<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url>
    <loc>https://hackyjs.com/posts/auditing-your-edge-devices-for-the-cves-cisas-july-alert-calls-out</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T00:00:00.000Z</news:publication_date>
      <news:title>Auditing Your Edge Devices for the CVEs CISA’s July Alert Calls Out</news:title>
      <news:keywords>cybersecurity, cisa, edge-devices, cve, patch-management</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/auditing-your-mcp-server-for-internet-exposure-credential-leaks-and-unauthenticated-endpoints</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T00:00:00.000Z</news:publication_date>
      <news:title>Auditing Your MCP Server for Internet Exposure, Credential Leaks, and Unauthenticated Endpoints</news:title>
      <news:keywords>mcp, cybersecurity, llm-security, devsecops</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/auditing-your-npm-pipeline-after-the-jscrambler-compromise</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T00:00:00.000Z</news:publication_date>
      <news:title>Auditing Your npm Pipeline After the jscrambler Compromise</news:title>
      <news:keywords>npm, supply-chain-security, javascript, devsecops</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/beyond-the-hash-behavioral-signals-that-catch-regenerating-malware-in-real-time</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T00:00:00.000Z</news:publication_date>
      <news:title>Beyond the Hash: Behavioral Signals That Catch Regenerating Malware in Real Time</news:title>
      <news:keywords>cybersecurity, malware, behavioral-detection, endpoint-security</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/how-a-wordpress-plugin-flaw-escalates-to-rce-a-practical-look-at-the-attack-chain-and-defense</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T00:00:00.000Z</news:publication_date>
      <news:title>How a WordPress Plugin Flaw Escalates to RCE: A Practical Look at the Attack Chain and Defense</news:title>
      <news:keywords>wordpress, rce, plugin-vulnerability, cybersecurity</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/what-the-turla-sharepoint-exploit-teaches-about-oauth-token-scope-client-side-state-and-blind-trust-in-microsoft-365-apis</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T00:00:00.000Z</news:publication_date>
      <news:title>What the Turla SharePoint Exploit Teaches About OAuth Token Scope, Client-Side State, and Blind Trust in Microsoft 365 APIs</news:title>
      <news:keywords>sharepoint, oauth, microsoft-365, cybersecurity</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/analyzing-the-ai-phishing-kit-used-against-spanish-holiday-bookings-a-developers-field-guide</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-12T00:00:00.000Z</news:publication_date>
      <news:title>Analyzing the AI Phishing Kit Used Against Spanish Holiday Bookings: A Developer’s Field Guide</news:title>
      <news:keywords>cybersecurity, phishing, ai-security, travel-security</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/anatomy-of-the-gitea-docker-image-authentication-bypass-and-how-to-fix-it</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-12T00:00:00.000Z</news:publication_date>
      <news:title>Anatomy of the Gitea Docker Image Authentication Bypass and How to Fix It</news:title>
      <news:keywords>gitea, docker, security, authentication-bypass, vulnerability</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/auditing-npm-integrity-after-the-jscrambler-incident-what-code-signing-misses</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-12T00:00:00.000Z</news:publication_date>
      <news:title>Auditing npm Integrity After the Jscrambler Incident: What Code Signing Misses</news:title>
      <news:keywords>npm, supply-chain-security, code-signing, package-integrity</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/auditing-u-boot-bootloader-fit-images-for-cve-2026-46728-the-signature-flaw-that-undermines-secure-boot-on-embedded-linux</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-12T00:00:00.000Z</news:publication_date>
      <news:title>Auditing U-Boot Bootloader FIT Images for CVE-2026-46728: The Signature Flaw That Undermines Secure Boot on Embedded Linux</news:title>
      <news:keywords>u-boot, embedded-linux, secure-boot, firmware-security, cve-2026-46728</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://hackyjs.com/posts/zimbras-web-client-xss-why-a-reflected-bug-became-a-full-account-takeover</loc>
    <news:news>
      <news:publication>
        <news:name>Hacky JS</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-12T00:00:00.000Z</news:publication_date>
      <news:title>Zimbra&apos;s Web Client XSS: Why a Reflected Bug Became a Full Account Takeover</news:title>
      <news:keywords>zimbra, xss, account-takeover, web-security</news:keywords>
    </news:news>
  </url>
</urlset>
