<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">
  <url>
    <loc>https://0daynews.com/articles/2026-07-12-redhook-group-ib-wireless-adb-loopback-shizuku-uid-2000/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-12T15:00:00.000Z</news:publication_date>
      <news:title>RedHook Android RAT pairs Wireless ADB on-device</news:title>
      <news:keywords>RedHook, Android, Wireless ADB, Wireless Debugging, Accessibility Service, Shizuku, Group-IB</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-12-redhook-group-ib-wireless-adb-loopback-shizuku-uid-2000/cover.jpg</image:loc>
      <image:title>RedHook Android RAT pairs Wireless ADB on-device</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-12-coinspect-ill-bloom-weak-prng-wallet-seed-5-1m-drained/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-12T09:15:00.000Z</news:publication_date>
      <news:title>Ill Bloom: Weak PRNG Drained $5.1M From Crypto Wallets</news:title>
      <news:keywords>ill bloom, coinspect, cryptocurrency wallet, weak prng, seed phrase, wallet drain</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-12-coinspect-ill-bloom-weak-prng-wallet-seed-5-1m-drained/cover.jpg</image:loc>
      <image:title>Ill Bloom: Weak PRNG Drained $5.1M From Crypto Wallets</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-sentinellabs-balochistan-police-china-india-converge/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T21:20:00.000Z</news:publication_date>
      <news:title>China, India APTs Converge on Balochistan Police</news:title>
      <news:keywords>SentinelLABS, Balochistan Police, Mysterious Elephant, PlugX, ShadowPad, Pakistan, APT-C-08</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-sentinellabs-balochistan-police-china-india-converge/cover.jpg</image:loc>
      <image:title>China, India APTs Converge on Balochistan Police</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-jscrambler-npm-8-14-0-preinstall-rust-infostealer/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T20:15:00.000Z</news:publication_date>
      <news:title>jscrambler 8.14.0 npm hijack: Rust stealer on install</news:title>
      <news:keywords>jscrambler, npm, supply-chain, preinstall, infostealer, Rust, Socket</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-jscrambler-npm-8-14-0-preinstall-rust-infostealer/cover.jpg</image:loc>
      <image:title>jscrambler 8.14.0 npm hijack: Rust stealer on install</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-mvpnalyzer-281-android-vpn-study-leaks-tracking/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T19:00:00.000Z</news:publication_date>
      <news:title>281 free Android VPN apps: 29 leak, 246 track</news:title>
      <news:keywords>android, vpn, mvpnalyzer, ndss, mobile, dns-leak, google-play</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-mvpnalyzer-281-android-vpn-study-leaks-tracking/cover.jpg</image:loc>
      <image:title>281 free Android VPN apps: 29 leak, 246 track</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-ptc-windchill-flexplm-cve-2026-12569-kev-jsp-webshell/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T17:15:00.000Z</news:publication_date>
      <news:title>PTC Windchill PLM RCE is on KEV — shells still landing</news:title>
      <news:keywords>PTC Windchill, FlexPLM, CVE-2026-12569, CISA KEV, deserialization, JSP webshell, PLM</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-ptc-windchill-flexplm-cve-2026-12569-kev-jsp-webshell/cover.jpg</image:loc>
      <image:title>PTC Windchill PLM RCE is on KEV — shells still landing</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-acsc-cms-plugin-exploitation-advisory-18-cves/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T15:05:00.000Z</news:publication_date>
      <news:title>Australia&apos;s ACSC names 18 CMS bugs under exploitation</news:title>
      <news:keywords>ACSC, CMS, WordPress, Craft CMS, Joomla JCE, webshells, plugin exploitation</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-acsc-cms-plugin-exploitation-advisory-18-cves/cover.jpg</image:loc>
      <image:title>Australia&apos;s ACSC names 18 CMS bugs under exploitation</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-gitea-docker-cve-2026-20896-sysdig-csa-1264-regression/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T12:03:16.000Z</news:publication_date>
      <news:title>Gitea Docker Auth Bypass: Patch 1.26.4, CSA Confirms</news:title>
      <news:keywords>Gitea, CVE-2026-20896, Docker, Sysdig, Singapore CSA, reverse-proxy, authentication-bypass</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-gitea-docker-cve-2026-20896-sysdig-csa-1264-regression/cover.jpg</image:loc>
      <image:title>Gitea Docker Auth Bypass: Patch 1.26.4, CSA Confirms</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-u-boot-libfdt-fit-parsing-six-brly-flaws/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T11:15:00.000Z</news:publication_date>
      <news:title>Six U-Boot flaws trace to one libfdt helper</news:title>
      <news:keywords>u-boot, libfdt, fit-image, bootloader, firmware, binarly, brly-2026-037</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-u-boot-libfdt-fit-parsing-six-brly-flaws/cover.jpg</image:loc>
      <image:title>Six U-Boot flaws trace to one libfdt helper</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-ghostcommit-png-prompt-injection-coderabbit-bugbot/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T11:00:00.000Z</news:publication_date>
      <news:title>Ghostcommit and the reviewers that don&apos;t open the PNG</news:title>
      <news:keywords>Ghostcommit, prompt injection, CodeRabbit, Bugbot, AI code review, supply chain</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-ghostcommit-png-prompt-injection-coderabbit-bugbot/cover.jpg</image:loc>
      <image:title>Ghostcommit and the reviewers that don&apos;t open the PNG</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-modbeacon-silver-fox-rust-rat-grpc-c2-qianxin/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T07:15:00.000Z</news:publication_date>
      <news:title>Silver Fox ships MODBEACON, a Rust RAT with gRPC C2</news:title>
