Hi,bro Shadow Chaser Group is a sub-group of the GcowSec team which consists of college students who love it.Shadow Chaser Group is focus on #APT hunte and analysis I hope you will follow us :-)

We disclosed another Nginx RCE to F5 two weeks ago, along with a proposed patch, and have not yet received a response. This vulnerability does not rely on any "unusual" configuration (even if it does, that would not make the vulnerability "worthless." The reality is that you never know how people could configure their systems, and most configurations are not published online for anyone to analyze.). Our preliminary analysis suggests a significant number of real-world deployments were affect by this new RCE including dozens of Fortune Global 500 companies. Given the severity and potential reach of the issue, we expected a faster response timeline from nginx. Instead, we've been waiting for two weeks and no response. What would you do in this situation?

2603vvip고객현황.lnk 7f9fe5839a2ffaa627685f673ee5d4ba5a30857c24d4cf141ab408c7a18e3f4a *TaskName : Intel(R) Ethernet2 Connection 1209-LG #APT #Suspicious

wow they pwned nginx

Introducing nginx-poolslip, a fresh RCE for the the latest nginx release 1.31.0. nginx-rift has been patched, but our security agent Vega has found a new 0 day. We will release the full technical writeup with ASLR bypass 30 days after the patch on nebusec.ai.

Yesterday we dropped our latest write-up on a previous Chrome 0-day. Today we got assigned yet another Chrome 0-day: CVE-2026-7899 — along with a $55,000 bounty from Google If you haven’t read yesterday’s blog yet, go check it out down below. It’s a fun one. Now it’s time for us to prepare the next few write-ups. A Chrome RCE and a Linux kernel local privilege escalation. Stay tuned 👀 nebusec.ai/research/v8-magle…

Wrapping up our four V8 bounties from Chrome VRP, we ate the now-historical top $55,000 bounty reward 3 times before Google lowered the reward amount in Chrome VRP. Nebula Security became one of the fastest teams to climb the Chrome VRP ranking ladder and has now reached 15th place in the Chrome VRP all-time rankings. We are now expanding Vega's scanning beyond the Linux kernel and Chrome V8 into a broader range of open-source projects. Stay tuned for more to come.

aaf4ccceca88bb874b8db6c30162c6ce13a3d5bf84fb5a2bcf61270445eef3e9 LNK > VBS > DLL side-loading > #SNOWLIGHT (#VShell Stager) Fisher-Yates shuffling of shellcode with constant seed for rand() C2: dns1.alidoh[.]com h/t @malwrhunterteam

#APT #Sidewinder targeting National Telecom Corporation #NTC 🇵🇰 1 Tracked by @Huntio https://zimbramail-nyatel-com[.]up[.]railway[.]app/login.html?gfjdliotrgojnghgherbegrehureert0e0ee= Ref: x.com/volrant136/status/2048… cc: @500mk500 @MichalKoczwara @malwrhunterteam

#APT #Sidewinder | #New #Variant | Targets #Pakistan Initial Dropper -> WinRAR ADS traversal vulnerabilities (CVE-2025-6218 & CVE-2025-8088) Decoy https://epms[.]ppra[.]gov[.]pk/public/tenders/invoice/TS0000000101E C2: docs.files-windows[.]top/j658K @500mk500 @MichalKoczwara

#DPRK PowerShell RAT 🇰🇵 NovaCX_Agency_Updated_2026047_091100_version_3_2.docx.lnk: 731d96ba17bd5714bba1f4f1dbfa0d1487fe2f54ff20bfdc64d4502538c3d587 http://pozeny[.]shop/mart/res/bb.php bb.php: 0ce1d8a47fc78ac53c0b62bed96b20fa721e3e39115a6248d55100eb01eafff1 h/t @malwrhunterteam

It seems that #APT #Donot also used .ACCDR files for initial access. Executed codes are similar to previous samples. 0ecfdece9402c4f8732a4581baf4a927 3c0f8dc931cdc76c9d101b41c258a4dc mtsspk[.net hxxps://mtsspk[.net/TrDGjfgtxkdl3Pl47enr/

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: dirtyfrag.io

Tomorrow, we’re releasing the full technical walkthrough for CVE-2026-5865, a chrome v8 0-day found by our AI security agent "Vega". More Linux kernel and Chrome 0-day writeups are coming later this month. Stay tuned, and follow our bug list for updates: nebusec.ai/buglist/

One omitted write barrier can turn into RCE in Chrome. Meet CVE-2026-5865, one of the earliest Chrome vulnerabilities discovered by Vega in March. We turned it into an RCE in Chrome, documented the details in our technical walkthrough, link in the comment.

Update_251001 ACM Sakesan Kantha.pdf.lnk 22180919f562fb9f6e50d7f20b2eb3f94eb009c212b74b45cf77659fe8274d5b #APT #Kimsuky

#APT #Bitter ACCDR downloads DLL and uses fsquirt.exe to side-load it -> DLL uses bitsadmin to download EXE -> EXE executes shellcode in a unique way 27f68bcaec9d2085f8804021da8ab70c 0dc4e8723e7860aeaf420cd644c8b1db e25095de50ef896946466f7f5dd47f1a bravojacksonmentor[.com

NovaCX_Agency_Updated_2026047_091100_version_1_8.docx.lnk 6e36060854006f9ed029ab7547f4478f0486ba5256ce9cc9027248882deebdc7 *http[:]//totalmassage.site/heartbeats/res/post_proc.php *http[:]//totalmassage.site/heartbeats/res/bb.php #APT #Suspicious

#APT #Sidewinder targeting #Pakistan 🇵🇰 Tracked by @Huntio https://zimbramail-nayatel[.]leapcell[.]app/login.html?gfjdliotrgojnghgherbegrehureert0e0ee=1 Ref: x.com/volrant136/status/2021… cc: @500mk500 @MichalKoczwara @malwrhunterteam

#APT #Sidewinder targeting #Pakistan🇵🇰 1 Tracked by @Huntio https://zimbra-nyatel-production[.]up[.]railway[.]app/login.html?gfjdliotrgojnghgherbegrehureert0e0ee=1 Ref: x.com/volrant136/status/2032… cc: @500mk500 @MichalKoczwara @malwrhunterteam