<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
        xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url><loc>https://intel.truststrikelabs.com/</loc><changefreq>daily</changefreq><priority>1.0</priority></url>
  <url><loc>https://intel.truststrikelabs.com/vulnerability</loc><changefreq>daily</changefreq><priority>0.8</priority></url>
  <url><loc>https://intel.truststrikelabs.com/breach</loc><changefreq>daily</changefreq><priority>0.8</priority></url>
  <url><loc>https://intel.truststrikelabs.com/threat</loc><changefreq>daily</changefreq><priority>0.8</priority></url>
  <url><loc>https://intel.truststrikelabs.com/defense</loc><changefreq>daily</changefreq><priority>0.8</priority></url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260705-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-05</news:publication_date>
      <news:title>FBI warns TeamPCP poisons trusted developer tools to steal cloud credentials</news:title>
    </news:news>
    <lastmod>2026-07-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260705-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-05</news:publication_date>
      <news:title>North Korea spreads 108 poisoned packages across npm, Go, and browser extensions</news:title>
    </news:news>
    <lastmod>2026-07-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260705-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-05</news:publication_date>
      <news:title>Case study reveals US county paid $1 million to data-theft extortion group</news:title>
    </news:news>
    <lastmod>2026-07-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260704-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-04</news:publication_date>
      <news:title>Bad Epoll Linux kernel flaw lets any local user gain root, including on Android</news:title>
    </news:news>
    <lastmod>2026-07-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260704-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-04</news:publication_date>
      <news:title>Seven flaws in the FatFs library expose millions of embedded devices, mostly unpatched</news:title>
    </news:news>
    <lastmod>2026-07-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260704-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-04</news:publication_date>
      <news:title>ShinyHunters leaks Moody Bible Institute data on 2.3 million students and donors</news:title>
    </news:news>
    <lastmod>2026-07-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260704-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-04</news:publication_date>
      <news:title>North Korea hides malware in fake Rollup npm packages to steal developer secrets</news:title>
    </news:news>
    <lastmod>2026-07-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260704-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-04</news:publication_date>
      <news:title>ARToken phishing service steals Microsoft 365 tokens and survives password resets</news:title>
    </news:news>
    <lastmod>2026-07-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260704-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-04</news:publication_date>
      <news:title>Avalon malware framework bundles phishing, remote access, and CrownX ransomware</news:title>
    </news:news>
    <lastmod>2026-07-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260703-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-03</news:publication_date>
      <news:title>AI agent runs an entire ransomware attack after breaking in through Langflow</news:title>
    </news:news>
    <lastmod>2026-07-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260703-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-03</news:publication_date>
      <news:title>PamStealer Mac malware poses as a clipboard app and verifies passwords through PAM</news:title>
    </news:news>
    <lastmod>2026-07-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260703-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-03</news:publication_date>
      <news:title>Umbrij malware steals Google OAuth tokens through a hidden browser to read Gmail</news:title>
    </news:news>
    <lastmod>2026-07-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260703-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-03</news:publication_date>
      <news:title>Ransomware crews pose as Interpol to pressure small businesses into paying</news:title>
    </news:news>
    <lastmod>2026-07-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260702-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-02</news:publication_date>
      <news:title>SharePoint remote code execution flaw added to CISA KEV after active exploitation</news:title>
    </news:news>
    <lastmod>2026-07-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260702-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-02</news:publication_date>
      <news:title>Adobe patches seven critical code execution flaws in ColdFusion and Campaign Classic</news:title>
    </news:news>
    <lastmod>2026-07-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260702-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-02</news:publication_date>
      <news:title>Unpatched Argo CD flaw lets attackers take over Kubernetes clusters</news:title>
    </news:news>
    <lastmod>2026-07-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260702-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-02</news:publication_date>
      <news:title>Cursor flaws let a poisoned prompt escape the AI coding sandbox and run commands</news:title>
    </news:news>
    <lastmod>2026-07-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260702-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-02</news:publication_date>
      <news:title>DHS confirms breach of unclassified Homeland Security information-sharing network</news:title>
    </news:news>
    <lastmod>2026-07-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260702-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-02</news:publication_date>
      <news:title>Medtronic notifies customers after ShinyHunters breach of corporate systems</news:title>
    </news:news>
    <lastmod>2026-07-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260702-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-02</news:publication_date>
      <news:title>ChocoPoC malware hides in fake exploit dependencies to hit security researchers</news:title>
    </news:news>
    <lastmod>2026-07-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260702-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-02</news:publication_date>
      <news:title>Azure CLI password spray compromises 78 Microsoft accounts by bypassing MFA</news:title>
    </news:news>
    <lastmod>2026-07-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260701-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-01</news:publication_date>
      <news:title>Critical Kemp LoadMaster flaw gives unauthenticated attackers root on edge appliances</news:title>
    </news:news>
    <lastmod>2026-07-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260701-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-01</news:publication_date>
      <news:title>Windows Defender BlueHammer flaw now used by ransomware gangs for SYSTEM access</news:title>
    </news:news>
    <lastmod>2026-07-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260701-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-01</news:publication_date>
      <news:title>Citrix patches six NetScaler flaws, including a CitrixBleed-style memory leak</news:title>
    </news:news>
    <lastmod>2026-07-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260701-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-01</news:publication_date>
      <news:title>Aflac Japan breach exposes personal data of 4.38 million customers and agents</news:title>
    </news:news>
    <lastmod>2026-07-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260701-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-01</news:publication_date>
      <news:title>Microsoft warns poisoned MCP tool descriptions can make AI agents leak data</news:title>
    </news:news>
    <lastmod>2026-07-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260701-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-07-01</news:publication_date>
      <news:title>BioShocking attack convinces AI browsers they are in a game, then steals credentials</news:title>
    </news:news>
    <lastmod>2026-07-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260630-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-30</news:publication_date>
      <news:title>Critical Oracle E-Business Suite flaw now exploited for unauthenticated takeover</news:title>
    </news:news>
    <lastmod>2026-06-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260630-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-30</news:publication_date>
      <news:title>Public exploit released for critical libssh2 flaw affecting curl, Git, and more</news:title>
    </news:news>
    <lastmod>2026-06-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260630-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-30</news:publication_date>
      <news:title>Nissan employee data stolen through Oracle PeopleSoft zero-day attacks</news:title>
    </news:news>
    <lastmod>2026-06-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260630-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-30</news:publication_date>
      <news:title>Microsoft pulls 119 Edge extensions that hid malware inside images and fonts</news:title>
    </news:news>
    <lastmod>2026-06-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260630-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-30</news:publication_date>
      <news:title>Djinn stealer harvests cloud and AI credentials through SimpleHelp RMM flaw</news:title>
    </news:news>
    <lastmod>2026-06-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260630-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-30</news:publication_date>
      <news:title>Malicious Perplexity look-alike extension logged every search and keystroke typed</news:title>
    </news:news>
    <lastmod>2026-06-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260629-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-29</news:publication_date>
      <news:title>KDDI email breach affects up to 14.2 million accounts across six Japanese ISPs</news:title>
    </news:news>
    <lastmod>2026-06-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260629-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-29</news:publication_date>
      <news:title>ShinyHunters leaks Sysco data with 2.7 million email addresses after extortion</news:title>
    </news:news>
    <lastmod>2026-06-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260628-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-28</news:publication_date>
      <news:title>Clean GitHub repos trick AI coding agents into fetching and running malware</news:title>
    </news:news>
    <lastmod>2026-06-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260628-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-28</news:publication_date>
      <news:title>Self-spreading Shai-Hulud worm hits more npm packages and reaches into Go</news:title>
    </news:news>
    <lastmod>2026-06-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260627-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-27</news:publication_date>
      <news:title>PTC Windchill flaw exploited for remote code execution on manufacturing systems</news:title>
    </news:news>
    <lastmod>2026-06-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260627-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-27</news:publication_date>
      <news:title>Amazon Q Developer flaw let a malicious repo steal a developer's cloud keys</news:title>
    </news:news>
    <lastmod>2026-06-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260627-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-27</news:publication_date>
      <news:title>New Linux kernel flaws give local users root by poisoning cached binaries</news:title>
    </news:news>
    <lastmod>2026-06-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260627-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-27</news:publication_date>
      <news:title>Polymarket users lose nearly $3 million in website supply-chain attack</news:title>
    </news:news>
    <lastmod>2026-06-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260627-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-27</news:publication_date>
      <news:title>American Tower breach surfaces on Have I Been Pwned with 216,000 accounts</news:title>
    </news:news>
    <lastmod>2026-06-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260627-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-27</news:publication_date>
      <news:title>Attackers abuse OpenAI organization invites to phish data from security firms</news:title>
    </news:news>
    <lastmod>2026-06-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260627-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-27</news:publication_date>
      <news:title>Hotel phishing campaign launders email authentication to drop a Node.js implant</news:title>
    </news:news>
    <lastmod>2026-06-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260627-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-27</news:publication_date>
      <news:title>FBI warns Russian hackers now steal Signal backup recovery keys to hijack accounts</news:title>
    </news:news>
    <lastmod>2026-06-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260626-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-26</news:publication_date>
      <news:title>Curl's largest security release fixes 18 flaws, including a 25-year-old bug</news:title>
    </news:news>
    <lastmod>2026-06-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260626-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-26</news:publication_date>
      <news:title>DPRK macOS malware Gaslight plants fake errors to derail AI-assisted analysis</news:title>
    </news:news>
    <lastmod>2026-06-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260626-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-26</news:publication_date>
      <news:title>Chrome ad blocker with 10 million installs hides dormant code-injection capability</news:title>
    </news:news>
    <lastmod>2026-06-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260626-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-26</news:publication_date>
      <news:title>Bluekit phishing service adds browser-in-the-middle to steal logins and sessions</news:title>
    </news:news>
    <lastmod>2026-06-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260626-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-26</news:publication_date>
      <news:title>Scammers abuse Shopify's Shop app to plant fake receipts for callback phishing</news:title>
    </news:news>
    <lastmod>2026-06-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260625-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-25</news:publication_date>
      <news:title>Ubiquiti UniFi and Lantronix flaws now exploited; CISA sets June 26 deadline</news:title>
    </news:news>
    <lastmod>2026-06-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260625-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-25</news:publication_date>
      <news:title>macOS trust-caching gap lets standard users silently disable EDR and MDM</news:title>
    </news:news>
    <lastmod>2026-06-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260625-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-25</news:publication_date>
      <news:title>ShinyHunters leaks Madison Square Garden Sports data on nearly 10 million people</news:title>
    </news:news>
    <lastmod>2026-06-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260625-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-25</news:publication_date>
      <news:title>Bajaj Auto confirms ransomware attack on its and subsidiary's systems</news:title>
    </news:news>
    <lastmod>2026-06-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260625-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-25</news:publication_date>
      <news:title>Edgecution malicious Edge extension escapes the browser sandbox to plant a backdoor</news:title>
    </news:news>
    <lastmod>2026-06-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260625-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-25</news:publication_date>
      <news:title>Stealthy Mistic backdoor gives ransomware access broker KongTuke lasting footholds</news:title>
    </news:news>
    <lastmod>2026-06-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260624-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-24</news:publication_date>
      <news:title>Cisco Unified CM flaw now exploited to gain root on phone systems</news:title>
    </news:news>
    <lastmod>2026-06-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260624-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-24</news:publication_date>
      <news:title>Eight-year-old Samsung KNOX kernel flaw exposed Galaxy S9 through S25</news:title>
    </news:news>
    <lastmod>2026-06-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260624-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-24</news:publication_date>
      <news:title>Cordyceps CI/CD weakness lets anonymous pull requests hijack build pipelines</news:title>
    </news:news>
    <lastmod>2026-06-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260624-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-24</news:publication_date>
      <news:title>Healthcare AI vendor Xsolis breach exposes data on 1.4 million people</news:title>
    </news:news>
    <lastmod>2026-06-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260624-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-24</news:publication_date>
      <news:title>Tata Electronics confirms breach as extortion gang leaks Apple and Tesla files</news:title>
    </news:news>
    <lastmod>2026-06-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260624-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-24</news:publication_date>
      <news:title>macOS ClickFix attack uses Terminal trick to silently install Atomic Stealer</news:title>
    </news:news>
    <lastmod>2026-06-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260624-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-24</news:publication_date>
      <news:title>Fake AI agent skill slips past every scanner to reach 26,000 agents</news:title>
    </news:news>
    <lastmod>2026-06-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260624-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-24</news:publication_date>
      <news:title>Malicious npm packages mimic PostCSS tools to plant Windows remote-access trojan</news:title>
    </news:news>
    <lastmod>2026-06-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260623-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-23</news:publication_date>
      <news:title>Squidbleed flaw in Squid proxy leaks other users' credentials by default</news:title>
    </news:news>
    <lastmod>2026-06-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260623-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-23</news:publication_date>
      <news:title>DifyTap flaws let attackers read other tenants' AI chats on Dify</news:title>
    </news:news>
    <lastmod>2026-06-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260623-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-23</news:publication_date>
      <news:title>FFmpeg PixelSmash flaw enables code execution on media servers via crafted videos</news:title>
    </news:news>
    <lastmod>2026-06-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260623-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-23</news:publication_date>
      <news:title>WhatsApp malware spreads fake invoices that install remote-access admin tools</news:title>
    </news:news>
    <lastmod>2026-06-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260623-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-23</news:publication_date>
      <news:title>OXLOADER malvertising poses as Node.js installer to drop an infostealer</news:title>
    </news:news>
    <lastmod>2026-06-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260623-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-23</news:publication_date>
      <news:title>Attacker drains Ethereum MEV bot JaredFromSubway using fake-token honeypot</news:title>
    </news:news>
    <lastmod>2026-06-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260622-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-22</news:publication_date>
      <news:title>Deploy 2023 Secure Boot certificates before Microsoft's 2011 ones expire this week</news:title>
    </news:news>
    <lastmod>2026-06-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260622-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-22</news:publication_date>
      <news:title>Texas Parks and Wildlife vendor breach exposes 3 million license holders</news:title>
    </news:news>
    <lastmod>2026-06-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260622-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-22</news:publication_date>
      <news:title>AryStinger botnet hijacks thousands of outdated D-Link routers as proxies</news:title>
    </news:news>
    <lastmod>2026-06-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260621-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-21</news:publication_date>
      <news:title>Hackers mass-exploit Gravity SMTP WordPress flaw to steal email API keys</news:title>
    </news:news>
    <lastmod>2026-06-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260621-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-21</news:publication_date>
      <news:title>New Prinz Eugen ransomware breaches organizations via stolen RDP credentials</news:title>
    </news:news>
    <lastmod>2026-06-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260621-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-21</news:publication_date>
