<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-sophos-coding-agents-tripping-edr-attacker-detections/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T19:20:00.000Z</news:publication_date>
      <news:title>Sophos: Coding Agents Are Tripping the Attacker Detections</news:title>
      <news:keywords>Sophos, EDR, Claude Code, Cursor, OpenAI Codex, credential access, LOLBins</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-08-sophos-coding-agents-tripping-edr-attacker-detections/cover.jpg</image:loc>
      <image:title>Sophos: Coding Agents Are Tripping the Attacker Detections</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-pink-o-unc-066-entra-passkey-vishing-okta-unit42/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T18:05:00.000Z</news:publication_date>
      <news:title>Pink Vishing Enrolls Rogue Entra Passkeys on M365 Tenants</news:title>
      <news:keywords>Entra, Microsoft 365, passkey, vishing, O-UNC-066, Pink, The Com, Okta, Unit 42</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-hallusquatting-npm-ai-hallucinated-packages-tel-aviv/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T17:20:00.000Z</news:publication_date>
      <news:title>HalluSquatting weaponizes AI-hallucinated npm packages</news:title>
      <news:keywords>hallusquatting, supply-chain, npm, ai-coding-assistants, package-typosquatting, tel-aviv-university</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-08-hallusquatting-npm-ai-hallucinated-packages-tel-aviv/cover.jpg</image:loc>
      <image:title>HalluSquatting weaponizes AI-hallucinated npm packages</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-copilot-workflow-jailbreak-arxiv-kumar-maple/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T16:20:00.000Z</news:publication_date>
      <news:title>Refused in Chat, Written in Code: Copilot&apos;s Workflow Gap</news:title>
      <news:keywords>GitHub Copilot, AI safety, coding assistants, Claude, Gemini, jailbreak, prompt injection</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-08-copilot-workflow-jailbreak-arxiv-kumar-maple/cover.jpg</image:loc>
      <image:title>Refused in Chat, Written in Code: Copilot&apos;s Workflow Gap</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-scmbanker-elastic-ref6045-mexican-banking-fraud/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T15:15:00.000Z</news:publication_date>
      <news:title>SCMBANKER active against Mexican banks — Elastic REF6045</news:title>
      <news:keywords>SCMBANKER, REF6045, ClickFix, Mexican banking fraud, Elastic Security Labs, banking malware</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-github-verified-commit-hash-malleability-ginesin/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T14:15:00.000Z</news:publication_date>
      <news:title>A signed Git commit&apos;s hash is not a unique fingerprint</news:title>
      <news:keywords>git, github, verified commits, supply chain, signature malleability, code signing, provenance</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-kddi-japan-isp-breach-12m-third-party-zero-day/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T13:15:00.000Z</news:publication_date>
      <news:title>KDDI Breach: 12M Emails, 7.6M Passwords via 3rd-Party 0day</news:title>
      <news:keywords>KDDI, Japan ISP breach, zero-day, credential exposure, BIGLOBE, NIFTY</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-08-kddi-japan-isp-breach-12m-third-party-zero-day/cover.jpg</image:loc>
      <image:title>KDDI Breach: 12M Emails, 7.6M Passwords via 3rd-Party 0day</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-gitlost-github-agentic-workflows-noma-security-private-repos/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T11:15:00.000Z</news:publication_date>
      <news:title>GitLost: Public Issue Leaks Private GitHub Repo Data</news:title>
      <news:keywords>GitLost, Noma Security, GitHub Agentic Workflows, indirect prompt injection, AI agent security, private repo leak, Sasi Levi</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-cisa-coldfusion-cve-2026-48282-kev-friday-deadline/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T11:00:00.000Z</news:publication_date>
      <news:title>CISA: Patch ColdFusion CVE-2026-48282 by Friday</news:title>
      <news:keywords>Adobe ColdFusion, CVE-2026-48282, CISA KEV, BOD 26-04, active exploitation, APSB26-68</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-08-cisa-coldfusion-cve-2026-48282-kev-friday-deadline/cover.jpg</image:loc>
      <image:title>CISA: Patch ColdFusion CVE-2026-48282 by Friday</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-ubiquiti-unifi-connect-command-injection-cve-2026-50746/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T09:00:00.000Z</news:publication_date>
      <news:title>Ubiquiti Patches Max-Severity UniFi Connect Command Injection</news:title>
      <news:keywords>Ubiquiti, UniFi Connect, UniFi OS, CVE-2026-50746, command injection, network appliance, vendor advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-dialogflow-cx-rogue-agent-shared-exec-varonis/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T08:15:00.000Z</news:publication_date>
      <news:title>Dialogflow&apos;s Rogue Agent Flaw Is a Very Old Bug Class</news:title>
