<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-ec-google-android-qaap-mic-cam-screen-hotword-rival-ai/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T22:15:00.000Z</news:publication_date>
      <news:title>EU order opens Android mic, cam, screen to rival AI agents</news:title>
      <news:keywords>Android, Google, European Commission, Digital Markets Act, Gemini, QAAP, hotword, prompt injection</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-ec-google-android-qaap-mic-cam-screen-hotword-rival-ai/cover.jpg</image:loc>
      <image:title>EU order opens Android mic, cam, screen to rival AI agents</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-flare-2889-underground-posts-clean-residential-proxies-post-netnut/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T18:15:00.000Z</news:publication_date>
      <news:title>Flare finds carders still hunting clean IPs post-NetNut</news:title>
      <news:keywords>Flare, residential proxies, carding, NetNut, Popa botnet, underground economy, antidetect browser</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-flare-2889-underground-posts-clean-residential-proxies-post-netnut/cover.jpg</image:loc>
      <image:title>Flare finds carders still hunting clean IPs post-NetNut</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-ernst-young-third-party-support-ticket-breach-mar-apr-window/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T17:35:00.000Z</news:publication_date>
      <news:title>EY discloses breach via third-party IT ticket system</news:title>
      <news:keywords>Ernst &amp; Young, EY, third-party breach, support ticket system, tax data, Experian identity monitoring, Big Four</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-ernst-young-third-party-support-ticket-breach-mar-apr-window/cover.jpg</image:loc>
      <image:title>EY discloses breach via third-party IT ticket system</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-armenia-detains-ermakov-yerevan-revil-warrant-identity-dispute/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T16:15:00.000Z</news:publication_date>
      <news:title>Armenia detains Aleksandr Ermakov on US REvil warrant</news:title>
      <news:keywords>REvil, Sodinokibi, Aleksandr Ermakov, Armenia extradition, Interpol, Medibank, ransomware prosecution</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-armenia-detains-ermakov-yerevan-revil-warrant-identity-dispute/cover.jpg</image:loc>
      <image:title>Armenia detains Aleksandr Ermakov on US REvil warrant</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-elastic-ottercookie-svg-flag-steganography-ai-tool-configs/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T15:15:00.000Z</news:publication_date>
      <news:title>OtterCookie&apos;s fake interview now steals AI-tool configs</news:title>
      <news:keywords>OtterCookie, Contagious Interview, Elastic Security Labs, DPRK, SVG steganography, AI assistant configs, Slack recruiting lure, REF9403</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-elastic-ottercookie-svg-flag-steganography-ai-tool-configs/cover.jpg</image:loc>
      <image:title>OtterCookie&apos;s fake interview now steals AI-tool configs</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-kaspersky-goserpent-go-rat-tetrisphantom-overlap-apac-diplomatic/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T14:05:00.000Z</news:publication_date>
      <news:title>GoSerpent: Go RAT hits APAC gov, TetrisPhantom overlap</news:title>
      <news:keywords>GoSerpent, TetrisPhantom, Kaspersky, Southeast Asia espionage, Go malware, Stowaway, McMx RAT</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-kaspersky-goserpent-go-rat-tetrisphantom-overlap-apac-diplomatic/cover.jpg</image:loc>
      <image:title>GoSerpent: Go RAT hits APAC gov, TetrisPhantom overlap</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-nightmare-eclipse-legacyhive-windows-user-profile-service-lpe-zero-day/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T13:00:00.000Z</news:publication_date>
      <news:title>LegacyHive: unpatched Windows LPE zero-day, PoC public</news:title>
      <news:keywords>LegacyHive, Nightmare Eclipse, Windows LPE, User Profile Service, usrclass.dat, registry hive, zero-day, Kevin Beaumont</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-nightmare-eclipse-legacyhive-windows-user-profile-service-lpe-zero-day/cover.jpg</image:loc>
      <image:title>LegacyHive: unpatched Windows LPE zero-day, PoC public</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-microsoft-defender-experts-acr-stealer-clickfix-run-box-paste-and-run/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T11:15:00.000Z</news:publication_date>
      <news:title>ACR Stealer, ClickFix, and why the Run box still works</news:title>
      <news:keywords>ACR Stealer, Amatera, AcridRain, ClickFix, infostealer, Microsoft Defender Experts, Microsoft 365</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-microsoft-defender-experts-acr-stealer-clickfix-run-box-paste-and-run/cover.jpg</image:loc>
      <image:title>ACR Stealer, ClickFix, and why the Run box still works</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-microsoft-windows-server-2022-mainstream-eos-october-13-extended-2031/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T10:15:00.000Z</news:publication_date>
