<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">
  <url>
    <loc>https://0daynews.com/articles/2026-07-19-cert-ua-uac-0145-sandworm-clickfix-ukraine/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-19T18:00:00.000Z</news:publication_date>
      <news:title>CERT-UA: UAC-0145 (Sandworm) runs ClickFix on Ukraine</news:title>
      <news:keywords>CERT-UA, UAC-0145, Sandworm, ClickFix, Ukraine, EtherHiding, COWARDDUCK</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-19-cert-ua-uac-0145-sandworm-clickfix-ukraine/cover.jpg</image:loc>
      <image:title>CERT-UA: UAC-0145 (Sandworm) runs ClickFix on Ukraine</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-19-kaspersky-hellonet-vipnet-updater-dll-sideload-russian-orgs/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-19T16:30:00.000Z</news:publication_date>
      <news:title>Kaspersky details HelloNet abuse of ViPNet updater</news:title>
      <news:keywords>HelloNet, ViPNet, InfoTeCS, Kaspersky, DLL sideloading, HelloInjector, APT</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-19-kaspersky-hellonet-vipnet-updater-dll-sideload-russian-orgs/cover.jpg</image:loc>
      <image:title>Kaspersky details HelloNet abuse of ViPNet updater</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-19-volexity-uta0533-sma1000-rootrun-knuckleball-orangetail/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-19T15:00:00.000Z</news:publication_date>
      <news:title>SonicWall SMA1000: Volexity names UTA0533, IoC list out</news:title>
      <news:keywords>SonicWall SMA1000, UTA0533, Volexity, CVE-2026-15409, CVE-2026-15410, ROOTRUN, ORANGETAIL</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-19-volexity-uta0533-sma1000-rootrun-knuckleball-orangetail/cover.jpg</image:loc>
      <image:title>SonicWall SMA1000: Volexity names UTA0533, IoC list out</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-19-legacyhive-nightmare-eclipse-windows-user-profile-usrclass-lpe-unpatched/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-19T06:15:00.000Z</news:publication_date>
      <news:title>LegacyHive: PoC drops for unpatched Windows LPE zero-day</news:title>
      <news:keywords>LegacyHive, Windows zero-day, local privilege escalation, User Profile Service, usrclass.dat, Nightmare Eclipse</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-19-legacyhive-nightmare-eclipse-windows-user-profile-usrclass-lpe-unpatched/cover.jpg</image:loc>
      <image:title>LegacyHive: PoC drops for unpatched Windows LPE zero-day</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-19-metasploit-weekly-http-smb-relay-riscv-fetch-payloads/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-19T03:20:00.000Z</news:publication_date>
      <news:title>Metasploit adds HTTP-to-SMB NTLM relay, RISC-V payloads</news:title>
      <news:keywords>Metasploit, Rapid7, NTLM relay, SMB signing, RISC-V, fetch payloads</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-19-metasploit-weekly-http-smb-relay-riscv-fetch-payloads/cover.jpg</image:loc>
      <image:title>Metasploit adds HTTP-to-SMB NTLM relay, RISC-V payloads</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-microsoft-acr-stealer-april-june-webdav-etherhiding/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T22:20:00.000Z</news:publication_date>
      <news:title>Microsoft ties ACR Stealer surge to WebDAV, blockchain C2</news:title>
      <news:keywords>ACR Stealer, Amatera, ClickFix, WebDAV, EtherHiding, Microsoft Threat Intelligence, DPAPI</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-microsoft-acr-stealer-april-june-webdav-etherhiding/cover.jpg</image:loc>
      <image:title>Microsoft ties ACR Stealer surge to WebDAV, blockchain C2</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-7-zip-26-02-xz-heap-overflow-rce-zdi-26-444/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T21:00:00.000Z</news:publication_date>
      <news:title>7-Zip 26.02 patches XZ heap overflow, no auto-update</news:title>
      <news:keywords>7-Zip, ZDI-26-444, XZ, heap overflow, remote code execution, patch, Windows</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-7-zip-26-02-xz-heap-overflow-rce-zdi-26-444/cover.jpg</image:loc>
      <image:title>7-Zip 26.02 patches XZ heap overflow, no auto-update</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-doj-chen-zhang-queens-brooklyn-43m-investment-fraud-laundering-140-accounts-45-shells/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T18:15:00.000Z</news:publication_date>
      <news:title>Two indicted over $43M laundered from investment scams</news:title>
      <news:keywords>money laundering, investment fraud, pig butchering, DOJ indictment, shell companies, HSI</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-doj-chen-zhang-queens-brooklyn-43m-investment-fraud-laundering-140-accounts-45-shells/cover.jpg</image:loc>
      <image:title>Two indicted over $43M laundered from investment scams</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-nadmesh-go-botnet-shodan-comfyui-ollama-3811-aws-keys/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T16:15:00.000Z</news:publication_date>