      <news:keywords>Google Dialogflow, Dialogflow CX, Varonis, Rogue Agent, chatbot security, LLM security, shared runtime</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-ghostlock-linux-kernel-cve-2026-43499-container-escape/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T07:15:00.000Z</news:publication_date>
      <news:title>GhostLock: 15-Year Linux Kernel Root/Container Escape</news:title>
      <news:keywords>CVE-2026-43499, GhostLock, Linux kernel, futex, use-after-free, container escape, Nebula Security</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-debull-m365-device-code-phishing-storm-2372-overlap/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T06:20:00.000Z</news:publication_date>
      <news:title>DEBULL Kit Runs M365 Device-Code Phishing, Storm-2372</news:title>
      <news:keywords>DEBULL, Storm-2372, device code phishing, Microsoft 365, Entra Conditional Access, ZeroBEC, phishing-as-a-service</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-cisa-kev-langflow-joomla-page-builder-adds/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T05:20:00.000Z</news:publication_date>
      <news:title>CISA Adds Langflow and Two Joomla Builders to KEV</news:title>
      <news:keywords>CISA KEV, CVE-2026-55255, CVE-2026-56290, CVE-2026-48908, Langflow, Joomla, patch priority</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-unk-masstraction-china-cluster-roundcube-universities/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T04:15:00.000Z</news:publication_date>
      <news:title>Proofpoint: China cluster raids university physics mail</news:title>
      <news:keywords>Roundcube, UNK_MassTraction, UNC5174, Proofpoint, university targeting, academic espionage, CVE-2024-42009, CVE-2025-49113</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-08-unk-masstraction-china-cluster-roundcube-universities/cover.jpg</image:loc>
      <image:title>Proofpoint: China cluster raids university physics mail</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-07-uat-7810-longleash-orb-network-ruckus-asus/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T03:15:00.000Z</news:publication_date>
      <news:title>China-Linked UAT-7810 Expands ORB Net With LONGLEASH</news:title>
      <news:keywords>UAT-7810, LONGLEASH, ORB network, Ruckus, ASUS, Cisco Talos, China APT</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-07-uat-7810-longleash-orb-network-ruckus-asus/cover.jpg</image:loc>
      <image:title>China-Linked UAT-7810 Expands ORB Net With LONGLEASH</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-08-scattered-spider-windows-device-id-court-filing-stokes/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T02:20:00.000Z</news:publication_date>
      <news:title>Windows Device ID trail led FBI to Scattered Spider suspect</news:title>
      <news:keywords>Scattered Spider, Peter Stokes, Windows Device ID, FBI attribution, court filing, OPSEC</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-08-scattered-spider-windows-device-id-court-filing-stokes/cover.jpg</image:loc>
      <image:title>Windows Device ID trail led FBI to Scattered Spider suspect</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-07-tenda-router-backdoor-cve-2026-11405-unpatched/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T01:15:00.000Z</news:publication_date>
      <news:title>Tenda Router Backdoor Has No Patch. Here&apos;s What to Do.</news:title>
      <news:keywords>CVE-2026-11405, Tenda, router backdoor, CERT/CC, embedded firmware, unpatched, SOHO router</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-07-tenda-router-backdoor-cve-2026-11405-unpatched/cover.jpg</image:loc>
      <image:title>Tenda Router Backdoor Has No Patch. Here&apos;s What to Do.</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-07-accenture-confirms-breach-source-code-claim/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T00:20:00.000Z</news:publication_date>
      <news:title>Accenture Confirms Breach; Attacker Claims 35 GB Stolen</news:title>
      <news:keywords>Accenture, breach, source code, data leak, IT services</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-07-accenture-confirms-breach-source-code-claim/cover.jpg</image:loc>
      <image:title>Accenture Confirms Breach; Attacker Claims 35 GB Stolen</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-07-januscape-cve-2026-53359-kvm-guest-host-escape/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-07T23:20:00.000Z</news:publication_date>
      <news:title>Januscape (CVE-2026-53359): 16-year KVM guest-to-host escape</news:title>
      <news:keywords>CVE-2026-53359, Januscape, Linux kernel, KVM, shadow MMU, virtualization, kvmCTF</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-07-januscape-cve-2026-53359-kvm-guest-host-escape/cover.jpg</image:loc>
      <image:title>Januscape (CVE-2026-53359): 16-year KVM guest-to-host escape</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-07-beyondtrust-remote-support-pra-auth-bypass/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-07T22:15:00.000Z</news:publication_date>
      <news:title>BeyondTrust Patches Four RS/PRA Flaws — Patch Now</news:title>
      <news:keywords>CVE-2026-40138, CVE-2026-40139, CVE-2026-40140, CVE-2026-40141, BeyondTrust Remote Support, Privileged Remote Access, pre-auth auth bypass, vendor advisory</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-07-beyondtrust-remote-support-pra-auth-bypass/cover.jpg</image:loc>
      <image:title>BeyondTrust Patches Four RS/PRA Flaws — Patch Now</image:title>
    </image:image>
  </url>
</urlset>