      <news:title>Windows Server 2022 mainstream support ends Oct 13</news:title>
      <news:keywords>Windows Server 2022, Microsoft, end of mainstream support, extended support, Windows Server 2025, lifecycle</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-microsoft-windows-server-2022-mainstream-eos-october-13-extended-2031/cover.jpg</image:loc>
      <image:title>Windows Server 2022 mainstream support ends Oct 13</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-doj-chen-zhang-43m-money-laundering-140-accounts-45-shells/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T09:15:00.000Z</news:publication_date>
      <news:title>The plumbing behind $43M in investment-fraud losses</news:title>
      <news:keywords>pig-butchering, money laundering, investment fraud, HSI, shell companies, Zhuoying Chen, Haojie Zhang</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-doj-chen-zhang-43m-money-laundering-140-accounts-45-shells/cover.jpg</image:loc>
      <image:title>The plumbing behind $43M in investment-fraud losses</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-microsoft-windows-11-24h2-home-pro-eos-october-13-25h2-enablement/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T01:30:00.000Z</news:publication_date>
      <news:title>Windows 11 24H2 Home and Pro: 90 days to end of updates</news:title>
      <news:keywords>Windows 11, 24H2, 25H2, end of support, lifecycle, Microsoft, LTSB 2016</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-microsoft-windows-11-24h2-home-pro-eos-october-13-25h2-enablement/cover.jpg</image:loc>
      <image:title>Windows 11 24H2 Home and Pro: 90 days to end of updates</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-17-n8n-cve-2026-59208-cross-issuer-token-exchange-sub-iss/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T00:20:00.000Z</news:publication_date>
      <news:title>n8n cross-issuer JWT bypass logs attackers in as anyone</news:title>
      <news:keywords>n8n, CVE-2026-59208, token exchange, JWT, multi-issuer, SSO, workflow automation</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-17-n8n-cve-2026-59208-cross-issuer-token-exchange-sub-iss/cover.jpg</image:loc>
      <image:title>n8n cross-issuer JWT bypass logs attackers in as anyone</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-talos-uat-11795-starland-rat-wldr-c2-trojanized-installers/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T23:30:00.000Z</news:publication_date>
      <news:title>UAT-11795 hides Starland RAT in trojanized installers</news:title>
      <news:keywords>UAT-11795, Starland RAT, WLDR C2, Cisco Talos, CastleStealer, Remcos RAT, trojanized installer</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-talos-uat-11795-starland-rat-wldr-c2-trojanized-installers/cover.jpg</image:loc>
      <image:title>UAT-11795 hides Starland RAT in trojanized installers</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-sans-stephen-sims-bugcrowd-ai-triage-proof-standard/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T23:15:00.000Z</news:publication_date>
      <news:title>AI can find the bug. Proving it is still the job.</news:title>
      <news:keywords>ai security, bug bounty, bugcrowd, sans, vulnerability discovery, proof of exploit, stephen sims</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-sans-stephen-sims-bugcrowd-ai-triage-proof-standard/cover.jpg</image:loc>
      <image:title>AI can find the bug. Proving it is still the job.</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-elastic-telepuz-clickfix-maas-vidar-stage-two/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T22:20:00.000Z</news:publication_date>
      <news:title>Elastic: TELEPUZ ClickFix stealer confirmed since April</news:title>
      <news:keywords>TELEPUZ, Elastic Security Labs, ClickFix, Vidar Stealer, malware-as-a-service, Polygon smart contract, infostealer</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-elastic-telepuz-clickfix-maas-vidar-stage-two/cover.jpg</image:loc>
      <image:title>Elastic: TELEPUZ ClickFix stealer confirmed since April</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-coca-cola-fairlife-ransomware-sec-8k-us-production-halt/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T22:00:00.000Z</news:publication_date>
      <news:title>Coca-Cola halts Fairlife US production after ransomware</news:title>
      <news:keywords>Fairlife ransomware, Coca-Cola SEC 8-K, dairy production halt, ransomware disclosure, food and beverage ransomware</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-coca-cola-fairlife-ransomware-sec-8k-us-production-halt/cover.jpg</image:loc>
      <image:title>Coca-Cola halts Fairlife US production after ransomware</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-cisa-kev-sharepoint-cve-2026-58644-deserialization-fourth-in-week/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T21:15:00.000Z</news:publication_date>
      <news:title>CISA adds a fourth SharePoint bug to KEV in 48 hours</news:title>
      <news:keywords>SharePoint, CISA KEV, CVE-2026-58644, deserialization, BOD 26-04, patch management</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-cisa-kev-sharepoint-cve-2026-58644-deserialization-fourth-in-week/cover.jpg</image:loc>
