Threats Affecting Nepal

A South Asian financial institution was targeted with two custom malware components: BRUSHWORM, a modular backdoor, and BRUSHLOGGER, a keylogger. BRUSHWORM features anti-analysis checks, encrypted configuration, scheduled task persistence, modular payload downloading, USB worm propagation, and extensive file theft. BRUSHLOGGER uses DLL side-loading to capture system-wide keystrokes with window context tracking. The malware's low sophistication and implementation flaws suggest an inexperienced author, possibly using AI code-generation tools. Multiple testing versions were discovered on VirusTotal, indicating iterative development. The malware components combine to create a functional collection platform with modular loading, USB propagation, broad file theft, air-gap bridging, and persistent keystroke capture.

MediumMalwareIndiaPakistanBangladesh+2#keylogger#brushworm#brushlogger

A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the brandname parameter.

MediumVulnerabilityIndiaPakistanBangladesh+6#cve#cve-2024-51225

Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum and enginenumber parameters.

MediumVulnerabilityIndiaPakistanBangladesh+6#cve#cve-2024-51224

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter.

MediumVulnerabilityIndiaPakistanBangladesh+7#cve#cve-2024-51223

A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argument Course Short Name leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

MediumVulnerabilityIndiaPakistanBangladesh+6#cve#cve-2026-3402

SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file.

CriticalVulnerabilityIndiaPakistanBangladesh+8#cve#cve-2024-30982

Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings.

MediumVulnerabilityIndiaPakistanBangladesh+4#cve#cve-2024-48293

A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request.

HighVulnerabilityIndiaPakistanBangladesh+7#cve#cve-2024-48279

phpgurukul Vehicle Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchinputdata parameter at /index.php.

MediumVulnerabilityIndiaPakistanBangladesh+7#cve#cve-2024-46531

PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php.

MediumVulnerabilityIndiaBangladeshPakistan+7#cve#cve-2024-46241