<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url>
    <loc>https://hackyjs.com/posts/auditing-android-17s-one-click-exploit-tap-based-rce-delivery-tricks-and-defenses</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T00:00:00.000Z</news:publication_date>
      <news:title>Auditing Android 17’s One-Click Exploit: Tap-Based RCE, Delivery Tricks, and Defenses</news:title>
      <news:keywords>android-security, rce, exploit-analysis, mobile-security</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/testing-the-gitlost-prompt-injection-extracting-private-repos-through-githubs-copilot-agent</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T00:00:00.000Z</news:publication_date>
      <news:title>Testing the GitLost Prompt Injection: Extracting Private Repos Through GitHub&apos;s Copilot Agent</news:title>
      <news:keywords>github, copilot, prompt-injection, cybersecurity</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/the-claude-desktop-rce-when-ai-agents-trust-untrusted-messages</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T00:00:00.000Z</news:publication_date>
      <news:title>The Claude Desktop RCE: When AI Agents Trust Untrusted Messages</news:title>
      <news:keywords>claude, rce, ai-security, prompt-injection</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/what-cve-2026-55255-reveals-about-trust-boundaries-in-langflow-based-ai-workflows</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T00:00:00.000Z</news:publication_date>
      <news:title>What CVE-2026-55255 Reveals About Trust Boundaries in Langflow-Based AI Workflows</news:title>
      <news:keywords>cve-2026-55255, langflow, ai-security, credential-harvesting, trust-boundaries</news:keywords>
    </news:news>
  </url>
</urlset>