      <news:title>Ralph Lauren breach exposes customer data as ShinyHunters extends retail spree</news:title>
    </news:news>
    <lastmod>2026-06-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260620-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-20</news:publication_date>
      <news:title>Splunk Enterprise flaw now exploited, added to CISA must-patch list</news:title>
    </news:news>
    <lastmod>2026-06-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260620-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-20</news:publication_date>
      <news:title>Unpatchable BootROM exploit hits Apple A12 and A13 chips via USB</news:title>
    </news:news>
    <lastmod>2026-06-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260620-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-20</news:publication_date>
      <news:title>AutoJack turns AI browsing agents into a path to host code execution</news:title>
    </news:news>
    <lastmod>2026-06-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260620-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-20</news:publication_date>
      <news:title>JCPenney breach exposes Social Security numbers and tax records of 368,000</news:title>
    </news:news>
    <lastmod>2026-06-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260619-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-19</news:publication_date>
      <news:title>Critical F5 NGINX flaws allow unauthenticated code execution and crashes</news:title>
    </news:news>
    <lastmod>2026-06-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260619-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-19</news:publication_date>
      <news:title>Critical Cisco ISE flaws give attackers root and leak credentials</news:title>
    </news:news>
    <lastmod>2026-06-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260619-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-19</news:publication_date>
      <news:title>Exposed database leaks 24 billion stolen credentials from infostealer logs</news:title>
    </news:news>
    <lastmod>2026-06-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260619-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-19</news:publication_date>
      <news:title>Nintendo employee survey data stolen via third-party HR tool TinyPulse</news:title>
    </news:news>
    <lastmod>2026-06-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260619-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-19</news:publication_date>
      <news:title>Stolen Klue OAuth tokens let 'Icarus' group raid Salesforce data</news:title>
    </news:news>
    <lastmod>2026-06-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260619-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-19</news:publication_date>
      <news:title>Microsoft warns of USB worm that hijacks crypto wallets over Tor</news:title>
    </news:news>
    <lastmod>2026-06-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260619-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-19</news:publication_date>
      <news:title>Hacked WordPress plugin updates push credential-stealing backdoor to paying sites</news:title>
    </news:news>
    <lastmod>2026-06-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260618-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-18</news:publication_date>
      <news:title>Critical Joomla JCE editor flaw actively exploited to run PHP code</news:title>
    </news:news>
    <lastmod>2026-06-18</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260618-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-18</news:publication_date>
      <news:title>FortiBleed leak exposes VPN credentials for nearly 74,000 Fortinet firewalls</news:title>
    </news:news>
    <lastmod>2026-06-18</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260618-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-18</news:publication_date>
      <news:title>Malicious JetBrains plugins steal developers' AI API keys on entry</news:title>
    </news:news>
    <lastmod>2026-06-18</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260618-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-18</news:publication_date>
      <news:title>144 Mastra AI-framework npm packages backdoored via hijacked account</news:title>
    </news:news>
    <lastmod>2026-06-18</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260618-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-18</news:publication_date>
      <news:title>Kodak confirms breach as ShinyHunters claims 2.2 million stolen records</news:title>
    </news:news>
    <lastmod>2026-06-18</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260618-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-18</news:publication_date>
      <news:title>DragonForce ransomware hid command traffic inside Microsoft Teams for months</news:title>
    </news:news>
    <lastmod>2026-06-18</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260618-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-18</news:publication_date>
      <news:title>HIBP confirms 248,000 accounts from ShinyHunters breach of advisory firm CFGI</news:title>
    </news:news>
    <lastmod>2026-06-18</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260617-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-17</news:publication_date>
      <news:title>Exploited LiteSpeed cPanel plugin flaw lets hosting users gain root</news:title>
    </news:news>
    <lastmod>2026-06-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260617-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-17</news:publication_date>
      <news:title>Attackers now exploiting three critical FortiSandbox flaws, one with AI-built exploit</news:title>
    </news:news>
    <lastmod>2026-06-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260617-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-17</news:publication_date>
      <news:title>Google Vertex AI SDK flaw let attackers hijack model uploads across tenants</news:title>
    </news:news>
    <lastmod>2026-06-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260617-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-17</news:publication_date>
      <news:title>Cardiac monitoring firm iRhythm says patient health data stolen in attack</news:title>
    </news:news>
    <lastmod>2026-06-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260617-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-17</news:publication_date>
      <news:title>China-linked SprySOCKS backdoor jumps to Windows with kernel-level stealth</news:title>
    </news:news>
    <lastmod>2026-06-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260617-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-17</news:publication_date>
      <news:title>Rokarolla Android trojan hits 217 banking and crypto apps with full device control</news:title>
    </news:news>
    <lastmod>2026-06-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260617-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-17</news:publication_date>
      <news:title>North Korea's ScarCruft uses fake Microsoft alerts to plant NarwhalRAT spyware</news:title>
    </news:news>
    <lastmod>2026-06-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260616-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-16</news:publication_date>
      <news:title>Cisco patches exploited SD-WAN Manager flaw that gives root access</news:title>
    </news:news>
    <lastmod>2026-06-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260616-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-16</news:publication_date>
      <news:title>SimpleHelp flaw lets unauthenticated attackers create rogue admin technicians</news:title>
    </news:news>
    <lastmod>2026-06-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260616-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-16</news:publication_date>
      <news:title>One-click Microsoft 365 Copilot flaw could silently steal emails and codes</news:title>
    </news:news>
    <lastmod>2026-06-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260616-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-16</news:publication_date>
      <news:title>WordPress plugin supply-chain attack backdoors sites via Awesome Motive CDN</news:title>
    </news:news>
    <lastmod>2026-06-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260616-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-16</news:publication_date>
      <news:title>China-linked group hid in research networks, stealing email via Workspace rules</news:title>
    </news:news>
    <lastmod>2026-06-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260616-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-16</news:publication_date>
      <news:title>North Korean hackers poison npm packages to hit developers and steal crypto</news:title>
    </news:news>
    <lastmod>2026-06-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260616-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-16</news:publication_date>
      <news:title>56 million accounts surface in latest infostealer log compilation</news:title>
    </news:news>
    <lastmod>2026-06-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260615-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-15</news:publication_date>
      <news:title>ShinyHunters breach of Berkadia exposes 305,000 in real estate finance</news:title>
    </news:news>
    <lastmod>2026-06-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260615-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-15</news:publication_date>
      <news:title>K-12 platform Infinite Campus breach confirmed, 137,000 student-linked accounts</news:title>
    </news:news>
    <lastmod>2026-06-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260614-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-14</news:publication_date>
      <news:title>Critical Splunk Enterprise flaw allows unauthenticated remote code execution</news:title>
    </news:news>
    <lastmod>2026-06-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260614-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-14</news:publication_date>
      <news:title>Agentjacking hijacks AI coding agents via fake Sentry error reports</news:title>
    </news:news>
    <lastmod>2026-06-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260613-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-13</news:publication_date>
      <news:title>Over 400 Arch Linux AUR packages hijacked to drop stealer and rootkit</news:title>
    </news:news>
    <lastmod>2026-06-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260613-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-13</news:publication_date>
      <news:title>China-linked Velvet Ant hid in Linux login software for nearly a decade</news:title>
    </news:news>
    <lastmod>2026-06-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260613-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-13</news:publication_date>
      <news:title>Decade-old phpBB auth bypass lets anyone become admin, then run code</news:title>
    </news:news>
    <lastmod>2026-06-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260613-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-13</news:publication_date>
      <news:title>LangGraph flaw chain exposes self-hosted AI agents to code execution</news:title>
    </news:news>
    <lastmod>2026-06-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260613-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-13</news:publication_date>
      <news:title>Iran-linked Handala steals data from California water utility Cal Water</news:title>
    </news:news>
    <lastmod>2026-06-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260613-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-13</news:publication_date>
      <news:title>Novo Nordisk says clinical trial patient data stolen in breach</news:title>
    </news:news>
    <lastmod>2026-06-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260613-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-13</news:publication_date>
      <news:title>French government messenger Tchap breached, hitting 73,000 public servants</news:title>
    </news:news>
    <lastmod>2026-06-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260613-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-13</news:publication_date>
      <news:title>Google sues Chinese network for weaponizing Gemini AI in smishing scams</news:title>
    </news:news>
    <lastmod>2026-06-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260612-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-12</news:publication_date>
      <news:title>Oracle issues emergency PeopleSoft fix as exploited zero-day drives breaches</news:title>
    </news:news>
    <lastmod>2026-06-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260612-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-12</news:publication_date>
      <news:title>Critical Ivanti Sentry flaw now exploited within a day of disclosure</news:title>
    </news:news>
    <lastmod>2026-06-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260612-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-12</news:publication_date>
      <news:title>New unpatched GreatXML exploit bypasses Windows BitLocker encryption</news:title>
    </news:news>
    <lastmod>2026-06-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260612-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-12</news:publication_date>
      <news:title>The Gentlemen ransomware adds worm-like spread, tops 478 victims</news:title>
    </news:news>
    <lastmod>2026-06-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260612-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-12</news:publication_date>
      <news:title>Japanese utility Kyushu Electric loses drive holding 10.9 million customer records</news:title>
    </news:news>
    <lastmod>2026-06-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260612-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-12</news:publication_date>
      <news:title>Critical FortiSandbox flaw lets unauthenticated attackers run commands</news:title>
    </news:news>
    <lastmod>2026-06-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260612-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-12</news:publication_date>
      <news:title>Attackers post fake breach notices to Maine's public disclosure portal</news:title>
    </news:news>
    <lastmod>2026-06-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260612-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-12</news:publication_date>
      <news:title>Cheap OnyxC2 service puts enterprise-grade data theft within easy reach</news:title>
    </news:news>
    <lastmod>2026-06-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260611-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-11</news:publication_date>
      <news:title>Attackers exploit unpatched Langflow flaw for unauthenticated code execution</news:title>
    </news:news>
    <lastmod>2026-06-11</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260611-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-11</news:publication_date>
      <news:title>Microsoft finally patches actively exploited Exchange OWA spoofing zero-day</news:title>
    </news:news>
    <lastmod>2026-06-11</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260611-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-11</news:publication_date>
      <news:title>Critical Ivanti Sentry flaw gives unauthenticated attackers root</news:title>
    </news:news>
    <lastmod>2026-06-11</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260611-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-11</news:publication_date>
      <news:title>ShinyHunters extorts Oracle PeopleSoft customers in widening data-theft spree</news:title>
    </news:news>
    <lastmod>2026-06-11</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260611-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-11</news:publication_date>
      <news:title>China-linked JDY botnet scans US military networks for fresh flaws</news:title>
    </news:news>
    <lastmod>2026-06-11</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260611-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-11</news:publication_date>
      <news:title>Six protobuf.js flaws let malicious schemas run code in Node.js apps</news:title>
    </news:news>
    <lastmod>2026-06-11</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260611-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-11</news:publication_date>
      <news:title>Cyberattack halts Australia's second-largest sugar producer mid-harvest</news:title>
    </news:news>
    <lastmod>2026-06-11</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260610-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-10</news:publication_date>
      <news:title>Microsoft ships record 200-plus June patches, including three zero-days</news:title>
    </news:news>
    <lastmod>2026-06-10</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260610-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-10</news:publication_date>
      <news:title>Unpatched Defender zero-day RoguePlanet gives SYSTEM on current Windows</news:title>
    </news:news>
    <lastmod>2026-06-10</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260610-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-10</news:publication_date>
      <news:title>Google patches actively exploited Chrome V8 zero-day, fifth this year</news:title>
    </news:news>
    <lastmod>2026-06-10</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260610-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-10</news:publication_date>
      <news:title>LiteLLM AI gateway flaw exploited for unauthenticated remote code execution</news:title>
    </news:news>
    <lastmod>2026-06-10</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260610-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-10</news:publication_date>
      <news:title>Veeam backup server flaw lets low-privilege domain users run code</news:title>
    </news:news>
    <lastmod>2026-06-10</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260610-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-10</news:publication_date>
      <news:title>Russia-aligned groups exploit old WinRAR flaw to hit Ukrainian targets</news:title>
    </news:news>
    <lastmod>2026-06-10</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260610-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-10</news:publication_date>
      <news:title>ServiceNow API flaw let attackers query customer instance data</news:title>
    </news:news>
    <lastmod>2026-06-10</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260609-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-09</news:publication_date>
      <news:title>Check Point VPN zero-day exploited by Qilin ransomware, patch now</news:title>
    </news:news>
    <lastmod>2026-06-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260609-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-09</news:publication_date>
      <news:title>Chained UniFi OS flaws give unauthenticated root on Ubiquiti gateways</news:title>
    </news:news>
    <lastmod>2026-06-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260609-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-09</news:publication_date>
      <news:title>Gogs patches critical RCE zero-day exposing private repos and credentials</news:title>
    </news:news>
    <lastmod>2026-06-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260609-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-09</news:publication_date>
      <news:title>Public exploit lands for one-character Linux kernel root flaw</news:title>
    </news:news>
    <lastmod>2026-06-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260609-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-09</news:publication_date>
      <news:title>New Shai-Hulud wave poisons 19 scientific Python packages on PyPI</news:title>
    </news:news>
    <lastmod>2026-06-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260609-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-09</news:publication_date>
      <news:title>NFCShare Android malware poses as bank app updates to steal card data</news:title>
    </news:news>
    <lastmod>2026-06-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260609-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-09</news:publication_date>
      <news:title>Instagram AI recovery flaw let attackers hijack 20,000 accounts</news:title>
    </news:news>
    <lastmod>2026-06-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260609-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-09</news:publication_date>
      <news:title>Meta disrupts new NSO spyware phishing aimed at WhatsApp users</news:title>
    </news:news>
    <lastmod>2026-06-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260608-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-08</news:publication_date>
      <news:title>New C0XMO botnet exploits DD-WRT router flaw, wipes rival malware</news:title>
    </news:news>
    <lastmod>2026-06-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260608-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-08</news:publication_date>
      <news:title>Silent Ransom Group hits law firms with fake IT support calls</news:title>
    </news:news>
    <lastmod>2026-06-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260608-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-08</news:publication_date>
      <news:title>Five Eyes warns China is recruiting officials via fake job offers</news:title>
    </news:news>
    <lastmod>2026-06-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260608-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-08</news:publication_date>
      <news:title>Nightclub operator RCI breach exposes 40,000 records via website IDOR flaw</news:title>
    </news:news>
    <lastmod>2026-06-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260607-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-07</news:publication_date>
      <news:title>AI agent finds 21 FFmpeg zero-days, public exploit code released</news:title>
