<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-ku-leuven-distrinet-85-crypto-wallet-extensions-address-linking/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T18:20:00.000Z</news:publication_date>
      <news:title>KU Leuven: 85 wallet extensions leak addresses cross-site</news:title>
      <news:keywords>KU Leuven, DistriNet, crypto wallet extension, address linking, browser extension privacy, PETS 2026, wallet fingerprinting</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-ku-leuven-distrinet-85-crypto-wallet-extensions-address-linking/cover.jpg</image:loc>
      <image:title>KU Leuven: 85 wallet extensions leak addresses cross-site</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-progress-sharefile-storage-zone-5-12-5-6-0-2-path-traversal-patch/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T17:20:00.000Z</news:publication_date>
      <news:title>Progress patches ShareFile zero-day: 5.12.5 and 6.0.2 out</news:title>
      <news:keywords>Progress ShareFile, Storage Zone Controller, path traversal, vendor patch, managed file transfer, zero-day</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-progress-sharefile-storage-zone-5-12-5-6-0-2-path-traversal-patch/cover.jpg</image:loc>
      <image:title>Progress patches ShareFile zero-day: 5.12.5 and 6.0.2 out</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-rabbitmq-miggo-oauth-secret-cross-tenant-cve-2026-57219/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T16:20:00.000Z</news:publication_date>
      <news:title>Miggo: RabbitMQ leaked OAuth secret via obsolete endpoint</news:title>
      <news:keywords>rabbitmq, oauth, cve-2026-57219, message-broker, miggo, cross-tenant, cloud-security</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-rabbitmq-miggo-oauth-secret-cross-tenant-cve-2026-57219/cover.jpg</image:loc>
      <image:title>Miggo: RabbitMQ leaked OAuth secret via obsolete endpoint</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-proofpoint-oauth-client-id-spoofing-entra-signin-logs-blind/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T15:00:00.000Z</news:publication_date>
      <news:title>OAuth client ID spoofing sneaks past Entra sign-in logs</news:title>
      <news:keywords>microsoft-entra-id, oauth, credential-stuffing, proofpoint, ropc, conditional-access, detection-engineering</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-proofpoint-oauth-client-id-spoofing-entra-signin-logs-blind/cover.jpg</image:loc>
      <image:title>OAuth client ID spoofing sneaks past Entra sign-in logs</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-eset-uefi-shim-cve-2026-8863-secure-boot-bypass/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T14:15:00.000Z</news:publication_date>
      <news:title>ESET: 11 old signed UEFI shims still bypass Secure Boot</news:title>
      <news:keywords>uefi, secure boot, shim, eset, microsoft, cve-2026-8863, dbx</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-eset-uefi-shim-cve-2026-8863-secure-boot-bypass/cover.jpg</image:loc>
      <image:title>ESET: 11 old signed UEFI shims still bypass Secure Boot</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-sap-july-patch-day-three-criticals-netweaver-approuter-commerce/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T13:15:00.000Z</news:publication_date>
      <news:title>SAP&apos;s July Patch Day: three criticals, worst is 9.9</news:title>
      <news:keywords>sap, netweaver, approuter, commerce cloud, patch day, cve-2026-44747, cve-2026-27690, cve-2026-44761</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-sap-july-patch-day-three-criticals-netweaver-approuter-commerce/cover.jpg</image:loc>
      <image:title>SAP&apos;s July Patch Day: three criticals, worst is 9.9</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-ofac-1vpns-rashevskyi-silayev-sb0559-cryptor-designation/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T11:20:00.000Z</news:publication_date>
      <news:title>OFAC sanctions 1VPNS admin plus Belarusian cryptor seller</news:title>
      <news:keywords>ofac, sanctions, 1vpns, ransomware, cryptor, operation-saffron, us-treasury</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-ofac-1vpns-rashevskyi-silayev-sb0559-cryptor-designation/cover.jpg</image:loc>
      <image:title>OFAC sanctions 1VPNS admin plus Belarusian cryptor seller</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-cereblab-grok-build-0-2-93-git-repo-upload-gcs/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T10:15:00.000Z</news:publication_date>
      <news:title>Grok Build v0.2.93 uploaded whole repos to xAI&apos;s bucket</news:title>
      <news:keywords>grok-build, xai, ai-coding-cli, data-exposure, secrets-leak, gcs-bucket</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-cereblab-grok-build-0-2-93-git-repo-upload-gcs/cover.jpg</image:loc>
      <image:title>Grok Build v0.2.93 uploaded whole repos to xAI&apos;s bucket</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-jfrog-148-npm-packages-browser-ddos-botnet-may/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T09:15:00.000Z</news:publication_date>