      <news:keywords>Silver Fox, MODBEACON, QiAnXin, Rust malware, gRPC C2, SEO poisoning, counterfeit installers</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-modbeacon-silver-fox-rust-rat-grpc-c2-qianxin/cover.jpg</image:loc>
      <image:title>Silver Fox ships MODBEACON, a Rust RAT with gRPC C2</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-metasploit-weekly-flowise-csv-packagekit-modules/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T05:20:00.000Z</news:publication_date>
      <news:title>Metasploit Weekly Adds Flowise CSV, macOS PackageKit</news:title>
      <news:keywords>Metasploit, Rapid7, Flowise, CVE-2026-41264, PackageKit, CVE-2024-27822, macOS, prompt injection</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-metasploit-weekly-flowise-csv-packagekit-modules/cover.jpg</image:loc>
      <image:title>Metasploit Weekly Adds Flowise CSV, macOS PackageKit</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-cisa-kev-balbooa-icagenda-joomla-file-upload/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T04:20:00.000Z</news:publication_date>
      <news:title>Balbooa, iCagenda Join KEV: Four Joomla RCEs in Four Days</news:title>
      <news:keywords>CISA KEV, CVE-2026-56291, CVE-2026-48939, Balbooa Forms, iCagenda, Joomla, file upload, CWE-434</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-cisa-kev-balbooa-icagenda-joomla-file-upload/cover.jpg</image:loc>
      <image:title>Balbooa, iCagenda Join KEV: Four Joomla RCEs in Four Days</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-10-openmandriva-beatrici-cooker-cosmic-gnome-admin-boundary/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T03:15:00.000Z</news:publication_date>
      <news:title>OpenMandriva contributor deleted GNOME and Cosmic repos</news:title>
      <news:keywords>OpenMandriva, Davide Beatrici, Linux distribution, supply chain, maintainer trust, Cooker, GNOME</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-10-openmandriva-beatrici-cooker-cosmic-gnome-admin-boundary/cover.jpg</image:loc>
      <image:title>OpenMandriva contributor deleted GNOME and Cosmic repos</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-zimbra-10-1-19-classic-web-client-xss-google-tag/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T02:15:00.000Z</news:publication_date>
      <news:title>Zimbra ships 10.1.19; Google TAG reported the XSS</news:title>
      <news:keywords>Zimbra, Zimbra Collaboration Suite, Classic Web Client, stored XSS, Google TAG, Threat Analysis Group, webmail</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-zimbra-10-1-19-classic-web-client-xss-google-tag/cover.jpg</image:loc>
      <image:title>Zimbra ships 10.1.19; Google TAG reported the XSS</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-11-npm-12-allowscripts-off-default-gats-oidc-branch/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-11T01:20:00.000Z</news:publication_date>
      <news:title>npm 12 turns install scripts off by default</news:title>
      <news:keywords>npm, supply-chain, allowScripts, install-scripts, granular-access-tokens, oidc, github</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-11-npm-12-allowscripts-off-default-gats-oidc-branch/cover.jpg</image:loc>
      <image:title>npm 12 turns install scripts off by default</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-10-iossifov-seized-crypto-wallet-still-had-key/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T23:55:00.000Z</news:publication_date>
      <news:title>A seized crypto account that moved from a cell</news:title>
      <news:keywords>Rossen Iossifov, RG Coins, crypto seizure, Alexandria Online Auction Fraud Network, custody, forfeiture</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-10-iossifov-seized-crypto-wallet-still-had-key/cover.jpg</image:loc>
      <image:title>A seized crypto account that moved from a cell</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-10-microsoft-mdash-msrc-humans-downstream/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T23:15:00.000Z</news:publication_date>
      <news:title>Microsoft&apos;s MDASH and the humans downstream of it</news:title>
      <news:keywords>Microsoft, MDASH, MSRC, Patch Tuesday, AI vulnerability discovery, Windows security</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-10-microsoft-mdash-msrc-humans-downstream/cover.jpg</image:loc>
      <image:title>Microsoft&apos;s MDASH and the humans downstream of it</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-10-openclaw-2026-6-6-nayak-whatsapp-host-rce-chain/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T22:15:00.000Z</news:publication_date>
      <news:title>OpenClaw patched a chain that started in a chat message</news:title>
      <news:keywords>openclaw, ai-assistant, command-injection, sandbox-escape, whatsapp, chinmohan-nayak</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-10-openclaw-2026-6-6-nayak-whatsapp-host-rce-chain/cover.jpg</image:loc>
      <image:title>OpenClaw patched a chain that started in a chat message</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-10-injective-sdk-ts-npm-oidc-thomasralee/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T21:15:00.000Z</news:publication_date>
      <news:title>Injective SDK&apos;s npm compromise, and the OIDC that let it</news:title>
      <news:keywords>injective-labs, npm, supply-chain, sdk-ts, oidc, wallet-security</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-10-injective-sdk-ts-npm-oidc-thomasralee/cover.jpg</image:loc>
      <image:title>Injective SDK&apos;s npm compromise, and the OIDC that let it</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-10-binarly-uboot-six-flaws-fit-signature-verification/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T20:20:00.000Z</news:publication_date>
      <news:title>Six U-Boot bugs sit in front of the signature check</news:title>
      <news:keywords>U-Boot, Binarly, FIT image, firmware, signature verification, bootloader, BRLY-2026-037</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-10-binarly-uboot-six-flaws-fit-signature-verification/cover.jpg</image:loc>
      <image:title>Six U-Boot bugs sit in front of the signature check</image:title>
    </image:image>
  </url>
</urlset>