#chrome

Palo Alto, California, 29th July 2025, CyberNewsWire

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 138.0.3351.109 7/25/2025 138.0.7204.168/.169

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 138.0.3351.109 7/25/2025 138.0.7204.168/.169

New Scavenger Trojan steals crypto wallet data using fake game mods and browser flaws, targeting MetaMask, Exodus, Bitwarden, and other popular apps.

Lower rates for creating unique passwords, buying items from known websites, and using protection software leave iPhone users at risk to online scams.

FBI warns of Interlock ransomware using unique tactics to hit businesses and critical infrastructure with double extortion.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Schneider Electric Equipment: EcoStruxure Power Operation Vulnerabilities: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'), Integer Overflow to Buffer Overflow, Improper Handling of Highly Compressed Data (Data Amplification), Out-of-bounds Write, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in the loss of system functionality or unauthorized access to system functions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following products use an affected version of the PostgreSQL database server: EcoStruxure Power Operation (EPO): 2022 CU6 and prior EcoStruxure Power Operation (EPO): 2024 CU1 and prior 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Directives in Dynamically Evaluated C...

# Summary The Dolibarr backend provides the function of adding Menu, and supports setting permissions for the added Menu:  This is the trigger point of the vulnerability. The submitted permission can be php code, and it will be executed when viewing the created Menu: - htdocs/admin/menus/edit.php  As you can see, in edit.php, if the created menu is set to `$menu->perms`, the `dol_eval()` method will be called. Following the `dol_eval()` method, we can see that it will filter the dangerous php functions in `$menu->perms` through the blacklist set in `$forbiddenphpfunctions`:  However, the blacklist here is not comprehensive. For example, the `include_once` and `require_once` functions can easily pass the bla...

Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don’t depend on zero-days. They work by staying unnoticed—slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious now blends in, thanks to

A list of topics we covered in the week of July 14 to July 20 of 2025