      <news:title>NadMesh botnet raids exposed AI tools for 3,811 AWS keys</news:title>
      <news:keywords>nadmesh, ollama, comfyui, langflow, n8n, open-webui, gradio, aws-keys, kubernetes, shodan, cloud-security</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-nadmesh-go-botnet-shodan-comfyui-ollama-3811-aws-keys/cover.jpg</image:loc>
      <image:title>NadMesh botnet raids exposed AI tools for 3,811 AWS keys</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-expel-digicert-goldeneyedog-cylindricalcanine-27-ev-code-signing-certs-zhong-stealer/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T15:00:00.000Z</news:publication_date>
      <news:title>Expel: GoldenEyeDog stole 27 EV certs from DigiCert</news:title>
      <news:keywords>digicert, goldeneyedog, cylindricalcanine, ev-code-signing, zhong-stealer, expel, supply-chain</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-expel-digicert-goldeneyedog-cylindricalcanine-27-ev-code-signing-certs-zhong-stealer/cover.jpg</image:loc>
      <image:title>Expel: GoldenEyeDog stole 27 EV certs from DigiCert</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-abbott-shinyhunters-vishing-exact-sciences-labcentral-disputed/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T14:15:00.000Z</news:publication_date>
      <news:title>Abbott confirms Exact Sciences hit; LabCentral disputed</news:title>
      <news:keywords>Abbott, Exact Sciences, LabCentral, ShinyHunters, vishing, Microsoft Entra, data extortion</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-abbott-shinyhunters-vishing-exact-sciences-labcentral-disputed/cover.jpg</image:loc>
      <image:title>Abbott confirms Exact Sciences hit; LabCentral disputed</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-checkmarx-vitevenom-chainveil-seven-npm-tron-blockchain-c2/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T14:00:00.000Z</news:publication_date>
      <news:title>Seven Vite-adjacent npm packages route a RAT through Tron</news:title>
      <news:keywords>ViteVenom, ChainVeil, Checkmarx, npm supply chain, Vite, blockchain C2, Tron</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-checkmarx-vitevenom-chainveil-seven-npm-tron-blockchain-c2/cover.jpg</image:loc>
      <image:title>Seven Vite-adjacent npm packages route a RAT through Tron</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-okta-hollowbyte-openssl-dos-june-silent-fix/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T13:15:00.000Z</news:publication_date>
      <news:title>HollowByte: 11-byte OpenSSL DoS, no CVE, silent June fix</news:title>
      <news:keywords>OpenSSL, HollowByte, denial-of-service, Okta Red Team, TLS, memory exhaustion, glibc</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-okta-hollowbyte-openssl-dos-june-silent-fix/cover.jpg</image:loc>
      <image:title>HollowByte: 11-byte OpenSSL DoS, no CVE, silent June fix</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-wordpress-core-cve-2026-63030-wp2shell-rce-poc-public/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T13:05:00.000Z</news:publication_date>
      <news:title>WordPress Core RCE (wp2shell): CVE-2026-63030, PoC public</news:title>
      <news:keywords>CVE-2026-63030, wp2shell, WordPress, WordPress Core, unauthenticated RCE, GitHub Security Advisory, public PoC</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-wordpress-core-cve-2026-63030-wp2shell-rce-poc-public/cover.jpg</image:loc>
      <image:title>WordPress Core RCE (wp2shell): CVE-2026-63030, PoC public</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-18-choi-lee-seoul-uiuc-adi-agent-data-injection-web-coding-agents/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T10:15:00.000Z</news:publication_date>
      <news:title>Agent Data Injection: The Bug Under Every AI Agent</news:title>
      <news:keywords>Agent Data Injection, AI agent security, indirect prompt injection, arXiv 2607.05120, Claude Code, Google Antigravity, probabilistic delimiter injection</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-18-choi-lee-seoul-uiuc-adi-agent-data-injection-web-coding-agents/cover.jpg</image:loc>
      <image:title>Agent Data Injection: The Bug Under Every AI Agent</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-ec-google-android-qaap-mic-cam-screen-hotword-rival-ai/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T22:15:00.000Z</news:publication_date>
      <news:title>EU order opens Android mic, cam, screen to rival AI agents</news:title>
      <news:keywords>Android, Google, European Commission, Digital Markets Act, Gemini, QAAP, hotword, prompt injection</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-ec-google-android-qaap-mic-cam-screen-hotword-rival-ai/cover.jpg</image:loc>
      <image:title>EU order opens Android mic, cam, screen to rival AI agents</image:title>
    </image:image>
  </url>
</urlset>