      <image:title>CISA adds a fourth SharePoint bug to KEV in 48 hours</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-agent-data-injection-choi-snu-uiuc-probabilistic-delimiter/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:15:00.000Z</news:publication_date>
      <news:title>Agent Data Injection: SQL injection, different decade</news:title>
      <news:keywords>agent data injection, prompt injection, ai agents, llm security, claude in chrome, coding agents, trust boundary</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-agent-data-injection-choi-snu-uiuc-probabilistic-delimiter/cover.jpg</image:loc>
      <image:title>Agent Data Injection: SQL injection, different decade</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-fortinet-fortisandbox-cve-2026-39808-25089-kev-unauth-rce/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T19:15:00.000Z</news:publication_date>
      <news:title>FortiSandbox: two 9.8 unauth RCEs hit KEV, Sunday deadline</news:title>
      <news:keywords>Fortinet FortiSandbox, CVE-2026-39808, CVE-2026-25089, CISA KEV, BOD 26-04, unauthenticated RCE, OS command injection</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-fortinet-fortisandbox-cve-2026-39808-25089-kev-unauth-rce/cover.jpg</image:loc>
      <image:title>FortiSandbox: two 9.8 unauth RCEs hit KEV, Sunday deadline</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-group-ib-clicklock-macos-clickfix-launchagent-210ms-loop/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T18:15:00.000Z</news:publication_date>
      <news:title>ClickLock macOS stealer kills apps until user types password</news:title>
      <news:keywords>ClickLock, macOS stealer, ClickFix, LaunchAgent, Group-IB, Keychain, infostealer</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-group-ib-clicklock-macos-clickfix-launchagent-210ms-loop/cover.jpg</image:loc>
      <image:title>ClickLock macOS stealer kills apps until user types password</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-anyrun-phantomenigma-brazil-gov-br-hijack-dmarc-inno-node/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T17:20:00.000Z</news:publication_date>
      <news:title>PhantomEnigma rides Brazilian .gov.br sites and mailboxes</news:title>
      <news:keywords>PhantomEnigma, ANY.RUN, Brazil, gov.br, DMARC, Inno Setup, banking-trojan</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-anyrun-phantomenigma-brazil-gov-br-hijack-dmarc-inno-node/cover.jpg</image:loc>
      <image:title>PhantomEnigma rides Brazilian .gov.br sites and mailboxes</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-rapid7-attackerkb-public-sunset-august-18-curation/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T16:30:00.000Z</news:publication_date>
      <news:title>AttackerKB&apos;s public tier closes August 18</news:title>
      <news:keywords>AttackerKB, Rapid7, vulnerability intelligence, Douglas McKee, AI-generated submissions, community disclosure</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-rapid7-attackerkb-public-sunset-august-18-curation/cover.jpg</image:loc>
      <image:title>AttackerKB&apos;s public tier closes August 18</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-23andme-chrome-holding-18m-43-state-ag-settlement-2023-breach/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T15:20:00.000Z</news:publication_date>
      <news:title>23andMe settles genetics breach: $18M, 43 states</news:title>
      <news:keywords>23andMe, Chrome Holding, genetic data breach, state attorneys general, Letitia James, credential stuffing, settlement</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-23andme-chrome-holding-18m-43-state-ag-settlement-2023-breach/cover.jpg</image:loc>
      <image:title>23andMe settles genetics breach: $18M, 43 states</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-daxin-srt64-stupig-winlogon-taiwan-digiwin-jdk/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T14:20:00.000Z</news:publication_date>
      <news:title>Daxin resurfaces in Taiwan alongside new Stupig backdoor</news:title>
      <news:keywords>daxin, stupig, symantec, kernel-rootkit, winlogon, taiwan, china-linked</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-daxin-srt64-stupig-winlogon-taiwan-digiwin-jdk/cover.jpg</image:loc>
      <image:title>Daxin resurfaces in Taiwan alongside new Stupig backdoor</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-scattered-spider-tfl-jubair-flowers-nca-cma-sentence/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T13:20:00.000Z</news:publication_date>
      <news:title>Two Scattered Spider affiliates get 5.5 years for TfL hack</news:title>
      <news:keywords>Scattered Spider, Transport for London, Thalha Jubair, Owen Flowers, National Crime Agency, Computer Misuse Act</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-scattered-spider-tfl-jubair-flowers-nca-cma-sentence/cover.jpg</image:loc>
      <image:title>Two Scattered Spider affiliates get 5.5 years for TfL hack</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-sharkninja-tokay0-aws-iot-cert-region-root-no-patch/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T12:00:00.000Z</news:publication_date>
      <news:title>Unpatched Shark vacuums: regional root, no CVE, no patch</news:title>