    </news:news>
    <lastmod>2026-06-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260607-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-07</news:publication_date>
      <news:title>Chrome patches record 429 flaws, including a sandbox-escape RCE</news:title>
    </news:news>
    <lastmod>2026-06-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260607-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-07</news:publication_date>
      <news:title>Miasma worm hits 73 Microsoft GitHub repos, targets AI coding tools</news:title>
    </news:news>
    <lastmod>2026-06-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260607-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-07</news:publication_date>
      <news:title>HVAC distributor Baker breach exposes 102,000 accounts to ShinyHunters</news:title>
    </news:news>
    <lastmod>2026-06-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260607-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-07</news:publication_date>
      <news:title>Free apps turn smart TVs into hidden web-scraping proxies</news:title>
    </news:news>
    <lastmod>2026-06-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260607-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-07</news:publication_date>
      <news:title>Android spyware Asin targets Arabic journalists via fake news and map apps</news:title>
    </news:news>
    <lastmod>2026-06-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260607-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-07</news:publication_date>
      <news:title>AI-assisted audit finds 4-year Zcash flaw enabling unlimited counterfeit coins</news:title>
    </news:news>
    <lastmod>2026-06-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260607-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-07</news:publication_date>
      <news:title>FIFA World Cup 2026 fraud wave hits fans before June 11 kickoff</news:title>
    </news:news>
    <lastmod>2026-06-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260606-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-06</news:publication_date>
      <news:title>Cisco SD-WAN Manager zero-day exploited to gain root, no patch yet</news:title>
    </news:news>
    <lastmod>2026-06-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260606-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-06</news:publication_date>
      <news:title>SolarWinds Serv-U flaw exploited to crash file-transfer servers, now in CISA KEV</news:title>
    </news:news>
    <lastmod>2026-06-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260606-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-06</news:publication_date>
      <news:title>Chinese APT UNC5221 keeps 18-month Microsoft 365 access with Brickstorm backdoor</news:title>
    </news:news>
    <lastmod>2026-06-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260606-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-06</news:publication_date>
      <news:title>China-linked OP-512 hits Microsoft IIS servers with stealthy custom web shells</news:title>
    </news:news>
    <lastmod>2026-06-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260606-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-06</news:publication_date>
      <news:title>Critical Everest Forms WordPress plugin flaw exploited to create rogue admins</news:title>
    </news:news>
    <lastmod>2026-06-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260606-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-06</news:publication_date>
      <news:title>Corporate travel firm BCD Travel breach exposes 396,000 accounts</news:title>
    </news:news>
    <lastmod>2026-06-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260606-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-06</news:publication_date>
      <news:title>Polyfill.io resurfaces, injecting fake login prompts on Toshiba and Muji sites</news:title>
    </news:news>
    <lastmod>2026-06-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260605-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-05</news:publication_date>
      <news:title>Claude Code GitHub Action flaw let one malicious issue hijack repos via prompt injection and OIDC token theft - bot-trigger bypass</news:title>
    </news:news>
    <lastmod>2026-06-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260605-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-05</news:publication_date>
      <news:title>Cisco Unified CM critical SSRF CVE-2026-20230 lets unauthenticated attackers write files and escalate to root - public PoC, WebDialer required</news:title>
    </news:news>
    <lastmod>2026-06-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260605-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-05</news:publication_date>
      <news:title>IronWorm Rust npm worm hits 36 packages, steals Anthropic/OpenAI/AWS credentials via eBPF rootkit and Tor; GitHub Actions used for exfil</news:title>
    </news:news>
    <lastmod>2026-06-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260605-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-05</news:publication_date>
      <news:title>PCPJack hijacks 230 AWS, Google Cloud, and Azure servers into covert SMTP relay network using Sliver and Chisel, removes TeamPCP</news:title>
    </news:news>
    <lastmod>2026-06-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260605-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-05</news:publication_date>
      <news:title>UN World Food Programme Gaza registration platform breached - personal data of ~600,000 Palestinian households stolen, phishing warning issued</news:title>
    </news:news>
    <lastmod>2026-06-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260605-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-05</news:publication_date>
      <news:title>Hola Browser for Windows compromised in supply-chain attack delivering undeclared Monero miner disguised as HolaMonitorService.exe</news:title>
    </news:news>
    <lastmod>2026-06-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260605-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-05</news:publication_date>
      <news:title>FlutterShell macOS backdoor spreads via Google and YouTube ads from verified shell companies - CL-CRI-1089 / TamperedChef adware-to-backdoor</news:title>
    </news:news>
    <lastmod>2026-06-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260605-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-05</news:publication_date>
      <news:title>Magecart skimmer abuses Stripe API and Google Tag Manager to host payload and exfiltrate cards, bypassing CSP on Magento checkouts</news:title>
    </news:news>
    <lastmod>2026-06-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260605-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-05</news:publication_date>
      <news:title>Hackers spied on a stock exchange executive's Outlook mailbox for five months via malicious OAuth app and inbox-rule persistence</news:title>
    </news:news>
    <lastmod>2026-06-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260604-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-04</news:publication_date>
      <news:title>VS Code zero-day lets one click steal full-scope GitHub OAuth token via github.dev webview - PoC public, no patch yet</news:title>
    </news:news>
    <lastmod>2026-06-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260604-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-04</news:publication_date>
      <news:title>HTTP/2 Bomb: single 100Mbps client crashes NGINX, Apache, IIS, Envoy, Cloudflare Pingora in seconds - found by OpenAI Codex agent</news:title>
    </news:news>
    <lastmod>2026-06-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260604-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-04</news:publication_date>
      <news:title>Microsoft 365 Android apps leak FOCI SSO tokens to any local app via leftover setIsDebugMode(true) - four CVEs, six apps</news:title>
    </news:news>
    <lastmod>2026-06-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260604-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-04</news:publication_date>
      <news:title>Autonomous AI tool finds 2-year-old Redis use-after-free RCE CVE-2026-23479 - most cloud Redis runs passwordless, exploit public</news:title>
    </news:news>
    <lastmod>2026-06-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260604-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-04</news:publication_date>
      <news:title>Acer Wave 7 mesh routers: max-severity zero-days CVE-2026-49200/49201 expose plaintext credentials and hardcoded AES backdoor key, patch end of June</news:title>
    </news:news>
    <lastmod>2026-06-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260604-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-04</news:publication_date>
      <news:title>Unpatched Windows search: URI handler leaks NTLMv2 hashes via crafted crumb=location UNC path - same class as patched Snipping Tool flaw</news:title>
    </news:news>
    <lastmod>2026-06-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260604-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-04</news:publication_date>
      <news:title>SafeBreach 'Fake Context Alignment' hijacks Google Gemini on Android via malicious WhatsApp/Slack notifications - no malicious app needed, now patched</news:title>
    </news:news>
    <lastmod>2026-06-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260604-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-04</news:publication_date>
      <news:title>Chinese cybercrime actor TA4922 expands to Europe with Atlas RAT and localized payroll/tax lures - likely LLM-accelerated malware</news:title>
    </news:news>
    <lastmod>2026-06-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260604-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-04</news:publication_date>
      <news:title>CISA, FBI, NSA warn hackers are modifying internet-exposed fuel tank gauge (ATG) systems - prior activity linked to Iran</news:title>
    </news:news>
    <lastmod>2026-06-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260604-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-04</news:publication_date>
      <news:title>Dental-benefits provider DentaQuest added to Have I Been Pwned with 2,553,599 breached accounts; healthcare-themed phishing risk</news:title>
    </news:news>
    <lastmod>2026-06-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260603-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-03</news:publication_date>
      <news:title>Google June Android update fixes 124 flaws including exploited Framework zero-day CVE-2025-48595 - also added to CISA KEV same day</news:title>
    </news:news>
    <lastmod>2026-06-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260603-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-03</news:publication_date>
      <news:title>AI-built ransomware toolkit uses Cursor and Claude Opus agents to automate EDR evasion and Active Directory discovery, Sophos finds</news:title>
    </news:news>
    <lastmod>2026-06-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260603-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-03</news:publication_date>
      <news:title>Gamaredon (FSB) exploits WinRAR to deliver GammaWorm and GammaSteel against Ukraine - resilient, highly obfuscated modular RAR chain</news:title>
    </news:news>
    <lastmod>2026-06-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260603-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-03</news:publication_date>
      <news:title>Critical Kirki WordPress flaw CVE-2026-8206 exploited to hijack admin accounts via password-reset redirect - 500,000 installs, 222+ attacks blocked</news:title>
    </news:news>
    <lastmod>2026-06-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260603-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-03</news:publication_date>
      <news:title>Dashlane confirms attackers downloaded encrypted vaults of fewer than 20 users in brute-force campaign; Master Password still protects data</news:title>
    </news:news>
    <lastmod>2026-06-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260603-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-03</news:publication_date>
      <news:title>SideCopy (APT36) Operation XENOFISCAL hits Afghanistan Finance Ministry with Pashto-lure Xeno RAT via mshta.exe and Edge-mimicking persistence</news:title>
    </news:news>
    <lastmod>2026-06-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260603-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-03</news:publication_date>
      <news:title>WeedHack malware-as-a-service infostealer infects 116,000+ Minecraft systems via YouTube and SEO-poisoned fake mods and cheat clients</news:title>
    </news:news>
    <lastmod>2026-06-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260603-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-03</news:publication_date>
      <news:title>HP Poly VVX VoIP phones: unauthenticated root RCE CVE-2026-0826 via oversized ICE candidate in SIP INVITE, patches available</news:title>
    </news:news>
    <lastmod>2026-06-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260603-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-03</news:publication_date>
      <news:title>CISA adds 4-year-old Linux kernel cgroups container-escape CVE-2022-0492 to KEV after active exploitation evidence</news:title>
    </news:news>
    <lastmod>2026-06-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260603-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-03</news:publication_date>
      <news:title>FBI-flagged Kali365 phishing-as-a-service expands reach - Microsoft 365 OAuth device-code consent abuse grows beyond April campaigns</news:title>
    </news:news>
    <lastmod>2026-06-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260602-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-02</news:publication_date>
      <news:title>Critical Windows Netlogon RCE CVE-2026-41089 now exploited - unauthenticated code execution on domain controllers, all Server versions, CCB Belgium warns</news:title>
    </news:news>
    <lastmod>2026-06-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260602-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-02</news:publication_date>
      <news:title>Red Hat @redhat-cloud-services npm namespace compromised with 'Miasma' Shai-Hulud variant - 30+ packages, 117K weekly downloads, steals dev and cloud secrets</news:title>
    </news:news>
    <lastmod>2026-06-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260602-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-02</news:publication_date>
      <news:title>codexui-android npm steals OpenAI Codex auth tokens for a month - non-expiring refresh_token exfiltrated to fake Sentry endpoint</news:title>
    </news:news>
    <lastmod>2026-06-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260602-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-02</news:publication_date>
      <news:title>DriveSurge initial-access broker hijacks thousands of sites for ClickFix and FakeUpdates, routes victims through zTDS pay-per-install network</news:title>
    </news:news>
    <lastmod>2026-06-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260602-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-02</news:publication_date>
      <news:title>WordPress malware hides C2 in Steam profile comments using invisible Unicode - ~1,980 sites infected since July 2025</news:title>
    </news:news>
    <lastmod>2026-06-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260602-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-02</news:publication_date>
      <news:title>Dashlane locks out users after external brute-force attack triggers automated account suspensions; no system compromise, accounts restored</news:title>
    </news:news>
    <lastmod>2026-06-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260602-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-02</news:publication_date>
      <news:title>Operation Dragon Weave: China-aligned spear-phishing hits Czech and Taiwan officials with Rust RUSTCLOAK loader and Azure-hosted AdaptixC2</news:title>
    </news:news>
    <lastmod>2026-06-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260602-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-02</news:publication_date>
      <news:title>Hackers social-engineer Meta's new AI account-recovery bot to hijack high-value Instagram handles; MFA-enabled accounts were unaffected</news:title>
    </news:news>
    <lastmod>2026-06-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260602-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-02</news:publication_date>
      <news:title>Anthropic to give EU cybersecurity agency ENISA access to Mythos via Project Glasswing - first non-US/UK entity, terms still negotiating</news:title>
    </news:news>
    <lastmod>2026-06-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260602-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-02</news:publication_date>
      <news:title>CISA adds Oracle WebLogic Server CVE-2024-21182 to KEV after active exploitation evidence - FCEB patch deadline set</news:title>
    </news:news>
    <lastmod>2026-06-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260602-011</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-06-02</news:publication_date>
      <news:title>Automotive marketplace Edmunds added to Have I Been Pwned with 177,860 breached accounts; expect car-buying-themed phishing</news:title>
    </news:news>
    <lastmod>2026-06-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260531-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-31</news:publication_date>
      <news:title>WP Maps Pro CVE-2026-8732 actively exploited to create unauthenticated admin accounts on WordPress sites - 'temporary access' AJAX endpoint flaw</news:title>
    </news:news>
    <lastmod>2026-05-31</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260531-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-31</news:publication_date>
      <news:title>CIFSwitch Linux LPE: forged cifs.spnego key descriptions trick cifs.upcall into running as root - cifs-utils 6.14+ across multiple distros</news:title>
    </news:news>
    <lastmod>2026-05-31</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260531-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-31</news:publication_date>
      <news:title>ShinyHunters publishes Charter Communications data after failed extortion - up to 5 million customer records now leaked, not just claimed</news:title>
    </news:news>
    <lastmod>2026-05-31</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260530-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-30</news:publication_date>
      <news:title>Palo Alto PAN-OS GlobalProtect authentication bypass CVE-2026-0257 actively exploited since May 17, added to CISA KEV - patch urgently</news:title>
    </news:news>
    <lastmod>2026-05-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260530-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-30</news:publication_date>
      <news:title>Dutch police dismantle 17-million-device botnet linked to Asocks proxy service, seize 200+ servers at local hosting provider</news:title>
    </news:news>
    <lastmod>2026-05-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260530-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-30</news:publication_date>
      <news:title>ChatGPhish: ChatGPT auto-renders attacker Markdown links, images, and QR codes from summarized web pages as trusted clickable phishing</news:title>
    </news:news>
    <lastmod>2026-05-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260530-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-30</news:publication_date>
      <news:title>WithSecure: Russia-linked GREYVIBE targets Ukraine with AI-assisted malware via PhantomMail, PhantomRelay RAT, and ClickFix fake-CAPTCHA chains</news:title>
    </news:news>
    <lastmod>2026-05-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260530-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-30</news:publication_date>
      <news:title>Google Chrome rolls out Device Bound Session Credentials to all users, binding cookies to TPM/Secure Enclave against theft</news:title>
    </news:news>
    <lastmod>2026-05-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260530-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-30</news:publication_date>
      <news:title>Signal phishing campaign impersonates Support to steal backup recovery keys from journalists and activists, enabling full message decryption</news:title>
    </news:news>
    <lastmod>2026-05-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260530-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-30</news:publication_date>
      <news:title>Attackers drive LLM agent for post-exploitation after Marimo CVE-2026-39987 RCE - AWS Secrets Manager to PostgreSQL exfil in minutes</news:title>
    </news:news>
    <lastmod>2026-05-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260529-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-29</news:publication_date>
      <news:title>Anthropic confirms public Mythos rollout in 'coming weeks' - claimed more powerful than Opus 4.8, guardrails developed during preview</news:title>
    </news:news>
    <lastmod>2026-05-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260529-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-29</news:publication_date>
      <news:title>ShinyHunters Charter Communications breach hit 4.9 million unique accounts (42M records claimed) - HIBP confirms scale</news:title>
    </news:news>
    <lastmod>2026-05-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260529-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-29</news:publication_date>
      <news:title>FortiClient EMS CVE-2026-35616 actively exploited to deploy EKZ infostealer - disguised as endpoint update via VPN scripting</news:title>
    </news:news>
    <lastmod>2026-05-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260529-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-29</news:publication_date>
