Storage Zone Controller, path traversal, vendor patch, managed file transfer, zero-day</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-progress-sharefile-storage-zone-5-12-5-6-0-2-path-traversal-patch/cover.jpg</image:loc>
      <image:title>Progress patches ShareFile zero-day: 5.12.5 and 6.0.2 out</image:title>
    </image:image>
  </url>
</urlset>