      <news:keywords>SharkNinja, Shark robot vacuum, AWS IoT, IoT device certificate, tokay0, responsible disclosure, IOT_POLICY_OVERLY_PERMISSIVE_CHECK</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-sharkninja-tokay0-aws-iot-cert-region-root-no-patch/cover.jpg</image:loc>
      <image:title>Unpatched Shark vacuums: regional root, no CVE, no patch</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-symantec-spirals-ransomware-iis-webshell-24h-south-asia/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T11:15:00.000Z</news:publication_date>
      <news:title>Spirals ransomware: full network encrypted in under 24h</news:title>
      <news:keywords>Spirals ransomware, Symantec, IIS web shell, PsExec, WMI lateral movement, Rust ransomware, intermittent encryption</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-symantec-spirals-ransomware-iis-webshell-24h-south-asia/cover.jpg</image:loc>
      <image:title>Spirals ransomware: full network encrypted in under 24h</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-openai-gpt-red-internal-red-teamer-prompt-injection/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T10:00:00.000Z</news:publication_date>
      <news:title>OpenAI discloses GPT-Red, its internal automated red-teamer</news:title>
      <news:keywords>OpenAI, GPT-Red, prompt injection, AI red-teaming, adversarial training, LLM security</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-openai-gpt-red-internal-red-teamer-prompt-injection/cover.jpg</image:loc>
      <image:title>OpenAI discloses GPT-Red, its internal automated red-teamer</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-mindgard-cursor-workspace-git-hijack-windows-no-patch/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T09:15:00.000Z</news:publication_date>
      <news:title>Cursor: opening a repo runs its git.exe. No patch, 7 months.</news:title>
      <news:keywords>Cursor, Mindgard, workspace hijack, untrusted search path, CWE-427, developer tooling, Windows, full disclosure</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-mindgard-cursor-workspace-git-hijack-windows-no-patch/cover.jpg</image:loc>
      <image:title>Cursor: opening a repo runs its git.exe. No patch, 7 months.</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-microsoft-mdash-july-622-cves-ai-attribution-krebs-rapid7/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T08:15:00.000Z</news:publication_date>
      <news:title>The July patch count Microsoft warned would come</news:title>
      <news:keywords>Microsoft, Patch Tuesday, MDASH, AI vulnerability discovery, July 2026, Pavan Davuluri</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-microsoft-mdash-july-622-cves-ai-attribution-krebs-rapid7/cover.jpg</image:loc>
      <image:title>The July patch count Microsoft warned would come</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-microsoft-kb5099539-windows-10-esu-july-22h2-ltsc-2021/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T07:00:00.000Z</news:publication_date>
      <news:title>KB5099539 lands: Windows 10 ESU carries the July zero-days</news:title>
      <news:keywords>Windows 10, Extended Security Updates, KB5099539, LTSC 2021, Patch Tuesday, CVE-2026-56155, CVE-2026-56164</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-microsoft-kb5099539-windows-10-esu-july-22h2-ltsc-2021/cover.jpg</image:loc>
      <image:title>KB5099539 lands: Windows 10 ESU carries the July zero-days</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-16-intruder-vending-machine-llm-code-slicing-wordpress-zero-day/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T04:15:00.000Z</news:publication_date>
      <news:title>Intruder ships an LLM vuln-discovery product, plus a 0-day</news:title>
      <news:keywords>intruder, llm, vulnerability discovery, code slicing, wordpress, zero-day, ai-assisted security</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-16-intruder-vending-machine-llm-code-slicing-wordpress-zero-day/cover.jpg</image:loc>
      <image:title>Intruder ships an LLM vuln-discovery product, plus a 0-day</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-cisa-kev-oracle-ebs-cve-2026-46817-payments-file-transmission/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:20:00.000Z</news:publication_date>
      <news:title>CISA KEV: Oracle EBS Payments 9.8 unauth RCE lands</news:title>
      <news:keywords>Oracle E-Business Suite, Oracle Payments, CVE-2026-46817, CISA KEV, BOD 26-04, Critical Patch Update, File Transmission</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-cisa-kev-oracle-ebs-cve-2026-46817-payments-file-transmission/cover.jpg</image:loc>
      <image:title>CISA KEV: Oracle EBS Payments 9.8 unauth RCE lands</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-15-zoom-psirt-zsb-26014-workplace-windows-cvss-98-unauth-takeover/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:15:00.000Z</news:publication_date>
      <news:title>Zoom PSIRT: patch Workplace 7.0.0, unauth takeover 9.8</news:title>
      <news:keywords>Zoom, Zoom Workplace, Zoom VDI Client, ZSB-26014, account takeover, PSIRT</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-15-zoom-psirt-zsb-26014-workplace-windows-cvss-98-unauth-takeover/cover.jpg</image:loc>
      <image:title>Zoom PSIRT: patch Workplace 7.0.0, unauth takeover 9.8</image:title>
    </image:image>
  </url>
</urlset>