      <news:title>Gogs unpatched zero-day argument-injection RCE affects all default-configured instances; open registration plus rebase-merge toggle is the chain</news:title>
    </news:news>
    <lastmod>2026-05-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260529-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-29</news:publication_date>
      <news:title>Carnival Corporation confirms breach affecting 5,995,277 customers - April 10 social-engineering of employee account, ShinyHunters claimed</news:title>
    </news:news>
    <lastmod>2026-05-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260529-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-29</news:publication_date>
      <news:title>Microsoft denounces uncoordinated zero-day disclosures after Chaotic Eclipse (Nightmare Eclipse) drops 6 CVEs - GitHub and GitLab accounts removed</news:title>
    </news:news>
    <lastmod>2026-05-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260529-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-29</news:publication_date>
      <news:title>JINX-0164 targets crypto firms with LinkedIn recruiter lures and macOS AUDIOFIX malware - lateral move into CI/CD code distribution</news:title>
    </news:news>
    <lastmod>2026-05-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260529-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-29</news:publication_date>
      <news:title>Malicious 'Sicoob.Sdk' NuGet steals Brazilian banking PFX certificates via hardcoded Sentry endpoint - amplified by Google Search AI Mode</news:title>
    </news:news>
    <lastmod>2026-05-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260529-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-29</news:publication_date>
      <news:title>Kimsuky (Velvet Chollima) targets South Korean military and corporate orgs with HTTPSpy, HelloDoor, and VS Code Tunnels backdoor</news:title>
    </news:news>
    <lastmod>2026-05-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260529-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-29</news:publication_date>
      <news:title>Fake 'UK Visa Portal' third-party (Active Leadgen LLC) exposed 100,000 passports and selfies on public AWS S3</news:title>
    </news:news>
    <lastmod>2026-05-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260529-011</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-29</news:publication_date>
      <news:title>FBI warns of fake FIFA World Cup 2026 sites (fiffa.com, alt-TLDs) collecting payment data ahead of June 11 kickoff</news:title>
    </news:news>
    <lastmod>2026-05-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260528-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-28</news:publication_date>
      <news:title>CrowdStrike, Google, Shadowserver disrupt GlassWorm botnet by cutting four resilient C2 channels - Solana memos, BitTorrent DHT, Google Calendar, direct VPS</news:title>
    </news:news>
    <lastmod>2026-05-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260528-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-28</news:publication_date>
      <news:title>FBI flash alert: Silent Ransom Group (Luna Moth/UNC3753) sends operatives in person to plug USB drives into US law firm computers</news:title>
    </news:news>
    <lastmod>2026-05-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260528-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-28</news:publication_date>
      <news:title>Iranian intelligence (MOIS) behind LA Metro hack disguised as 'Ababil of Minab' hacktivists - hundreds of terabytes wiped</news:title>
    </news:news>
    <lastmod>2026-05-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260528-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-28</news:publication_date>
      <news:title>Malicious npm package 'mouse5212-super-formatter' steals files from Claude AI /mnt/user-data directory, exfiltrates to attacker GitHub via postinstall</news:title>
    </news:news>
    <lastmod>2026-05-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260528-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-28</news:publication_date>
      <news:title>Grandoreiro banking trojan and BTMOB Android RAT hit Iberia and Latin America - DLL side-loading, WebRTC P2P, targets Wise and Revolut</news:title>
    </news:news>
    <lastmod>2026-05-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260528-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-28</news:publication_date>
      <news:title>Gitea CVE-2026-27771 (CVSS 8.2) lets unauthenticated attackers pull private container images - ~30,000 deployments exposed for four years, Forgejo affected</news:title>
    </news:news>
    <lastmod>2026-05-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260528-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-28</news:publication_date>
      <news:title>Microsoft: cryptojacking campaign uses AI chatbot recommendations and SEO poisoning to push fake GPU utilities, deploys ScreenConnect persistence</news:title>
    </news:news>
    <lastmod>2026-05-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260528-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-28</news:publication_date>
      <news:title>CISA adds three to KEV: TanStack CVE-2026-45321 and Nx Console CVE-2026-48027 (TeamPCP) plus Daemon Tools Lite CVE-2026-8398</news:title>
    </news:news>
    <lastmod>2026-05-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260528-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-28</news:publication_date>
      <news:title>Insurance provider Kemper added to Have I Been Pwned with 269,299 breached accounts; new financial-services dataset searchable</news:title>
    </news:news>
    <lastmod>2026-05-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260527-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-27</news:publication_date>
      <news:title>KnowledgeDeliver LMS zero-day CVE-2026-5426 deploys Godzilla web shell via ViewState deserialization - shared hardcoded ASP.NET machine keys across customers</news:title>
    </news:news>
    <lastmod>2026-05-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260527-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-27</news:publication_date>
      <news:title>Charter Communications confirms ShinyHunters breach: 40M records via vishing-compromised Microsoft Entra employee account and Salesforce export</news:title>
    </news:news>
    <lastmod>2026-05-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260527-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-27</news:publication_date>
      <news:title>Microsoft Defender for Endpoint adds automatic device isolation as part of automatic attack disruption (preview)</news:title>
    </news:news>
    <lastmod>2026-05-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260527-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-27</news:publication_date>
      <news:title>CISA emergency directive: federal agencies must patch Drupal CVE-2026-9082 by midnight May 27; Imperva sees 15K attacks across 65 countries</news:title>
    </news:news>
    <lastmod>2026-05-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260527-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-27</news:publication_date>
      <news:title>Microsoft issues out-of-band SharePoint RCE patch CVE-2026-45659 for Subscription Edition, 2019, and 2016 servers</news:title>
    </news:news>
    <lastmod>2026-05-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260527-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-27</news:publication_date>
      <news:title>MuddyWater (Seedworm) 'Operation Olalampo' espionage hits 9 countries with DLL sideloading via sentinelmemoryscanner.exe and ChromElevator browser theft</news:title>
    </news:news>
    <lastmod>2026-05-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260527-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-27</news:publication_date>
      <news:title>CERT-In mandates 12-hour patching window for internet-facing KEV vulnerabilities to counter AI-assisted attacks; full risk-tiered SLA blueprint</news:title>
    </news:news>
    <lastmod>2026-05-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260527-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-27</news:publication_date>
      <news:title>Iran's Nimbus Manticore (UNC1549) accelerated wartime ops with AI-assisted MiniFast backdoor, trojanized Zoom installers, and SEO poisoning of SQL Developer</news:title>
    </news:news>
    <lastmod>2026-05-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260527-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-27</news:publication_date>
      <news:title>Lithuania investigates theft of 600,000 state registry records; opposition leader alleges Russian intelligence; Centre of Registers chief resigns</news:title>
    </news:news>
    <lastmod>2026-05-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260527-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-27</news:publication_date>
      <news:title>Oncology Institute confirms patient data exposure via third-party breach; reports point to Cognizant-owned TriZetto (3.4M+ patients in original incident)</news:title>
    </news:news>
    <lastmod>2026-05-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260527-011</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-27</news:publication_date>
      <news:title>Have I Been Pwned adds Ameriprise Financial with 502,597 breached accounts; financial-services dataset newly searchable</news:title>
    </news:news>
    <lastmod>2026-05-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260526-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-26</news:publication_date>
      <news:title>Anthropic preparing to roll Claude Mythos into Claude Code and Claude Security - 'claude-mythos-1-preview' toggle briefly appeared publicly</news:title>
    </news:news>
    <lastmod>2026-05-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260526-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-26</news:publication_date>
      <news:title>Lazarus RemotePE memory-only RAT targets DeFi and crypto firms - DPAPILoader + RemotePELoader chain, Hell's Gate, ETW patching</news:title>
    </news:news>
    <lastmod>2026-05-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260526-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-26</news:publication_date>
      <news:title>TrapDoor cross-ecosystem supply chain hits npm, PyPI, Crates.io with 34+ malicious packages; plants .cursorrules and CLAUDE.md to trick AI assistants</news:title>
    </news:news>
    <lastmod>2026-05-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260526-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-26</news:publication_date>
      <news:title>Threat actor advertises 340M OnlyFans profiles for $76K - dataset built from correlating old breaches and public data, not direct hack</news:title>
    </news:news>
    <lastmod>2026-05-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260526-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-26</news:publication_date>
      <news:title>Forenser documents zero-click WhatsApp account takeover on iPhone iOS 16 - parallel session, no linked devices, used for wire-transfer scams</news:title>
    </news:news>
    <lastmod>2026-05-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260526-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-26</news:publication_date>
      <news:title>FBI Director Kash Patel's merchandise site (basedapparel.com) infected with WooCommerce ClickFix macOS infostealer; site taken offline</news:title>
    </news:news>
    <lastmod>2026-05-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260525-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-25</news:publication_date>
      <news:title>Ghost CMS CVE-2026-26980 SQL injection exploited at scale - 700+ sites including Harvard, Oxford, DuckDuckGo serve ClickFix lures</news:title>
    </news:news>
    <lastmod>2026-05-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260525-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-25</news:publication_date>
      <news:title>Anthropic Project Glasswing reveals 1,094 confirmed high/critical flaws and WolfSSL CVE-2026-5194 (CVSS 9.1) in first month with Apple, AWS, Microsoft, Google partners</news:title>
    </news:news>
    <lastmod>2026-05-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260524-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-24</news:publication_date>
      <news:title>Packagist supply-chain attack hits 8 Composer packages with cross-ecosystem package.json hook downloading Linux binary to /tmp/.sshd</news:title>
    </news:news>
    <lastmod>2026-05-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260524-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-24</news:publication_date>
      <news:title>GitHub ships npm 11.15.0 with 2FA-gated staging, OIDC trusted publishing, and per-source install flags in response to TeamPCP wave</news:title>
    </news:news>
    <lastmod>2026-05-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260524-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-24</news:publication_date>
      <news:title>FBI warns of Kali365 phishing-as-a-service: OAuth device-code consent abuse against Microsoft 365 since April, $250-$2,000/year</news:title>
    </news:news>
    <lastmod>2026-05-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260524-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-24</news:publication_date>
      <news:title>Italian Guardia di Finanza dismantles CINEMAGOAL piracy app that harvested fresh auth codes from legit Netflix, Disney+, Spotify subscriptions every 3 minutes</news:title>
    </news:news>
    <lastmod>2026-05-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260523-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-23</news:publication_date>
      <news:title>Drupal critical SQL injection CVE-2026-9082 now actively exploited in PostgreSQL sites, added to CISA KEV - patch immediately</news:title>
    </news:news>
    <lastmod>2026-05-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260523-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-23</news:publication_date>
      <news:title>Lawmakers demand answers from CISA over GitHub credential leak; agency still hasn't rotated all exposed keys a week later</news:title>
    </news:news>
    <lastmod>2026-05-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260523-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-23</news:publication_date>
      <news:title>Anthropic Mythos Preview AI finds 10,000+ high-severity flaws in widely used software; Cyber Verification Program launched</news:title>
    </news:news>
    <lastmod>2026-05-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260523-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-23</news:publication_date>
      <news:title>Laravel-Lang PHP packages compromised - autoload payload steals AWS, Azure, GCP, K8s, Vault, crypto wallets across Linux, macOS, Windows</news:title>
    </news:news>
    <lastmod>2026-05-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260523-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-23</news:publication_date>
      <news:title>LiteSpeed cPanel Plugin CVE-2026-48172 actively exploited - root-level script execution, update to 2.4.7 / WHM 5.3.1.0</news:title>
    </news:news>
    <lastmod>2026-05-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260523-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-23</news:publication_date>
      <news:title>Ghostwriter (UAC-0057/UNC1151) targets Ukrainian government with Prometheus learning-platform lure, OYSTERSHUCK/OYSTERBLUES, Cobalt Strike payload</news:title>
    </news:news>
    <lastmod>2026-05-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260523-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-23</news:publication_date>
      <news:title>Megalodon GitHub Actions attack scans 5,561 repos for CI/CD secrets; polymarketdev publishes nine wallet-stealer npm packages</news:title>
    </news:news>
    <lastmod>2026-05-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260523-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-23</news:publication_date>
      <news:title>Netherlands seizes 800 servers of Stark Industries successor WorkTitans/THE.Hosting - links to NoName057(16) Russian hacktivists</news:title>
    </news:news>
    <lastmod>2026-05-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260522-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-22</news:publication_date>
      <news:title>Google leaks unfixed Chromium flaw - Service Workers run JavaScript after browser closes, enabling silent botnet on Chrome, Edge, Brave</news:title>
    </news:news>
    <lastmod>2026-05-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260522-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-22</news:publication_date>
      <news:title>Calypso (Red Lamassu) Chinese APT hits APAC and Middle East telcos with Showboat Linux SOCKS5 backdoor and JMFBackdoor Windows RAT</news:title>
    </news:news>
    <lastmod>2026-05-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260522-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-22</news:publication_date>
      <news:title>Cisco patches CVSS 10.0 Secure Workload flaw (CVE-2026-20223): unauthenticated REST API access grants Site Admin across tenants</news:title>
    </news:news>
    <lastmod>2026-05-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260522-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-22</news:publication_date>
      <news:title>First VPN service taken offline by Europol - 33 servers in 27 countries seized, Ukrainian operator questioned, used in ransomware</news:title>
    </news:news>
    <lastmod>2026-05-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260522-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-22</news:publication_date>
      <news:title>Alleged Kimwolf IoT botmaster 'Dort' arrested in Ottawa, charged in US and Canada - swatting attacks against researchers cited</news:title>
    </news:news>
    <lastmod>2026-05-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260522-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-22</news:publication_date>
      <news:title>CISA adds two to KEV: Langflow CVE-2025-34291 (Flodric botnet) and Trend Micro Apex One CVE-2026-34926 (directory traversal)</news:title>
    </news:news>
    <lastmod>2026-05-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260522-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-22</news:publication_date>
      <news:title>Aikido shows Google API keys keep working up to 23 minutes after deletion; Google closes report as 'won't fix'</news:title>
    </news:news>
    <lastmod>2026-05-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260522-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-22</news:publication_date>
      <news:title>Underminr domain-fronting attack hijacks brand reputations via CDN trust - 42% of websites globally, 51% in US, vulnerable</news:title>
    </news:news>
    <lastmod>2026-05-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260522-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-22</news:publication_date>
      <news:title>Universal Robots PolyScope 5 cobots: unauthenticated RCE on Dashboard Server (CVE-2026-8153, CVSS 9.8) - patch out</news:title>
    </news:news>
    <lastmod>2026-05-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260522-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-22</news:publication_date>
      <news:title>Ubiquiti patches three max-severity UniFi OS flaws (CVE-2026-34908/34909/34910) plus two more - ~100K endpoints exposed online</news:title>
    </news:news>
    <lastmod>2026-05-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260522-011</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-22</news:publication_date>
      <news:title>Hunt.io: Saudi Telecom hosts 72% of Middle East C2 servers; 1,350+ servers across 98 providers in 14 countries</news:title>
    </news:news>
    <lastmod>2026-05-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260521-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-21</news:publication_date>
      <news:title>GitHub confirms 3,800 internal repos stolen after employee installed malicious Nx Console VS Code extension (TeamPCP)</news:title>
    </news:news>
    <lastmod>2026-05-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260521-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-21</news:publication_date>
      <news:title>Microsoft Defender zero-days CVE-2026-41091 (SYSTEM LPE) and CVE-2026-45498 (DoS) exploited in attacks, added to CISA KEV</news:title>
    </news:news>
    <lastmod>2026-05-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260521-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-21</news:publication_date>
      <news:title>Qualys discloses 9-year-old Linux kernel ptrace flaw CVE-2026-46333 (ssh-keysign-pwn) - root via chage, ssh-keysign, pkexec, accounts-daemon</news:title>
    </news:news>
    <lastmod>2026-05-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260521-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-21</news:publication_date>
      <news:title>PinTheft Arch Linux LPE: RDS zerocopy double-free turned into io_uring page-cache overwrite, PoC released</news:title>
    </news:news>
    <lastmod>2026-05-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260521-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-21</news:publication_date>
      <news:title>Microsoft ships mitigation for YellowKey BitLocker bypass (CVE-2026-45585), no patch yet - PoC published, TPM+PIN required</news:title>
    </news:news>
    <lastmod>2026-05-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260521-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-21</news:publication_date>
      <news:title>SonicWall Gen6 SSL-VPN MFA bypass (CVE-2024-12802) actively exploited - firmware patch alone insufficient, LDAP reconfiguration required</news:title>
    </news:news>
    <lastmod>2026-05-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260521-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-21</news:publication_date>
      <news:title>Drupal ships highly critical PostgreSQL RCE fix across 11.x and 10.x - SA-CORE patches now live, Drupal 7 unaffected</news:title>