      <news:title>148 npm packages ran a browser-based DDoS botnet in May</news:title>
      <news:keywords>npm, supply-chain, JFrog, DDoS botnet, web proxy, browser abuse</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-jfrog-148-npm-packages-browser-ddos-botnet-may/cover.jpg</image:loc>
      <image:title>148 npm packages ran a browser-based DDoS botnet in May</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-microsoft-shinyhunters-salesforce-oauth-three-paths/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T08:20:00.000Z</news:publication_date>
      <news:title>A year of ShinyHunters OAuth abuse, mapped by Microsoft</news:title>
      <news:keywords>microsoft, shinyhunters, salesforce, oauth, storm-3138, saas-supply-chain, klue</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-microsoft-shinyhunters-salesforce-oauth-three-paths/cover.jpg</image:loc>
      <image:title>A year of ShinyHunters OAuth abuse, mapped by Microsoft</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-forg365-phaas-m365-device-code-aitm-market/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T05:45:00.000Z</news:publication_date>
      <news:title>Forg365 shows PhaaS became a $400/mo rental market</news:title>
      <news:keywords>forg365, phishing-as-a-service, microsoft-365, device-code-phishing, aitm, telegram, threat-intel</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-forg365-phaas-m365-device-code-aitm-market/cover.jpg</image:loc>
      <image:title>Forg365 shows PhaaS became a $400/mo rental market</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-14-jscrambler-npm-post-mortem-four-versions-8-22-clean/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T02:15:00.000Z</news:publication_date>
      <news:title>Jscrambler: four npm versions hit, publish creds revoked</news:title>
      <news:keywords>jscrambler, npm, supply-chain, publish credentials, preinstall, infostealer, Socket</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-14-jscrambler-npm-post-mortem-four-versions-8-22-clean/cover.jpg</image:loc>
      <image:title>Jscrambler: four npm versions hit, publish creds revoked</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-nca-russian-coms-five-charged-1-8m-spoofed-calls/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T22:15:00.000Z</news:publication_date>
      <news:title>NCA charges five over Russian Coms spoofing platform</news:title>
      <news:keywords>Russian Coms, NCA, caller-ID spoofing, Operation Henhouse, vishing, STIR/SHAKEN, Ofcom</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-nca-russian-coms-five-charged-1-8m-spoofed-calls/cover.jpg</image:loc>
      <image:title>NCA charges five over Russian Coms spoofing platform</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-meta-2026-0182881-lachlan-dunn-emotion-listening-patent/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T22:00:00.000Z</news:publication_date>
      <news:title>Meta patent describes an always-on emotion-reading AI</news:title>
      <news:keywords>meta, ai patent, ambient listening, emotion analysis, surveillance, privacy, smart glasses</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-meta-2026-0182881-lachlan-dunn-emotion-listening-patent/cover.jpg</image:loc>
      <image:title>Meta patent describes an always-on emotion-reading AI</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-nihon-kotsu-japan-taxi-cyberattack-dispatch-offline/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T21:00:00.000Z</news:publication_date>
      <news:title>Nihon Kotsu cyberattack takes Japan taxi dispatch offline</news:title>
      <news:keywords>nihon kotsu, japan, taxi, cyberattack, malware, dispatch outage</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-nihon-kotsu-japan-taxi-cyberattack-dispatch-offline/cover.jpg</image:loc>
      <image:title>Nihon Kotsu cyberattack takes Japan taxi dispatch offline</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-jamf-crashstealer-werkbit-notarized-macos-stealer/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T20:00:00.000Z</news:publication_date>
      <news:title>Notarized Werkbit.app carries CrashStealer past Gatekeeper</news:title>
      <news:keywords>CrashStealer, Werkbit, Jamf Threat Labs, macOS, notarization, Gatekeeper, infostealer</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-jamf-crashstealer-werkbit-notarized-macos-stealer/cover.jpg</image:loc>
      <image:title>Notarized Werkbit.app carries CrashStealer past Gatekeeper</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-modheader-stripe-olt-stanfordstudies-dormant-collector/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T19:20:00.000Z</news:publication_date>
      <news:title>ModHeader carried a dormant collector to 1.6M installs</news:title>
