Emergency Patches, Ransomware Exposes, and Rising QR Code Scams

Jim Love

Google issues an emergency Chrome patch for an actively exploited zero day Microsoft releases an emergency patch KB56 2170 to fix Windows 11 boot failures. A mysterious leaker called Gang Exposed is doxing major ransomware leaders, and it's called quishing. Taking it to the streets has a whole new meaning. This is cybersecurity today and I'm your host Jim Love. Google released an emergency security update Monday to fix a high severity zero day vulnerability in Chrome that hackers are actively exploiting in the wild. The flaw, traced as CVE2025 5419, is an out of bounds read and write vulnerability in Chrome's V8 JavaScript engine, and it allows attackers to potentially exploit heap corruption through specially crafted HTML pages. Google's Threat Analysis Group discovered the vulnerability on May 27 and implemented initial mitigation the next day. Google is aware that an exploit for CVE 20255419 exists in the wild, was what the company confirmed in its security advisory. This marks the third actively exploited Chrome Zero Day vulnerability patched by Google in 2025, following CVE 20252783 in March and CVE 20254664 in May. The March vulnerability was used in a sophisticated espionage attack targeting Russian government organizations and media outlets. Users should immediately update to Chrome version 137.0.7151.68 for Windows and macOS or version 137.0.7151.68 for Linux. Google is withholding technical details about the attacks and threat actors until more users have updated their browsers. The company has assigned a vulnerability CVSS score of 8.8, indicating a high severity. Users of Chromium based browsers including Microsoft Edge, Brave, Opera and Vivaldi should also apply fixes when they become available. The vulnerability could allow remote attackers to execute arbitrary code, making immediate patching critical for users security Microsoft issued an emergency update over the weekend to fix critical boot failures affecting Windows 11 systems after installing the May 2025 security update. The emergency patch KB5062170 resolved systems experiencing an error code that prevented computers from starting. The problems began after Microsoft released security update KB5058405 on May 13, 2025. Affected systems display the message your PC device needs to be repaired. The operating system couldn't be loaded because a required file is missing or contains errors. It notes errors on the file. ACPI sys the ACPI sys file Advanced Configuration and Power interface is a critical Windows system driver for that manages hardware resources and power states. When this driver fails to load, systems cannot boot properly. The issue Primarily affects Windows 11, 22H2 and 23H2 systems in enterprise environments, especially the Azure Virtual Machines, Azure Virtual Desktop, and on Premises virtual machines hosted on Citrix or Hyper V. Microsoft stated that home users are unlikely to face this issue, and as virtual machines are mostly used in IT environments, the KB56 2170 emergency update can only be installed manually from the Microsoft Update Catalog. It's not available through Windows Update, and the patch includes build numbers 226-21-5415 and 226-31-5415 and it's cumulative, meaning it includes all previously released fixes and patches. Microsoft recommends that if you have not yet deployed the May 2025 Windows security update, that's KB5058405 and your environment includes devices running in a virtual desktop infrastructure. On Windows 11 versions 22H2 and 23H2, we recommend you apply the out of band update instead. For organizations already experiencing boot failures, Microsoft suggests using Azure Virtual Machine repair commands as a workaround for recovery. The Emergency update introduces one known issue affecting no. 2 fonts in Chromium based browsers. When system scaling is set to 100%, Microsoft recommends increasing scaling to 125% or 150% as a temporary workaround. This emergency patch continues a recent pattern of Microsoft issuing out of band updates to address installation problems, including recently fixes for Windows 10 BitLocker recovery issues and Windows update blocks. Enterprise IT administrators should test the Emergency Update in controlled environments before widespread deployment, prioritizing virtual infrastructure where boot failures have been most commonly observed. A mysterious whistleblower calling themselves Gang Exposed is actually exposing the real identities of some of the world's most wanted cybercriminals, including the masterminds behind Conti and Trickbot ransomware operations. The anonymous leaker has published thousands of internal chat logs, personal videos, ransom negotiations, and personally identifiable information about key figures in gangs responsible for billions in extortion from companies, hospitals and individuals worldwide. Gang Exposed first revealed that Stern, the leader of Trikbot and Conti operations, is actually Vitaly Nikolovich Kovalev, a 36 year old Russian national. His identity was later confirmed by German Federal Police, who issued an Interpol red notice. That's an international alert requesting law enforcement worldwide to locate him and arrest him. The leaker then doxed another key figure known as professor, identifying him as Vladimir viktorovich Kviko, a 39 year old Russian who allegedly relocated from Moscow to Dubai in 2020 to continue cyber attacks against Western organizations. Despite being eligible for at least $10 million in FBI bounties for the information, Gang Exposed claims to have no interest in the rewards, he says. Or, she says, I take pleasure in thinking I can rid society of at least some of them. I simply enjoy solving the most complex cases. The leaker claims to use classical intelligence analysis, logic, factual research, OSINT methodology, stylometry and human psychology, and access to Darknet databases, including allegedly purchasing FSB border control data for $250,000. Some security analysts speculate Gang Exposed may be a disgruntled former gang member seeking revenge, while others believe that claiming the bounty could incriminate him. The leaker claims to be a cosmopolitan with many homes but no permanent base who moves between countries. The revelations have significant implications for global cybersecurity efforts, providing law enforcement with actionable intelligence to pursue these high value targets who have operated with impunity for years. Here's something that should make people think twice before scanning a random QR code. Cybercriminals have moved beyond your inbox and are now taping malicious codes to lamp posts and and street corners. Security professionals discovered a handwritten note taped to a lamp post that read, john, I know you were cheating on me, followed by a QR code and the message, here's the proof it would be worthwhile for everyone to see. It's a perfect psychological trap. Curiosity, drama, and that irresistible urge to see someone else's private business. And that's exactly what makes it so dangerous. QR code phishing known as quishing, has exploded recently. Action Fraud reports that QR code scams increased 14 fold since 2019, jumping from 100 reports to 1,386 reports in 2024. Even more concerning, quishing attacks rose 25% in 2025 alone, and now account for one in every eight credential harvesting campaigns. Research shows that only 36% of employees can identify a QR code phishing attack. Catherine Hart from the Chartered Trading Standards Institute says, we've seen huge amounts lost this way. People have seen their life savings gone and that money is going to finance criminals. Street level QR attacks bypass all traditional digital defenses. Your email filters can't catch a piece of paper taped to a pole. Your corporate security systems can't scan a restaurant sticker. The psychological manipulation is sophisticated, exploiting human curiosity, jealousy and our natural tendency to investigate drama. It's social engineering taken to the physical world as one cybersecurity expert put it, cybersecurity awareness isn't just for the inbox anymore. We spent years training people to be suspicious of email links, but we haven't prepared them for malicious codes in the physical world around them. So the new message is next time you see a QR code, whether it's promising free WI fi a discount or revealing someone else's secrets, pause, verify the source and trust your instinct. Because in 2025, the streets themselves have become part of the cybercriminals toolkit. And that's our show for today. Love to hear what you think. You can reach me at editorialechnewsday CA or on LinkedIn or if you're watching this on YouTube, just drop a note under the video if you're enjoying this content. We'd love it if you recommend it to a friend. And if you can help us out financially with a small donation@buymeacoffee.com techpodcast it would be great. I'm your host, Jim Love. Thanks for listening.