    </news:news>
    <lastmod>2026-05-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260521-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-21</news:publication_date>
      <news:title>Webworm Chinese APT adds EchoCreep (Discord C2) and GraphWorm (MS Graph API C2) backdoors, targets European governments</news:title>
    </news:news>
    <lastmod>2026-05-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260521-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-21</news:publication_date>
      <news:title>Ukraine cyber-police identifies 18-year-old Odesa infostealer operator linked to 28,000 stolen accounts and $721K California fraud</news:title>
    </news:news>
    <lastmod>2026-05-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260521-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-21</news:publication_date>
      <news:title>B1ack's Stash dark-web carding marketplace dumps 4.6 million credit-card records for free as 'punishment' for seller misconduct</news:title>
    </news:news>
    <lastmod>2026-05-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260520-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-20</news:publication_date>
      <news:title>TeamPCP claims ~4,000 GitHub internal repos stolen and for sale on Breached forum, GitHub confirms investigation</news:title>
    </news:news>
    <lastmod>2026-05-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260520-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-20</news:publication_date>
      <news:title>Shai-Hulud wave: 600+ npm @antv packages compromised in one hour, GitHub Action 'actions-cool' tag hijack linked</news:title>
    </news:news>
    <lastmod>2026-05-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260520-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-20</news:publication_date>
      <news:title>Nx Console 18.95.0 VS Code extension compromised in 11-minute window - kitty.py persistence and credential theft</news:title>
    </news:news>
    <lastmod>2026-05-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260520-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-20</news:publication_date>
      <news:title>Grafana confirms its GitHub breach started with the TanStack npm supply-chain attack (TeamPCP)</news:title>
    </news:news>
    <lastmod>2026-05-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260520-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-20</news:publication_date>
      <news:title>ChromaDB CVE-2026-45829: unauthenticated RCE via pre-auth model load - 73% of internet-exposed servers vulnerable</news:title>
    </news:news>
    <lastmod>2026-05-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260520-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-20</news:publication_date>
      <news:title>Storm-2949 abuses Microsoft 365 Self-Service Password Reset to hijack accounts, pivot from M365 into Azure production</news:title>
    </news:news>
    <lastmod>2026-05-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260520-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-20</news:publication_date>
      <news:title>Microsoft dismantles Fox Tempest 'malware-signing-as-a-service' that abused Azure Artifact Signing for 1,000+ certificates</news:title>
    </news:news>
    <lastmod>2026-05-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260520-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-20</news:publication_date>
      <news:title>Trapdoor Android ad fraud: 455 apps, 24M downloads, 659M daily bid requests, selective activation via attribution tools</news:title>
    </news:news>
    <lastmod>2026-05-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260520-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-20</news:publication_date>
      <news:title>Drupal shipping highly critical core security update today (May 20, 17:00-21:00 UTC) - PSA-2026-05-18, severity 20/25, unauthenticated</news:title>
    </news:news>
    <lastmod>2026-05-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260520-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-20</news:publication_date>
      <news:title>SEPPmail Secure Email Gateway RCE chain allows attacker to read all mail traffic and persist on the gateway</news:title>
    </news:news>
    <lastmod>2026-05-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260520-011</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-20</news:publication_date>
      <news:title>Huawei VRP router zero-day crashed Luxembourg's entire telecom network for 3+ hours (July 2025, disclosed now)</news:title>
    </news:news>
    <lastmod>2026-05-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260519-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-19</news:publication_date>
      <news:title>CISA contractor leaked AWS GovCloud admin keys and dozens of plaintext passwords on public GitHub</news:title>
    </news:news>
    <lastmod>2026-05-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260519-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-19</news:publication_date>
      <news:title>INTERPOL Operation Ramz disrupts MENA cybercrime: 201 arrests, 53 servers seized, 3,867 victims identified</news:title>
    </news:news>
    <lastmod>2026-05-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260519-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-19</news:publication_date>
      <news:title>Leaked Shai-Hulud worm source code reused in four malicious npm packages, one adds Phantom Bot DDoS</news:title>
    </news:news>
    <lastmod>2026-05-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260519-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-19</news:publication_date>
      <news:title>DirtyDecrypt Linux kernel root escalation PoC released - rxgk pagecache write affects Fedora, Arch, openSUSE Tumbleweed</news:title>
    </news:news>
    <lastmod>2026-05-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260519-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-19</news:publication_date>
      <news:title>SHub Reaper macOS infostealer spoofs Apple, Google, and Microsoft in one chain - backdoor, wallet hijack, document theft</news:title>
    </news:news>
    <lastmod>2026-05-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260519-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-19</news:publication_date>
      <news:title>ShinyHunters drains 7-Eleven's Salesforce: 600K+ records, franchisee documents, ransom refused</news:title>
    </news:news>
    <lastmod>2026-05-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260519-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-19</news:publication_date>
      <news:title>Iran-linked hackers breached US gas station fuel-tank gauges - online ATG systems with no password protection</news:title>
    </news:news>
    <lastmod>2026-05-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260519-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-19</news:publication_date>
      <news:title>OpenClaw 'Claw Chain': four sandbox-escape and priv-esc flaws on ~180K public AI agent instances (patched 2026.4.22)</news:title>
    </news:news>
    <lastmod>2026-05-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260519-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-19</news:publication_date>
      <news:title>Critical patches from Ivanti, Fortinet, SAP, VMware Fusion, and n8n - RCE, SQL injection, prototype pollution</news:title>
    </news:news>
    <lastmod>2026-05-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260519-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-19</news:publication_date>
      <news:title>Public Amazon S3 bucket leaks 1M+ passports, IDs, and selfies from Japanese hotel check-in platform Tabiq</news:title>
    </news:news>
    <lastmod>2026-05-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260519-011</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-19</news:publication_date>
      <news:title>Colombian fintech Addi confirms 34.5M-account breach after ShinyHunters published credit and ID data</news:title>
    </news:news>
    <lastmod>2026-05-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260518-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-18</news:publication_date>
      <news:title>MiniPlasma Windows zero-day: working PoC gives SYSTEM on fully patched Windows 11 via cldflt.sys driver</news:title>
    </news:news>
    <lastmod>2026-05-18</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260518-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-18</news:publication_date>
      <news:title>NGINX 'Rift' heap overflow CVE-2026-42945 now seeing exploitation attempts in VulnCheck honeypots</news:title>
    </news:news>
    <lastmod>2026-05-18</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260518-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-18</news:publication_date>
      <news:title>Tycoon2FA pivots to OAuth device-code phishing - lures Microsoft 365 users to legitimate microsoft.com/devicelogin</news:title>
    </news:news>
    <lastmod>2026-05-18</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260518-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-18</news:publication_date>
      <news:title>openDCIM RCE chain weaponized in the wild - Chinese attacker uses AI vuln scanner Vulnhuntr to drop PHP web shells</news:title>
    </news:news>
    <lastmod>2026-05-18</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260517-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-17</news:publication_date>
      <news:title>Grafana GitHub breach: codebase stolen, CoinbaseCartel extortion attempt refused</news:title>
    </news:news>
    <lastmod>2026-05-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260517-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-17</news:publication_date>
      <news:title>Microsoft reverses course on Edge: saved passwords will no longer load into memory at startup</news:title>
    </news:news>
    <lastmod>2026-05-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260517-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-17</news:publication_date>
      <news:title>Azure Backup for AKS lets low-privileged Backup Contributors gain cluster-admin, Microsoft blocked CVE (VU#284781)</news:title>
    </news:news>
    <lastmod>2026-05-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260517-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-17</news:publication_date>
      <news:title>Pwn2Own Berlin Day 3: DEVCORE wins Master of Pwn ($505K), SharePoint falls in 2-bug chain, $1.298M total</news:title>
    </news:news>
    <lastmod>2026-05-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260516-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-16</news:publication_date>
      <news:title>Microsoft Exchange OWA zero-day actively exploited via crafted email, no patch yet (CVE-2026-42897)</news:title>
    </news:news>
    <lastmod>2026-05-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260516-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-16</news:publication_date>
      <news:title>Pwn2Own Berlin Day 2: Microsoft Exchange falls to Orange Tsai's $200K chain, event total tops $908K</news:title>
    </news:news>
    <lastmod>2026-05-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260516-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-16</news:publication_date>
      <news:title>Russian FSB actor Turla rebuilds Kazuar backdoor as a modular peer-to-peer botnet</news:title>
    </news:news>
    <lastmod>2026-05-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260516-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-16</news:publication_date>
      <news:title>THORChain drained for ~$10.8M in coordinated multi-chain exploit across BTC, ETH, BNB Chain, and Base</news:title>
    </news:news>
    <lastmod>2026-05-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260516-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-16</news:publication_date>
      <news:title>node-ipc npm package (822K weekly downloads) compromised via expired-domain takeover, three malicious versions published</news:title>
    </news:news>
    <lastmod>2026-05-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260516-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-16</news:publication_date>
      <news:title>Three WordPress plugins under active exploitation: Funnel Builder, Avada Builder, and Burst Statistics (1.2M+ sites at risk)</news:title>
    </news:news>
    <lastmod>2026-05-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260516-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-16</news:publication_date>
      <news:title>REMUS infostealer profiled - 64-bit Lumma successor with EtherHiding C2 and Chromium ABE bypass</news:title>
    </news:news>
    <lastmod>2026-05-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260515-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-15</news:publication_date>
      <news:title>Second maximum-severity Cisco Catalyst SD-WAN auth bypass exploited as a zero-day by sophisticated UAT-8616 actor - CISA gives federal agencies until May 17 to patch (CVE-2026-20182)</news:title>
    </news:news>
    <lastmod>2026-05-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260515-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-15</news:publication_date>
      <news:title>Critical 'Dead.Letter' use-after-free in Exim mail server enables unauthenticated remote code execution over TLS - GnuTLS builds only (CVE-2026-45185)</news:title>
    </news:news>
    <lastmod>2026-05-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260515-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-15</news:publication_date>
      <news:title>Pwn2Own Berlin Day 1: $523,000 paid for 24 zero-days - Microsoft Edge sandbox escape, three Windows 11 privilege escalations, Red Hat root, and LiteLLM, OpenAI Codex, and NVIDIA software all fall</news:title>
    </news:news>
    <lastmod>2026-05-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260515-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-15</news:publication_date>
      <news:title>TeamPCP Shai-Hulud aftermath: OpenAI rotates macOS code-signing certificates after employee devices breached, TeamPCP advertises 450 Mistral AI source repositories for $25K</news:title>
    </news:news>
    <lastmod>2026-05-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260515-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-15</news:publication_date>
      <news:title>Belarus-aligned FrostyNeighbor (Ghostwriter) running a new geofenced PDF phishing campaign against Ukrainian government - Ukrainian IPs get malware, everyone else gets a clean PDF</news:title>
    </news:news>
    <lastmod>2026-05-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260515-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-15</news:publication_date>
      <news:title>Iran-linked MuddyWater (Seedworm) spent a week inside a major South Korean electronics maker - DLL sideloading off Fortemedia audio and SentinelOne binaries, ChromElevator credential theft</news:title>
    </news:news>
    <lastmod>2026-05-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260515-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-15</news:publication_date>
      <news:title>Initial access broker KongTuke pivots from web lures to Microsoft Teams - impersonates IT help desk, drops ModeloRAT in five minutes</news:title>
    </news:news>
    <lastmod>2026-05-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260515-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-15</news:publication_date>
      <news:title>PraisonAI multi-agent framework hit by internet scanners 3 hours 44 minutes after auth-bypass advisory landed (CVE-2026-44338) - 7,100-star AI project shipped 'AUTH_ENABLED = False' by default</news:title>
    </news:news>
    <lastmod>2026-05-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260515-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-15</news:publication_date>
      <news:title>West Pharmaceutical Services hit by ransomware - $3B injectable-packaging supplier disclosed data theft and encryption in SEC 8-K, global shipping and manufacturing disrupted</news:title>
    </news:news>
    <lastmod>2026-05-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260515-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-15</news:publication_date>
      <news:title>Broadcom patches macOS local privilege escalation in VMware Fusion - SETUID TOCTOU lets unprivileged users get root on the host (CVE-2026-41702)</news:title>
    </news:news>
    <lastmod>2026-05-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260514-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-14</news:publication_date>
      <news:title>NGINX Rift: 18-year-old heap overflow in the rewrite module lets anyone on the internet crash or take over an NGINX server (CVE-2026-42945)</news:title>
    </news:news>
    <lastmod>2026-05-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260514-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-14</news:publication_date>
      <news:title>Unpatched Windows BitLocker bypass and SYSTEM elevation PoCs dropped on GitHub by a disgruntled researcher - YellowKey and GreenPlasma hit Windows 11 and Server 2022/2025</news:title>
    </news:news>
    <lastmod>2026-05-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260514-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-14</news:publication_date>
      <news:title>Third Linux kernel root exploit in three weeks - 'Fragnesia' rides the same ESP-in-TCP code path as Dirty Frag and ships with a public proof-of-concept (CVE-2026-46300)</news:title>
    </news:news>
    <lastmod>2026-05-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260514-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-14</news:publication_date>
      <news:title>China-linked FamousSparrow spent three months breaking back into an Azerbaijani oil and gas company through the same Microsoft Exchange flaw - first known China APT hit on South Caucasus energy</news:title>
    </news:news>
    <lastmod>2026-05-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260514-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-14</news:publication_date>
      <news:title>GemStuffer campaign turned RubyGems into a clandestine data drop - 150+ malicious gems hid scraped UK council portal pages inside Ruby packages</news:title>
    </news:news>
    <lastmod>2026-05-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260514-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-14</news:publication_date>
      <news:title>One unpatched Quest KACE box at a Boston MSP exposed 60+ named client organizations - law enforcement, schools, healthcare, and government on one MariaDB dump (CVE-2025-32975)</news:title>
    </news:news>
    <lastmod>2026-05-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260514-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-14</news:publication_date>
      <news:title>Backend of 'The Gentlemen' ransomware operation leaked - 9 named operators, ransom chat transcripts, and chain-victimization tactics now public</news:title>
    </news:news>
    <lastmod>2026-05-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260514-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-14</news:publication_date>
      <news:title>BWH Hotels (Best Western's parent) had attackers in its reservation system for over six months - guests' contact details and stay records exposed across Best Western, WorldHotels, and SureStay brands</news:title>
    </news:news>
    <lastmod>2026-05-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260514-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-14</news:publication_date>
      <news:title>Skoda Auto's German online shop breached via e-commerce software flaw - customer names, addresses, phones, and password hashes exposed; server logs cannot confirm full exfiltration</news:title>
    </news:news>
    <lastmod>2026-05-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260514-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-14</news:publication_date>
      <news:title>Telehealth aggregator OpenLoop Health confirms 716,000 patient records stolen in a 24-hour intrusion in January - downstream consumer brands still unnamed</news:title>
    </news:news>
    <lastmod>2026-05-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260514-011</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-14</news:publication_date>
      <news:title>Have I Been Pwned confirms two more ShinyHunters Salesforce extortion victims this week - financial-software firm Abrigo (711K) and insurer Canada Life (237K)</news:title>
    </news:news>
    <lastmod>2026-05-14</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260513-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-13</news:publication_date>
      <news:title>Microsoft's May 2026 Patch Tuesday fixes 120 flaws and no zero-days for the first time since June 2024 - but a Word preview-pane bug and DNS Client RCE stand out as the priorities</news:title>
    </news:news>
    <lastmod>2026-05-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260513-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-13</news:publication_date>
      <news:title>Fortinet patches critical unauthenticated RCE flaws in FortiSandbox and FortiAuthenticator - identity and threat-detection products that protect everything else (CVE-2026-26083, CVE-2026-44277)</news:title>
    </news:news>
    <lastmod>2026-05-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260513-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-13</news:publication_date>
      <news:title>SAP patches two critical CVSS 9.6 flaws in Commerce Cloud and S/4HANA - the ERP and e-commerce platforms behind most large retailers and global enterprises (CVE-2026-34263, CVE-2026-34260)</news:title>
    </news:news>
    <lastmod>2026-05-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260513-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-13</news:publication_date>
      <news:title>TeamPCP supply-chain worm 'Mini Shai-Hulud' hits TanStack, Mistral AI, UiPath, OpenSearch, and Guardrails AI - 170 packages, 401 malicious versions, 518 million weekly downloads (CVE-2026-45321)</news:title>