      <news:keywords>ModHeader, browser extension, supply chain, Chrome Web Store, Edge Add-ons, Stripe OLT, dormant collector</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-modheader-stripe-olt-stanfordstudies-dormant-collector/cover.jpg</image:loc>
      <image:title>ModHeader carried a dormant collector to 1.6M installs</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-cisa-kev-cve-2008-4128-cisco-ios-12-4-csrf/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:30:00.000Z</news:publication_date>
      <news:title>Cisco IOS 12.4 CSRF From 2008 Lands in CISA KEV</news:title>
      <news:keywords>CISA KEV, Cisco IOS, CVE-2008-4128, Cisco IOS 12.4, cross-site request forgery, CSRF, BOD 26-04, end-of-life hardware</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-cisa-kev-cve-2008-4128-cisco-ios-12-4-csrf/cover.jpg</image:loc>
      <image:title>Cisco IOS 12.4 CSRF From 2008 Lands in CISA KEV</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-memghost-arxiv-persistent-memory-poison-openclaw/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:15:00.000Z</news:publication_date>
      <news:title>MemGhost: an email that rewrites an AI agent&apos;s memory</news:title>
      <news:keywords>MemGhost, prompt injection, AI agent memory, OpenClaw, persistent memory, Claude Code SDK</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-memghost-arxiv-persistent-memory-poison-openclaw/cover.jpg</image:loc>
      <image:title>MemGhost: an email that rewrites an AI agent&apos;s memory</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-cisa-github-leak-postmortem-nine-alerts-six-months/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T16:15:00.000Z</news:publication_date>
      <news:title>CISA postmortem: nine alerts ignored, six months exposed</news:title>
      <news:keywords>CISA, GitHub, GitGuardian, AWS GovCloud, incident response, KrebsOnSecurity</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-cisa-github-leak-postmortem-nine-alerts-six-months/cover.jpg</image:loc>
      <image:title>CISA postmortem: nine alerts ignored, six months exposed</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-lidl-online-shop-breach-de-be-nl-service-provider/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T15:00:00.000Z</news:publication_date>
      <news:title>Lidl online shop breach hits DE, BE, NL via provider</news:title>
      <news:keywords>lidl, data breach, third-party breach, service provider, germany, netherlands, belgium</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-lidl-online-shop-breach-de-be-nl-service-provider/cover.jpg</image:loc>
      <image:title>Lidl online shop breach hits DE, BE, NL via provider</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-huntress-ai-generated-powershell-ad-enum/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T14:20:00.000Z</news:publication_date>
      <news:title>Huntress Flags Suspected AI-Written PowerShell in AD Case</news:title>
      <news:keywords>Huntress, AD enumeration, PowerShell, LLM, SharpShares, s5cmd</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-huntress-ai-generated-powershell-ad-enum/cover.jpg</image:loc>
      <image:title>Huntress Flags Suspected AI-Written PowerShell in AD Case</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-eu-uk-first-joint-cyber-sanctions-russia-33-named/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T12:30:00.000Z</news:publication_date>
      <news:title>First joint EU-UK cyber sanctions name 33 Russian targets</news:title>
      <news:keywords>eu sanctions, uk sanctions, russia, gru, fsb center 16, sandworm, turla, lumma stealer</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-eu-uk-first-joint-cyber-sanctions-russia-33-named/cover.jpg</image:loc>
      <image:title>First joint EU-UK cyber sanctions name 33 Russian targets</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-fsb-centre-16-cve-2018-0171-router-hygiene-csa/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T11:20:00.000Z</news:publication_date>
      <news:title>Seven years on, CVE-2018-0171 draws a 13-state advisory</news:title>
      <news:keywords>fsb-centre-16, berserk-bear, static-tundra, cisco-smart-install, cve-2018-0171, critical-infrastructure, router-hygiene</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-fsb-centre-16-cve-2018-0171-router-hygiene-csa/cover.jpg</image:loc>
      <image:title>Seven years on, CVE-2018-0171 draws a 13-state advisory</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-13-lexfo-evilginx-three-crews-open-directory/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T09:15:00.000Z</news:publication_date>
      <news:title>Three Evilginx Crews, One Forgotten Bash History</news:title>
      <news:keywords>evilginx, phishing, microsoft-365, aitm, oauth-device-code, lexfo, threat-intel</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-13-lexfo-evilginx-three-crews-open-directory/cover.jpg</image:loc>
      <image:title>Three Evilginx Crews, One Forgotten Bash History</image:title>
    </image:image>
  </url>
</urlset>