diff --git a/README-jp.md b/README-jp.md
index 3c58821..2e8e710 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -54,6 +54,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
   - [SQL Injection](#tricks-sql-injection)
   - [NoSQL Injection](#tricks-nosql-injection)
   - [FTP Injection](#tricks-ftp-injection)
+  - [XXE](#tricks-xxe)
   - [SSRF](#tricks-ssrf)
   - [Header Injection](#tricks-header-injection)
   - [URL](#tricks-url)
@@ -305,6 +306,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 - [XML Out-Of-Band Data Retrieval](https://media.blackhat.com/eu-13/briefings/Osipov/bh-eu-13-XML-data-osipov-slides.pdf) - Written by [@a66at](https://twitter.com/a66at) and Alexey Osipov.
 - [XXE OOB exploitation at Java 1.7+](http://lab.onsec.ru/2014/06/xxe-oob-exploitation-at-java-17.html) - Written by [Ivan Novikov](http://lab.onsec.ru/).
 
+<a name="tricks-xxe"></a>
+### XXE
+
+- [Evil XML with two encodings](https://mohemiv.com/all/evil-xml/) - Written by [Arseniy Sharoglazov](https://mohemiv.com/).
+
 <a name="tricks-ssrf"></a>
 ### SSRF
 
diff --git a/README-zh.md b/README-zh.md
index 8085b8e..3b6ca18 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -54,6 +54,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
   - [SQL Injection](#tricks-sql-injection)
   - [NoSQL Injection](#tricks-nosql-injection)
   - [FTP Injection](#tricks-ftp-injection)
+  - [XXE](#tricks-xxe)
   - [SSRF](#tricks-ssrf)
   - [Header Injection](#tricks-header-injection)
   - [URL](#tricks-url)
@@ -331,6 +332,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 - [XML Out-Of-Band Data Retrieval](https://media.blackhat.com/eu-13/briefings/Osipov/bh-eu-13-XML-data-osipov-slides.pdf) - Written by [@a66at](https://twitter.com/a66at) and Alexey Osipov.
 - [XXE OOB exploitation at Java 1.7+](http://lab.onsec.ru/2014/06/xxe-oob-exploitation-at-java-17.html) - Written by [Ivan Novikov](http://lab.onsec.ru/).
 
+<a name="tricks-xxe"></a>
+### XXE
+
+- [Evil XML with two encodings](https://mohemiv.com/all/evil-xml/) - Written by [Arseniy Sharoglazov](https://mohemiv.com/).
+
 <a name="tricks-ssrf"></a>
 ### SSRF
 
diff --git a/README.md b/README.md
index 84ce680..b864d62 100644
--- a/README.md
+++ b/README.md
@@ -54,6 +54,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
   - [SQL Injection](#tricks-sql-injection)
   - [NoSQL Injection](#tricks-nosql-injection)
   - [FTP Injection](#tricks-ftp-injection)
+  - [XXE](#tricks-xxe)
   - [SSRF](#tricks-ssrf)
   - [Header Injection](#tricks-header-injection)
   - [URL](#tricks-url)
@@ -302,6 +303,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 - [XML Out-Of-Band Data Retrieval](https://media.blackhat.com/eu-13/briefings/Osipov/bh-eu-13-XML-data-osipov-slides.pdf) - Written by [@a66at](https://twitter.com/a66at) and Alexey Osipov.
 - [XXE OOB exploitation at Java 1.7+](http://lab.onsec.ru/2014/06/xxe-oob-exploitation-at-java-17.html) - Written by [Ivan Novikov](http://lab.onsec.ru/).
 
+<a name="tricks-xxe"></a>
+### XXE
+
+- [Evil XML with two encodings](https://mohemiv.com/all/evil-xml/) - Written by [Arseniy Sharoglazov](https://mohemiv.com/).
+
 <a name="tricks-ssrf"></a>
 ### SSRF