    </news:news>
    <lastmod>2026-05-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260513-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-13</news:publication_date>
      <news:title>Foxconn confirms cyberattack on North American factories - Nitrogen ransomware crew claims 8 TB stolen including Apple, Intel, Google, Dell, and Nvidia project files</news:title>
    </news:news>
    <lastmod>2026-05-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260513-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-13</news:publication_date>
      <news:title>Instructure paid ShinyHunters' ransom to stop the 3.65TB Canvas data leak, and the US Congress launched an inquiry the same day</news:title>
    </news:news>
    <lastmod>2026-05-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260512-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-12</news:publication_date>
      <news:title>Checkmarx Jenkins AST plugin backdoored by TeamPCP - third Checkmarx supply chain hit since late March</news:title>
    </news:news>
    <lastmod>2026-05-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260512-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-12</news:publication_date>
      <news:title>Google says hackers used AI to build first known zero-day for 2FA bypass in unnamed web admin tool</news:title>
    </news:news>
    <lastmod>2026-05-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260512-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-12</news:publication_date>
      <news:title>Identity governance vendor SailPoint discloses GitHub repository breach - third-party app flaw to blame</news:title>
    </news:news>
    <lastmod>2026-05-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260512-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-12</news:publication_date>
      <news:title>UK water company hit by Cl0p had hackers hidden in its network for nearly 2 years - ICO fines South Staffordshire Water 964K</news:title>
    </news:news>
    <lastmod>2026-05-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260512-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-12</news:publication_date>
      <news:title>Instructure confirms ShinyHunters used Canvas XSS flaws to deface school login portals and pressure ransom</news:title>
    </news:news>
    <lastmod>2026-05-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260512-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-12</news:publication_date>
      <news:title>TrickMo Android banker hides command-and-control inside Telegram's TON blockchain network to dodge takedowns</news:title>
    </news:news>
    <lastmod>2026-05-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260512-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-12</news:publication_date>
      <news:title>GhostLock proof-of-concept abuses Windows file-sharing API to disrupt file access without encryption</news:title>
    </news:news>
    <lastmod>2026-05-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260512-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-12</news:publication_date>
      <news:title>Mr_Rot13 actor exploits cPanel CVE-2026-41940 to deploy cross-platform 'Filemanager' backdoor</news:title>
    </news:news>
    <lastmod>2026-05-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260511-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-11</news:publication_date>
      <news:title>Critical Ollama flaw lets unauthenticated attackers read server memory - 300,000 instances exposed (CVE-2026-7482)</news:title>
    </news:news>
    <lastmod>2026-05-11</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260511-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-11</news:publication_date>
      <news:title>Mac malware campaign uses Google ads and 'Apple Support' Claude.ai chats to install infostealer</news:title>
    </news:news>
    <lastmod>2026-05-11</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260511-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-11</news:publication_date>
      <news:title>Zara confirmed in ShinyHunters Anodot fallout - 197,000 customer support records leaked</news:title>
    </news:news>
    <lastmod>2026-05-11</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260511-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-11</news:publication_date>
      <news:title>AI merchant data platform Woflow leaked - 447,000 records exposed in ShinyHunters extortion</news:title>
    </news:news>
    <lastmod>2026-05-11</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260510-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-09</news:publication_date>
      <news:title>Hackers replaced installers on the official JDownloader website with a Windows remote access trojan - third 'trusted software website hijack' in a month</news:title>
    </news:news>
    <lastmod>2026-05-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260510-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-09</news:publication_date>
      <news:title>A fake OpenAI repository on Hugging Face reached the trending #1 spot before getting caught - 244,000 downloads delivered an infostealer that grabs browser passwords, crypto wallets, and Discord tokens</news:title>
    </news:news>
    <lastmod>2026-05-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260510-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-09</news:publication_date>
      <news:title>AI evaluation startup Braintrust got hacked - and is asking every customer to rotate their AI provider API keys because the breached AWS account stored them all in one place</news:title>
    </news:news>
    <lastmod>2026-05-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260510-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-09</news:publication_date>
      <news:title>cPanel patches three new flaws including two that let authenticated users run arbitrary Perl code on the server - on top of the active 'Sorry' ransomware wave still hitting unpatched systems</news:title>
    </news:news>
    <lastmod>2026-05-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260508-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-08</news:publication_date>
      <news:title>Brand-new Linux 'Dirty Frag' bug lets any local user become root on every major distribution - PoC exploit is public, no patches yet</news:title>
    </news:news>
    <lastmod>2026-05-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260508-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-08</news:publication_date>
      <news:title>ShinyHunters is now extorting individual schools using stolen Canvas data - thousands of K-12 districts and universities receiving direct ransom demands</news:title>
    </news:news>
    <lastmod>2026-05-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260509-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-08</news:publication_date>
      <news:title>RansomHouse claims the Trellix breach and posts screenshots showing it reached internal VMware, Rubrik, and Dell EMC dashboards - far more than the 'small portion of source code' Trellix originally disclosed</news:title>
    </news:news>
    <lastmod>2026-05-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260509-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-08</news:publication_date>
      <news:title>NVIDIA confirms a regional GeForce NOW partner in Armenia got breached - millions of user records exposed but NVIDIA's own systems are intact</news:title>
    </news:news>
    <lastmod>2026-05-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260509-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-08</news:publication_date>
      <news:title>New Linux backdoor 'PamDOORa' silently steals SSH credentials from every user logging into a compromised server - and erases its tracks from the logs</news:title>
    </news:news>
    <lastmod>2026-05-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260509-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-08</news:publication_date>
      <news:title>28 fake apps on Google Play tricked 7.3 million Indian users into paying for fake call logs - charging up to $80 a year for fabricated data</news:title>
    </news:news>
    <lastmod>2026-05-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260509-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-08</news:publication_date>
      <news:title>Two pro-Ukraine hacker groups appear to be teaming up to attack Russian companies - sharing servers and tools across phishing and espionage operations</news:title>
    </news:news>
    <lastmod>2026-05-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260510-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-08</news:publication_date>
      <news:title>New 'TCLBanker' Android malware spreads itself by hijacking WhatsApp and Outlook to message every contact in the victim's address book</news:title>
    </news:news>
    <lastmod>2026-05-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260508-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-07</news:publication_date>
      <news:title>Ivanti EPMM zero-day actively exploited - attackers are getting admin-level RCE on mobile device management servers (CVE-2026-6973)</news:title>
    </news:news>
    <lastmod>2026-05-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260508-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-07</news:publication_date>
      <news:title>New 'PCPJack' worm hunts down and removes competing malware before stealing cloud credentials - exploits five different vulnerabilities to spread</news:title>
    </news:news>
    <lastmod>2026-05-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260508-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-07</news:publication_date>
      <news:title>Fake Claude AI website is delivering a brand-new Windows malware called 'Beagle' to people searching for the chatbot</news:title>
    </news:news>
    <lastmod>2026-05-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260508-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-07</news:publication_date>
      <news:title>Polish intelligence says hackers attacked control systems at Polish water treatment plants</news:title>
    </news:news>
    <lastmod>2026-05-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260506-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-06</news:publication_date>
      <news:title>North Korean hackers built a fake Korean game platform to spread Android spyware targeting ethnic Koreans living in China</news:title>
    </news:news>
    <lastmod>2026-05-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260507-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-06</news:publication_date>
      <news:title>Palo Alto Networks firewalls have a critical hole that lets attackers run code as root - hackers are already using it, no patch until May 13 (CVE-2026-0300)</news:title>
    </news:news>
    <lastmod>2026-05-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260507-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-06</news:publication_date>
      <news:title>vm2, the Node.js sandbox library used by 1.3 million projects to run untrusted code, just got hit with a dozen new bugs that let attackers escape the sandbox</news:title>
    </news:news>
    <lastmod>2026-05-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260507-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-06</news:publication_date>
      <news:title>Iranian hackers used Microsoft Teams chat to social-engineer victims, then dressed up their espionage as a Chaos ransomware attack to throw off blame</news:title>
    </news:news>
    <lastmod>2026-05-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260507-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-06</news:publication_date>
      <news:title>Hackers bought Google ads pointing to a fake GoDaddy WordPress login page - any site manager who clicked saw their credentials stolen</news:title>
    </news:news>
    <lastmod>2026-05-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260507-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-06</news:publication_date>
      <news:title>Cisco network management products have a flaw that lets attackers crash them remotely - victims need to manually reboot the device to recover (CVE-2026-20188)</news:title>
    </news:news>
    <lastmod>2026-05-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260506-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-05</news:publication_date>
      <news:title>Chinese hackers slipped a backdoor into the official DAEMON Tools installer for a month - thousands of computers in 100+ countries running tainted software signed with the real developer certificate</news:title>
    </news:news>
    <lastmod>2026-05-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260506-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-05</news:publication_date>
      <news:title>Apache web server has a critical flaw in HTTP/2 that crashes servers and could let attackers run code (CVE-2026-23918)</news:title>
    </news:news>
    <lastmod>2026-05-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260506-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-05</news:publication_date>
      <news:title>New Linux malware called 'Quasar Linux' targets developer laptops to steal credentials for npm, GitHub, AWS, and Docker - barely detected by antivirus</news:title>
    </news:news>
    <lastmod>2026-05-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260505-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-04</news:publication_date>
      <news:title>Critical MOVEit Automation flaw lets attackers take over file-transfer servers without logging in - Cl0p hit MOVEit's sister product in 2023 and stole data from 62 million people (CVE-2026-4670)</news:title>
    </news:news>
    <lastmod>2026-05-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260505-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-04</news:publication_date>
      <news:title>Phishing campaign hit 80+ companies by getting employees to install legitimate remote-access software disguised as a Social Security letter</news:title>
    </news:news>
    <lastmod>2026-05-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260505-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-04</news:publication_date>
      <news:title>China-linked group is sending 1,600 fake tax-audit emails to Indian and Russian companies, then dropping a brand-new backdoor called ABCDoor</news:title>
    </news:news>
    <lastmod>2026-05-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260505-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-04</news:publication_date>
      <news:title>Attackers are using stolen Amazon keys to send convincing phishing emails directly from Amazon's email service - bypassing every spam filter</news:title>
    </news:news>
    <lastmod>2026-05-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260505-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-04</news:publication_date>
      <news:title>cPanel ransomware attackers are now hunting government agencies and the IT companies that manage them</news:title>
    </news:news>
    <lastmod>2026-05-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260506-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-04</news:publication_date>
      <news:title>Microsoft says fake HR compliance emails fooled 35,000 people across 26 countries - phishing kit captured login tokens even with MFA enabled</news:title>
    </news:news>
    <lastmod>2026-05-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260504-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-03</news:publication_date>
      <news:title>Hackers tell schools to pay by Tuesday or 275 million students' messages and IDs go public - Canvas operator Instructure confirms breach</news:title>
    </news:news>
    <lastmod>2026-05-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260504-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-03</news:publication_date>
      <news:title>China-linked spies breached the IBM subsidiary that runs IT for Italian government agencies and critical industries</news:title>
    </news:news>
    <lastmod>2026-05-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260504-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-03</news:publication_date>
      <news:title>Commercial real estate broker Marcus &amp; Millichap data leaked publicly - 1.8 million records including job titles for follow-on phishing</news:title>
    </news:news>
    <lastmod>2026-05-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260504-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-03</news:publication_date>
      <news:title>Scammers used Telegram's built-in mini-apps to impersonate Apple, NVIDIA, and Disney for crypto fraud and Android malware - all running on the same backend</news:title>
    </news:news>
    <lastmod>2026-05-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260502-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-02</news:publication_date>
      <news:title>Cybersecurity firm Trellix says attackers reached part of its source code repository</news:title>
    </news:news>
    <lastmod>2026-05-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260503-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-02</news:publication_date>
      <news:title>Hackers are mass-encrypting websites by exploiting last week's cPanel flaw - 44,000 servers compromised so far in 'Sorry' ransomware attacks</news:title>
    </news:news>
    <lastmod>2026-05-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260503-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-02</news:publication_date>
      <news:title>New 'ConsentFix v3' attack lets criminals take over Microsoft 365 accounts even when MFA and passkeys are turned on</news:title>
    </news:news>
    <lastmod>2026-05-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260503-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-02</news:publication_date>
      <news:title>Mark Cuban-backed business filing service ZenBusiness leaked - 5 million customer records now public after ShinyHunters extortion failed</news:title>
    </news:news>
    <lastmod>2026-05-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260501-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-01</news:publication_date>
      <news:title>Attackers poisoned 60+ Ruby gems and Go modules, then waited for CI pipelines to install them and steal credentials</news:title>
    </news:news>
    <lastmod>2026-05-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260502-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-01</news:publication_date>
      <news:title>Instructure, the company that runs Canvas for schools and universities, says hackers breached its systems</news:title>
    </news:news>
    <lastmod>2026-05-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260502-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-01</news:publication_date>
      <news:title>France arrested a 15-year-old as the suspected hacker behind the French government ID agency breach - 11.7 million records confirmed stolen</news:title>
    </news:news>
    <lastmod>2026-05-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260502-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-01</news:publication_date>
      <news:title>Vietnamese fraudsters used Google's no-code app platform to send Facebook phishing emails that passed every spam check, then sold the stolen accounts back to victims</news:title>
    </news:news>
    <lastmod>2026-05-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260502-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-01</news:publication_date>
      <news:title>Cyber spies are quietly stealing engineering blueprints and GPS data from Russian aviation companies</news:title>
    </news:news>
    <lastmod>2026-05-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260502-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-01</news:publication_date>
      <news:title>China-linked spy group has been quietly breaking into government Exchange servers across Asia and one NATO country since 2024</news:title>
    </news:news>
    <lastmod>2026-05-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260503-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-01</news:publication_date>
      <news:title>Two new cybercrime crews are calling employees, getting their MFA codes by phone, then stealing data from SaaS apps within hours</news:title>
    </news:news>
    <lastmod>2026-05-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260504-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-05-01</news:publication_date>
      <news:title>Google is paying $1.5 million for a Pixel hack and cutting Chrome rewards because AI is finding bugs faster than humans can submit reports</news:title>
    </news:news>
    <lastmod>2026-05-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260501-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-30</news:publication_date>
      <news:title>Anthropic launches 'Claude Security' for enterprises - the first major defensive product designed to keep up with AI-powered exploits that compress the time-to-attack to minutes</news:title>
    </news:news>
    <lastmod>2026-04-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260501-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-30</news:publication_date>
      <news:title>Brazilian anti-DDoS firm Huge Networks was running a Mirai botnet that knocked Brazilian ISPs offline for years - either to drum up business or because someone breached their CEO's SSH keys</news:title>
    </news:news>
    <lastmod>2026-04-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260501-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-30</news:publication_date>
      <news:title>Google patched a critical 'Gemini CLI' bug that let attackers run code on developer machines through CI pipelines (CVSS 10.0)</news:title>
    </news:news>
    <lastmod>2026-04-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260502-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-30</news:publication_date>
      <news:title>The same supply-chain worm that hit SAP packages on Wednesday spread to PyTorch Lightning and Intercom's npm SDK on Thursday</news:title>
    </news:news>
    <lastmod>2026-04-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260503-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-30</news:publication_date>
      <news:title>Hackers are stealing entire truckloads of cargo by phishing freight brokers - $725 million in losses last year alone, FBI warns</news:title>
    </news:news>
    <lastmod>2026-04-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260430-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-29</news:publication_date>
      <news:title>Hackers compromised four official SAP developer packages and used them to steal credentials from any developer who installed an update</news:title>
    </news:news>
    <lastmod>2026-04-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260430-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-29</news:publication_date>
      <news:title>GitHub patched a flaw in March that let any developer take over millions of repos with a single 'git push' - 88% of self-hosted GitHub Enterprise Servers still haven't installed the fix (CVE-2026-3854)</news:title>
    </news:news>
    <lastmod>2026-04-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260430-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-29</news:publication_date>
      <news:title>A WordPress redirect plugin used on 70,000 sites was secretly running a hidden update channel that fetched code from an attacker-controlled server for five years</news:title>
    </news:news>
    <lastmod>2026-04-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260430-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-29</news:publication_date>
      <news:title>North Korean hackers used Claude AI to add malicious npm dependencies to legitimate-looking projects and stole crypto wallet credentials from developers who installed them</news:title>
    </news:news>
    <lastmod>2026-04-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260430-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-29</news:publication_date>
      <news:title>AI security tool finds 38 previously unknown bugs in OpenEMR, the open-source health records system used by 100,000 healthcare providers - two of them rated maximum severity</news:title>
    </news:news>
    <lastmod>2026-04-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260501-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-29</news:publication_date>
      <news:title>9-year-old Linux kernel bug 'Copy Fail' lets any user with shell access become root in seconds - works on every major distribution since 2017 (CVE-2026-31431)</news:title>
    </news:news>
    <lastmod>2026-04-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260501-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-29</news:publication_date>
      <news:title>SonicWall patches three SonicOS firewall flaws after CrowdStrike disclosed them - the worst lets attackers reach the management interface without logging in (CVE-2026-0204)</news:title>
    </news:news>
    <lastmod>2026-04-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260429-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-28</news:publication_date>
      <news:title>Hackers raced to exploit a critical LiteLLM flaw 36 hours after disclosure - any attacker who could reach the proxy could read all stored AI API keys (CVE-2026-42208)</news:title>
    </news:news>
    <lastmod>2026-04-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260429-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-28</news:publication_date>
      <news:title>Critical GitHub flaw lets a single 'git push' run code remotely on the server - patched, but most self-hosted GitHub Enterprise instances haven't updated yet (CVE-2026-3854)</news:title>
    </news:news>
    <lastmod>2026-04-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260429-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-28</news:publication_date>
      <news:title>Microsoft confirms a Windows Shell flaw that lets attackers spoof anything in File Explorer is being exploited - patch now (CVE-2026-32202)</news:title>
    </news:news>
    <lastmod>2026-04-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260429-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-28</news:publication_date>
      <news:title>Microsoft patches Entra ID role flaw that let a low-privileged service account impersonate any service principal in your tenant</news:title>
    </news:news>
    <lastmod>2026-04-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260429-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-28</news:publication_date>
      <news:title>Hugging Face's LeRobot robotics framework has an unpatched flaw that lets remote attackers run code with no authentication (CVE-2026-25874)</news:title>
    </news:news>
    <lastmod>2026-04-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260429-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-28</news:publication_date>
      <news:title>Broken VECT 2.0 ransomware is silently destroying any file larger than 131 KB on Windows, Linux, and ESXi - paying the ransom recovers nothing</news:title>
    </news:news>
    <lastmod>2026-04-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260429-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-28</news:publication_date>
      <news:title>Vimeo confirms user data was exposed via breach at analytics provider Anodot</news:title>
    </news:news>
    <lastmod>2026-04-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260430-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-28</news:publication_date>
      <news:title>All cPanel and WHM versions had a critical authentication bypass that attackers may have been exploiting since February - emergency patches now released (CVE-2026-41940)</news:title>
    </news:news>
    <lastmod>2026-04-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260430-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-28</news:publication_date>
      <news:title>North Korean hackers are recording fake Zoom meetings with real crypto executives, then using the footage and AI-generated lookalikes to scam the next target</news:title>
    </news:news>
    <lastmod>2026-04-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260428-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-27</news:publication_date>
      <news:title>Pitney Bowes customer and employee data leaked publicly - 8.2 million email addresses plus internal records with employee job titles</news:title>
    </news:news>
    <lastmod>2026-04-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260428-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-27</news:publication_date>
      <news:title>Pro-Ukrainian hackers chain three TrueConf bugs to deploy web shells and create rogue admin accounts in Russian networks (CVE chain patched August 2025)</news:title>
    </news:news>
    <lastmod>2026-04-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260428-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-27</news:publication_date>
      <news:title>Telecom fraud campaign uses fake CAPTCHAs to trick people into sending SMS to premium-rate numbers in 17 countries - 50+ international charges per victim</news:title>
    </news:news>
    <lastmod>2026-04-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260428-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-27</news:publication_date>
      <news:title>Italy extradites Chinese national accused of running spear-phishing operation against US Covid researchers - first such extradition from Europe to US</news:title>
    </news:news>
    <lastmod>2026-04-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260428-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-27</news:publication_date>
      <news:title>ADT customer breach details now public on Have I Been Pwned - 5.5 million records confirmed, more than the 10 million ShinyHunters originally claimed but with worse data</news:title>
    </news:news>
    <lastmod>2026-04-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260427-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-26</news:publication_date>
      <news:title>Udemy customer and instructor data leaked publicly after ShinyHunters' extortion deadline expires - 1.4 million records including PayPal payout details</news:title>
    </news:news>
    <lastmod>2026-04-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260427-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-26</news:publication_date>
      <news:title>Litecoin's privacy layer was attacked using a vulnerability that had been patched in private 37 days earlier - cross-chain swaps lost ~$600,000</news:title>
    </news:news>
    <lastmod>2026-04-26</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260426-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-25</news:publication_date>
      <news:title>Russia behind Signal phishing campaign that compromised Bundestag President Julia Klöckner - 300+ German officials affected</news:title>
    </news:news>
    <lastmod>2026-04-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260426-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-25</news:publication_date>
      <news:title>Researchers find 20-year-old malware that secretly faked engineering math results</news:title>
    </news:news>
    <lastmod>2026-04-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260427-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-25</news:publication_date>
      <news:title>Attackers planted 73 fake VS Code extensions on Open VSX as 'sleepers' that pretended to be popular tools, then quietly turned malicious</news:title>
    </news:news>
    <lastmod>2026-04-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260427-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-25</news:publication_date>
      <news:title>Two Windows Defender zero-days that disable the antivirus are still unpatched two weeks after researcher leaked them - attackers now chaining them with custom malware</news:title>
    </news:news>
    <lastmod>2026-04-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260428-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-25</news:publication_date>
      <news:title>Checkmarx confirms its source code, employee database, and cloud credentials were posted on the dark web after the March supply-chain attack</news:title>
    </news:news>
    <lastmod>2026-04-25</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260425-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>ADT confirms breach after ShinyHunters claims 10 million records stolen via vishing-compromised Okta SSO and Salesforce exfil</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260425-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>CISA adds four more flaws to KEV - SimpleHelp authorization bypass (CVSS 9.9), Samsung MagicINFO, and the D-Link DIR-823X bug already powering fresh Mirai botnets</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260425-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>Over 10,500 Zimbra servers still vulnerable to actively-exploited XSS as CISA gives federal agencies just three days to patch (CVE-2025-48700)</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260425-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>LMDeploy LLM-serving SSRF (CVE-2026-33626) exploited within 13 hours of disclosure - attackers used the vision-language image loader as a generic port-scanner against AWS metadata, Redis, and MySQL</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260425-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>New extortion group 'BlackFile' running seven-figure ransom campaigns against retail and hospitality via vishing-driven SSO compromise and Salesforce/SharePoint scraping</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260425-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>Lazarus 'Mach-O Man' macOS malware kit hitting fintech and crypto execs through fake Telegram meeting invites and ClickFix terminal commands</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260425-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>Kaspersky finds 26 'FakeWallet' apps on Apple's App Store impersonating MetaMask, Coinbase, Trust Wallet, and Ledger to steal crypto seed phrases</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260425-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>Tropic Trooper ditches Cobalt Strike for AdaptixC2 - new campaign against Taiwan, South Korea, and Japan uses trojanized SumatraPDF, GitHub C2, and VS Code tunnels for remote access</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260425-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>NASA OIG details how Chinese national Song Wu spear-phished aerospace software from NASA, Air Force, Navy, FAA, universities, and private firms over four years by impersonating colleagues</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260426-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>Iran operating like a criminal actor, ex-NSA director says - opportunistic credentials and amplification, not novel exploits</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260427-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>New 'PhantomRPC' bug lets any low-privileged Windows process become SYSTEM - all Windows versions affected, no patch from Microsoft</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260427-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>Federal patch deadline for 13-year-old Apache ActiveMQ flaw is Wednesday - 7,500+ servers still exposed online (CVE-2026-34197)</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260428-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>US utility tech giant Itron breached - hackers reached internal IT systems but no impact on the 112 million customer endpoints it manages</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260428-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-24</news:publication_date>
      <news:title>Medtronic confirms breach after ShinyHunters claims theft of 9 million records and terabytes of internal data</news:title>
    </news:news>
    <lastmod>2026-04-24</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260424-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-23</news:publication_date>
      <news:title>CISA and UK NCSC warn 'FIRESTARTER' backdoor survives Cisco ASA/Firepower patches - US agency compromised, hardware replacement recommended</news:title>
    </news:news>
    <lastmod>2026-04-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260424-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-23</news:publication_date>
      <news:title>Carnival confirms 7.5 million Holland America Mariner Society loyalty records leaked after ShinyHunters refused extortion deadline</news:title>
    </news:news>
    <lastmod>2026-04-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260424-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-23</news:publication_date>
      <news:title>CISA adds actively-exploited Microsoft Defender 'BlueHammer' flaw to KEV as two sibling zero-days (RedSun, UnDefend) remain unpatched (CVE-2026-33825)</news:title>
    </news:news>
    <lastmod>2026-04-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260424-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-23</news:publication_date>
      <news:title>Attackers actively exploiting critical unauthenticated file upload flaw in Breeze Cache WordPress plugin on 400,000 sites (CVE-2026-3844)</news:title>
    </news:news>
    <lastmod>2026-04-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260424-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-23</news:publication_date>
      <news:title>'Shai-Hulud: The Third Coming' worm pivots from Checkmarx KICS compromise into Bitwarden CLI, stealing SSH keys, cloud secrets, and MCP configs for AI coding tools</news:title>
    </news:news>
    <lastmod>2026-04-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260424-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-23</news:publication_date>
      <news:title>Lovable 'vibe coding' platform exposed source code, Supabase credentials, and AI chat history for 76 days via missing ownership check in API</news:title>
    </news:news>
    <lastmod>2026-04-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260424-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-23</news:publication_date>
      <news:title>Vercel expands Context.ai breach scope - additional accounts compromised, and some predate the April incident entirely</news:title>
    </news:news>
    <lastmod>2026-04-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260424-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-23</news:publication_date>
      <news:title>Dutch cosmetics giant Rituals discloses 'My Rituals' membership database breach</news:title>
    </news:news>
    <lastmod>2026-04-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260426-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-23</news:publication_date>
      <news:title>Citizens Bank and Frost Bank breached via third-party vendor - Everest ransomware claims 3.4M and 250K records, deadline expires today</news:title>
    </news:news>
    <lastmod>2026-04-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260426-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-23</news:publication_date>
      <news:title>Trigona ransomware operators ship a custom command-line data-theft tool to speed exfil and reduce dwell time</news:title>
    </news:news>
    <lastmod>2026-04-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260426-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-23</news:publication_date>
      <news:title>New Linux variant of GoGra backdoor uses Microsoft Graph API for stealth C2 - blends in with legitimate Office 365 traffic</news:title>
    </news:news>
    <lastmod>2026-04-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260427-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-23</news:publication_date>
      <news:title>China-linked spies named 'GopherWhisper' targeted Mongolian government using Slack, Discord, and Outlook drafts as their command channel</news:title>
    </news:news>
    <lastmod>2026-04-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260423-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>Microsoft ships emergency out-of-band patch for critical ASP.NET Core authentication cookie forgery flaw (CVE-2026-40372)</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260423-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>Apple pushes emergency iOS patch for notification-storage flaw that let the FBI recover deleted Signal messages (CVE-2026-28950)</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260423-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>Over 1,300 SharePoint servers still exposed to ongoing spoofing attacks a week after Microsoft's patch (CVE-2026-32201)</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260423-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>Cohere's Terrarium AI code sandbox has a root-level escape with no patch coming (CVE-2026-5752, CVSS 9.3)</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260423-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>Vercel breach root cause revealed: Lumma Stealer on a Context.ai employee's laptop, delivered via Roblox auto-farm scripts</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260423-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>Self-propagating npm worm hits Namastex Labs packages, steals secrets across npm, PyPI, and crypto wallets</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260423-009</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>Lotus Wiper destroys Venezuelan energy and utility systems in apparent state-sponsored attack</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260423-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>Chinese APT Mustang Panda's new LOTUSLITE variant hits Indian banks and South Korean policy circles via CHM lures</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260423-011</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>Mirai botnet exploits a year-old D-Link PoC to build fresh botnets on discontinued routers (CVE-2025-29635)</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260423-012</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>Kyber ransomware experiments with post-quantum encryption across Windows and VMware ESXi</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260424-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>Mandiant outs UNC6692 running IT-helpdesk impersonation over Microsoft Teams to deploy custom SNOW malware suite</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260424-010</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>Cohere's Terrarium AI sandbox breaks out to root on the host with no vendor patch in sight (CVE-2026-5752)</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260425-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-22</news:publication_date>
      <news:title>12-year-old 'Pack2TheRoot' bug in PackageKit gives any local user root on default Ubuntu, Debian, Fedora, and RHEL/Cockpit installs (CVE-2026-41651)</news:title>
    </news:news>
    <lastmod>2026-04-22</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260421-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-21</news:publication_date>
      <news:title>Cisco Catalyst SD-WAN Manager flaw added to CISA KEV with 4-day federal patch deadline - actively exploited (CVE-2026-20133)</news:title>
    </news:news>
    <lastmod>2026-04-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260421-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-21</news:publication_date>
      <news:title>6,400 exposed Apache ActiveMQ servers still vulnerable to actively exploited CVE-2026-34197 - ShadowServer data shows Asia most impacted</news:title>
    </news:news>
    <lastmod>2026-04-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260421-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-21</news:publication_date>
      <news:title>Microsoft warns of external Teams chats abused for helpdesk impersonation - 9-stage attack chain uses Quick Assist and Rclone for data theft</news:title>
    </news:news>
    <lastmod>2026-04-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260422-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-21</news:publication_date>
      <news:title>French govt identity documents agency ANTS confirms breach - hacker claims 19 million citizen records for sale</news:title>
    </news:news>
    <lastmod>2026-04-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260422-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-21</news:publication_date>
      <news:title>The Gentlemen ransomware operation hiding 1,570+ unreported victims per Check Point C2 analysis - 5x larger than leak site suggests</news:title>
    </news:news>
    <lastmod>2026-04-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260422-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-21</news:publication_date>
      <news:title>Google patches Antigravity IDE prompt injection RCE - and Claude GitHub Actions can be tricked by spoofed Git metadata</news:title>
    </news:news>
    <lastmod>2026-04-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260423-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-21</news:publication_date>
      <news:title>Cisco Catalyst SD-WAN Manager users have until today to patch three actively-exploited flaws as CISA adds eight to the KEV catalog</news:title>
    </news:news>
    <lastmod>2026-04-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260423-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-21</news:publication_date>
      <news:title>BRIDGE:BREAK - 22 new flaws expose ~20,000 internet-facing Lantronix and Silex serial-to-IP converters to full takeover</news:title>
    </news:news>
    <lastmod>2026-04-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260426-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-21</news:publication_date>
      <news:title>Critical unauthenticated path traversal in CrowdStrike LogScale lets remote attackers read any file on the server (CVE-2026-40050, CVSS 9.8)</news:title>
    </news:news>
    <lastmod>2026-04-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260426-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-21</news:publication_date>
      <news:title>Atlassian Bamboo Data Center hit with critical OS command injection (CVE-2026-21571, CVSS 9.4) - patch your CI/CD before someone uses it as a supply-chain pivot</news:title>
    </news:news>
    <lastmod>2026-04-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260426-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-21</news:publication_date>
      <news:title>Anthropic MCP STDIO design flaw exposes 200,000+ AI servers to RCE - 14 CVEs assigned, Anthropic calls it 'expected behavior' (backfill from April 15)</news:title>
    </news:news>
    <lastmod>2026-04-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260427-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-21</news:publication_date>
      <news:title>A small Discord group quietly accessed Anthropic's most powerful AI hacking tool 'Mythos' for two weeks via a contractor account (backfill from April 21)</news:title>
    </news:news>
    <lastmod>2026-04-21</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260420-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-20</news:publication_date>
      <news:title>Microsoft ships emergency out-of-band updates to fix Windows Server reboot loops and install failures caused by April Patch Tuesday</news:title>
    </news:news>
    <lastmod>2026-04-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260426-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-20</news:publication_date>
      <news:title>Mexican cybersecurity firm BePrime breached because admin accounts had no MFA - 12.6 GB leaked including pentest reports, then BePrime threatened journalists who reported it</news:title>
    </news:news>
    <lastmod>2026-04-20</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260420-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-19</news:publication_date>
      <news:title>Vercel confirms breach - attackers got in through Context.ai AI tool's Google Workspace OAuth, stole customer environment variables</news:title>
    </news:news>
    <lastmod>2026-04-19</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260420-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-18</news:publication_date>
      <news:title>Critical protobuf.js RCE hits JavaScript ecosystem - 50M weekly npm downloads, PoC published (GHSA-xq3m-2v4x-88gg)</news:title>
    </news:news>
    <lastmod>2026-04-18</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260417-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-17</news:publication_date>
      <news:title>Microsoft April patches cause reboot loops on Windows Server 2025 and 2022 domain controllers - LSASS crash breaks authentication</news:title>
    </news:news>
    <lastmod>2026-04-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260418-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-17</news:publication_date>
      <news:title>13-year-old Apache ActiveMQ code injection flaw actively exploited - CISA gives federal agencies until April 30 to patch (CVE-2026-34197)</news:title>
    </news:news>
    <lastmod>2026-04-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260418-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-17</news:publication_date>
      <news:title>NIST stops enriching most new CVEs - only KEV-listed and federal-used software will get full NVD data going forward</news:title>
    </news:news>
    <lastmod>2026-04-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260420-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-17</news:publication_date>
      <news:title>Fortinet FortiSandbox unauthenticated RCE (CVE-2026-39808) has public PoC - day-after recovery from April 17</news:title>
    </news:news>
    <lastmod>2026-04-17</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260416-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-16</news:publication_date>
      <news:title>Nginx UI authentication bypass actively exploited - one unauthenticated request gives attackers full server takeover via MCP endpoint (CVE-2026-33032)</news:title>
    </news:news>
    <lastmod>2026-04-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260417-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-16</news:publication_date>
      <news:title>Second Microsoft Defender zero-day PoC released - 'RedSun' grants SYSTEM privileges on fully-patched Windows including this week's April patches</news:title>
    </news:news>
    <lastmod>2026-04-16</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260416-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-15</news:publication_date>
      <news:title>Attacker bought 30+ WordPress plugins on Flippa, planted backdoor in August 2025, activated it 8 months later across hundreds of thousands of sites</news:title>
    </news:news>
    <lastmod>2026-04-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260419-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-15</news:publication_date>
      <news:title>Cisco Webex SSO flaw lets unauthenticated attackers impersonate any user (CVE-2026-20184) - four critical bugs patched this week</news:title>
    </news:news>
    <lastmod>2026-04-15</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260414-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-13</news:publication_date>
      <news:title>Booking.com confirms data breach exposing guest reservation details - phishing wave already targeting travelers</news:title>
    </news:news>
    <lastmod>2026-04-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260414-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-13</news:publication_date>
      <news:title>FBI and Indonesian police dismantle W3LL phishing platform that powered business email compromise attacks worldwide</news:title>
    </news:news>
    <lastmod>2026-04-13</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260413-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-12</news:publication_date>
      <news:title>Adobe releases emergency patch for actively exploited Acrobat Reader zero-day we reported Thursday (CVE-2026-34621)</news:title>
    </news:news>
    <lastmod>2026-04-12</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260411-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-10</news:publication_date>
      <news:title>Smart Slider 3 Pro update system hijacked - backdoored version pushed to 800,000+ WordPress sites via official channel</news:title>
    </news:news>
    <lastmod>2026-04-10</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260412-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-10</news:publication_date>
      <news:title>CPUID website hijacked to serve RAT malware through official CPU-Z and HWMonitor downloads</news:title>
    </news:news>
    <lastmod>2026-04-10</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260410-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-09</news:publication_date>
      <news:title>Unpatched Adobe Reader zero-day exploited since December - malicious PDFs steal data with zero clicks</news:title>
    </news:news>
    <lastmod>2026-04-09</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260409-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-08</news:publication_date>
      <news:title>Ninja Forms WordPress plugin allows unauthenticated file upload leading to remote code execution</news:title>
    </news:news>
    <lastmod>2026-04-08</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260408-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-07</news:publication_date>
      <news:title>Docker Engine authorization bypass lets attackers escape containers and access host credentials (CVE-2026-34040)</news:title>
    </news:news>
    <lastmod>2026-04-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260409-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-07</news:publication_date>
      <news:title>ShinyHunters breach SaaS integrator Anodot, steal auth tokens to raid Snowflake customers - 12+ companies hit</news:title>
    </news:news>
    <lastmod>2026-04-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260409-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-07</news:publication_date>
      <news:title>FBI and CISA warn Iranian hackers are targeting internet-exposed Rockwell PLCs at US water and energy facilities</news:title>
    </news:news>
    <lastmod>2026-04-07</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260408-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-06</news:publication_date>
      <news:title>Unpatched Windows zero-day "BlueHammer" leaked after researcher's dispute with Microsoft - exploit code public, no fix available</news:title>
    </news:news>
    <lastmod>2026-04-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260408-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-06</news:publication_date>
      <news:title>Microsoft exposes Storm-1175 - China-based ransomware group deploying Medusa with zero-day exploits in under 24 hours</news:title>
    </news:news>
    <lastmod>2026-04-06</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260406-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-05</news:publication_date>
      <news:title>Second FortiClient EMS zero-day in two weeks - emergency patch for pre-auth API bypass, actively exploited (CVE-2026-35616)</news:title>
    </news:news>
    <lastmod>2026-04-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260407-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-05</news:publication_date>
      <news:title>766+ Next.js hosts breached in automated React2Shell credential theft campaign (CVE-2025-55182)</news:title>
    </news:news>
    <lastmod>2026-04-05</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260405-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-04</news:publication_date>
      <news:title>Axios npm attack attributed to North Korean hackers UNC1069 - part of broader campaign targeting open-source maintainers</news:title>
    </news:news>
    <lastmod>2026-04-04</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260404-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-03</news:publication_date>
      <news:title>CERT-EU confirms TeamPCP breached European Commission via Trivy - 30 EU entities exposed, 340GB leaked</news:title>
    </news:news>
    <lastmod>2026-04-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260404-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-03</news:publication_date>
      <news:title>Hims &amp; Hers discloses breach after ShinyHunters steal millions of Zendesk support tickets via Okta SSO</news:title>
    </news:news>
    <lastmod>2026-04-03</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260404-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-02</news:publication_date>
      <news:title>Progress ShareFile pre-auth RCE chain disclosed - 30,000 instances exposed, ransomware gangs watching (CVE-2026-2699, CVE-2026-2701)</news:title>
    </news:news>
    <lastmod>2026-04-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260405-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-02</news:publication_date>
      <news:title>Cisco IMC authentication bypass lets unauthenticated attackers take full admin control of servers (CVE-2026-20093)</news:title>
    </news:news>
    <lastmod>2026-04-02</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260402-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-01</news:publication_date>
      <news:title>Google patches fourth Chrome zero-day of 2026 - WebGPU flaw exploited in the wild (CVE-2026-5281)</news:title>
    </news:news>
    <lastmod>2026-04-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260402-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-01</news:publication_date>
      <news:title>Google Drive now auto-detects ransomware and pauses sync - 14x better detection than beta</news:title>
    </news:news>
    <lastmod>2026-04-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260403-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-01</news:publication_date>
      <news:title>NoVoice Android rootkit hid inside 50+ Google Play apps - 2.3 million downloads, survives factory reset</news:title>
    </news:news>
    <lastmod>2026-04-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260403-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-01</news:publication_date>
      <news:title>EvilTokens phishing kit commoditizes Microsoft device code attacks for business email compromise</news:title>
    </news:news>
    <lastmod>2026-04-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260403-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-01</news:publication_date>
      <news:title>Apple breaks policy to push DarkSword patches to millions more iOS 18 iPhones</news:title>
    </news:news>
    <lastmod>2026-04-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260404-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-04-01</news:publication_date>
      <news:title>CrystalRAT malware-as-a-service sells remote access, crypto theft, and keylogging on Telegram</news:title>
    </news:news>
    <lastmod>2026-04-01</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260331-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-31</news:publication_date>
      <news:title>Axios npm package compromised - cross-platform RAT deployed via hijacked maintainer account</news:title>
    </news:news>
    <lastmod>2026-03-31</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260401-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-31</news:publication_date>
      <news:title>Cisco breached through Trivy supply chain attack - source code and AWS keys stolen</news:title>
    </news:news>
    <lastmod>2026-03-31</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260401-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-31</news:publication_date>
      <news:title>CareCloud confirms hackers accessed patient health records in 8-hour breach</news:title>
    </news:news>
    <lastmod>2026-03-31</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260402-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-31</news:publication_date>
      <news:title>Chinese hackers exploited TrueConf video conferencing zero-day to backdoor Southeast Asian governments (CVE-2026-3502)</news:title>
    </news:news>
    <lastmod>2026-03-31</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260331-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-30</news:publication_date>
      <news:title>Fortinet FortiClient EMS SQL injection actively exploited - no authentication required (CVE-2026-21643)</news:title>
    </news:news>
    <lastmod>2026-03-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260331-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-30</news:publication_date>
      <news:title>Citrix NetScaler exploitation confirmed - CISA adds to KEV with April 2 deadline (CVE-2026-3055)</news:title>
    </news:news>
    <lastmod>2026-03-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260331-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-30</news:publication_date>
      <news:title>New Russian CTRL toolkit spreads via fake private key folders - hijacks RDP and steals credentials</news:title>
    </news:news>
    <lastmod>2026-03-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260401-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-30</news:publication_date>
      <news:title>New RoadK1ll implant turns compromised hosts into silent network relays via WebSocket tunneling</news:title>
    </news:news>
    <lastmod>2026-03-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260401-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-30</news:publication_date>
      <news:title>macOS Tahoe 26.4 blocks ClickFix paste attacks in Terminal - update your Mac fleet now</news:title>
    </news:news>
    <lastmod>2026-03-30</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260331-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-29</news:publication_date>
      <news:title>Smart Slider 3 WordPress plugin exposes 800,000+ sites to file theft (CVE-2026-3098)</news:title>
    </news:news>
    <lastmod>2026-03-29</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260329-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-28</news:publication_date>
      <news:title>F5 BIG-IP APM flaw reclassified from DoS to pre-auth RCE - now actively exploited (CVE-2025-53521)</news:title>
    </news:news>
    <lastmod>2026-03-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260329-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-28</news:publication_date>
      <news:title>Citrix NetScaler under active recon - attackers fingerprinting SAML configs before exploitation (CVE-2026-3055)</news:title>
    </news:news>
    <lastmod>2026-03-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260329-007</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-28</news:publication_date>
      <news:title>New Infinity Stealer malware targets macOS through fake Cloudflare CAPTCHA pages</news:title>
    </news:news>
    <lastmod>2026-03-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260331-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-28</news:publication_date>
      <news:title>Russian APT TA446 weaponizes leaked DarkSword exploit kit to target iPhones via spear-phishing</news:title>
    </news:news>
    <lastmod>2026-03-28</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260329-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-27</news:publication_date>
      <news:title>Langflow AI platform RCE exploited within 20 hours of disclosure - no auth required (CVE-2026-33017)</news:title>
    </news:news>
    <lastmod>2026-03-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260329-004</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-27</news:publication_date>
      <news:title>TeamPCP compromises Telnyx Python SDK on PyPI - malware hidden inside sound files</news:title>
    </news:news>
    <lastmod>2026-03-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260329-005</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-27</news:publication_date>
      <news:title>TeamPCP's 9-day supply chain rampage - Trivy to LiteLLM to Checkmarx to Telnyx</news:title>
    </news:news>
    <lastmod>2026-03-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260329-006</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-27</news:publication_date>
      <news:title>European Commission breached through AWS cloud account - 350GB of data reportedly stolen</news:title>
    </news:news>
    <lastmod>2026-03-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260330-002</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-27</news:publication_date>
      <news:title>Fake VS Code security alerts flooding GitHub Discussions to spread malware</news:title>
    </news:news>
    <lastmod>2026-03-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260330-003</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-27</news:publication_date>
      <news:title>TikTok for Business accounts targeted with AITM phishing that bypasses MFA</news:title>
    </news:news>
    <lastmod>2026-03-27</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260329-008</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-23</news:publication_date>
      <news:title>DarkSword iOS exploit kit leaked on GitHub - hundreds of millions of unpatched iPhones at risk (CVE-2026-20700)</news:title>
    </news:news>
    <lastmod>2026-03-23</lastmod>
    <priority>0.9</priority>
  </url>
  <url>
    <loc>https://intel.truststrikelabs.com/article/20260330-001</loc>
    <news:news>
      <news:publication><news:name>TrustStrike Labs</news:name><news:language>en</news:language></news:publication>
      <news:publication_date>2026-03-23</news:publication_date>
      <news:title>Oracle emergency patch for pre-auth RCE in Identity Manager and Web Services Manager (CVE-2026-21992)</news:title>
    </news:news>
    <lastmod>2026-03-23</lastmod>
    <priority>0.9</priority>
  </url>
</urlset>