Emergency Patches, Ransomware Exposes, and Rising QR Code Scams

Wed Jun 04 2025

In this episode of Cybersecurity Today, host Jim Love discusses the latest urgent security updates and cyber threats. Google has released an emergency Chrome patch to fix a high-severity zero-day vulnerability, while Microsoft issued an emergency...

Summary

Podcast Summary: Cybersecurity Today Episode: Emergency Patches, Ransomware Exposes, and Rising QR Code Scams
Host: Jim Love
Release Date: June 4, 2025

Introduction

In this episode of Cybersecurity Today, host Jim Love delves into the latest cybersecurity threats impacting businesses and individuals alike. The discussion centers around emergency software patches, the exposure of notorious ransomware leaders, and the surge in QR code-based scams. The episode provides critical updates, expert insights, and practical advice to help listeners safeguard their digital and physical environments in an increasingly perilous cyber landscape.

Emergency Chrome Patch

Jim Love opens the episode by addressing a significant vulnerability in Google Chrome:

Jim Love [00:00]: "Google releases an emergency Chrome patch for an actively exploited zero day."

Key Points:

Vulnerability Details: Google identified a high-severity zero-day vulnerability in Chrome's V8 JavaScript engine, cataloged as CVE-2025-5419. This flaw allows attackers to exploit heap corruption via specially crafted HTML pages, potentially enabling remote code execution.
Discovery and Mitigation: Google's Threat Analysis Group discovered CVE-2025-5419 on May 27, 2025, and implemented initial mitigation measures the following day. The company confirmed the presence of an active exploit in the wild.
Historical Context: This marks the third actively exploited zero-day in Chrome for 2025, following CVE-2025-2783 in March and CVE-2025-4664 in May. The March vulnerability was notably used in espionage targeting Russian governmental bodies and media.
Recommended Actions: Users are urged to update to Chrome version 137.0.7151.68 across all platforms (Windows, macOS, Linux). Additionally, users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should apply available fixes promptly.

Jim Love [00:02]: "Google is withholding technical details about the attacks and threat actors until more users have updated their browsers."

Severity Assessment: The vulnerability has been assigned a CVSS score of 8.8, indicating high severity.

Microsoft Emergency Patch

Following the Chrome update, Jim discusses an urgent patch from Microsoft addressing critical boot failures in Windows 11:

Key Points:

Issue Overview: After installing the May 2025 security update (KB5058405), some Windows 11 systems encountered boot failures, displaying an error related to the ACPI.sys file—a crucial driver for hardware and power management.
Affected Systems: Primarily impacts Windows 11 versions 22H2 and 23H2, especially within enterprise environments using Azure Virtual Machines, Azure Virtual Desktops, and on-premises virtual machines hosted on Citrix or Hyper-V.
Emergency Patch Details: Microsoft released KB5062170 to resolve these boot failures. This update is cumulative, encompassing all previous fixes, and is available manually through the Microsoft Update Catalog rather than via Windows Update.

Jim Love [00:05]: "The operating system couldn't be loaded because a required file is missing or contains errors."

Workarounds and Recommendations: For organizations not yet deploying KB5058405 and utilizing virtual desktop infrastructures, applying the emergency update is recommended. For those already experiencing issues, Microsoft advises using Azure Virtual Machine repair commands as a temporary fix.
Known Issues: The emergency patch introduces a minor issue affecting font rendering in Chromium-based browsers when system scaling is set to 100%. Users are advised to increase scaling to 125% or 150% as a temporary measure.

Jim Love [00:07]: "Enterprise IT administrators should test the Emergency Update in controlled environments before widespread deployment."

Gang Exposed: Ransomware Leaders Doxed

One of the most compelling segments of the episode discusses the actions of an anonymous leaker known as Gang Exposed, who has been revealing the identities of major ransomware operators:

Key Points:

Identity Revelations: Gang Exposed has exposed several high-profile cybercriminals, including leaders behind Conti and Trickbot ransomware groups. Notably, the leader of these operations, known as Stern, has been identified as Vitaly Nikolovich Kovalev, a 36-year-old Russian national.

Jim Love [00:09]: "Gang Exposed first revealed that Stern, the leader of Trikbot and Conti operations, is actually Vitaly Nikolovich Kovalev."

Confirmation and Legal Actions: German Federal Police confirmed Kovalev's identity and issued an Interpol red notice, prompting an international alert for his arrest.
Further Exposures: Another key figure, referred to as Professor, has been identified as Vladimir Viktorovich Kviko, a 39-year-old Russian who allegedly moved to Dubai in 2020 to continue cyberattacks against Western targets.
Leaker's Motivation: Despite being eligible for FBI bounties exceeding $10 million for this information, Gang Exposed has declined the rewards, stating:

Gang Exposed [00:11]: "I take pleasure in thinking I can rid society of at least some of them."

Methodology: The leaker employs classical intelligence analysis, logic, factual research, OSINT (Open Source Intelligence) methods, stylometry, human psychology, and access to Darknet databases. Notably, they reportedly purchased FSB border control data for $250,000 to aid their efforts.
Speculations and Implications: Analysts speculate that Gang Exposed might be a former gang member seeking vengeance or someone avoiding incrimination by not claiming bounties. The revelations provide actionable intelligence for global law enforcement to pursue these elusive cybercriminals.

Jim Love [00:13]: "The revelations have significant implications for global cybersecurity efforts, providing law enforcement with actionable intelligence to pursue these high-value targets."

Rising QR Code Scams (Quishing)

In the final major segment, Jim addresses the alarming increase in QR code-based phishing attacks, a tactic known as quishing:

Key Points:

Attack Vectors: Cybercriminals are attaching malicious QR codes to physical objects like lamp posts and street corners. An example described involves a handwritten note with a QR code that entices victims by claiming personal infidelity, thereby exploiting emotional triggers.

Jim Love [00:15]: "It's a perfect psychological trap. Curiosity, drama, and that irresistible urge to see someone else's private business."

Statistical Surge: According to Action Fraud, reports of QR code scams have surged 14-fold since 2019, jumping from 100 cases to 1,386 reports in 2024. In 2025 alone, quishing attacks increased by 25%, now comprising one in every eight credential harvesting campaigns.
User Vulnerability: Research indicates that only 36% of employees can identify a QR code phishing attack, highlighting a significant gap in awareness and preparedness.

Catherine Hart [00:16]: "We've seen huge amounts lost this way. People have seen their life savings gone and that money is going to finance criminals."

Bypassing Traditional Defenses: These physical QR attacks circumvent digital security measures like email filters and corporate security systems, making them exceptionally challenging to defend against.

Jim Love [00:18]: "It's social engineering taken to the physical world as one cybersecurity expert put it, cybersecurity awareness isn't just for the inbox anymore."

Preventative Measures: Security professionals advocate for heightened vigilance when encountering QR codes. Practical advice includes:
- Verify the Source: Before scanning, ensure the QR code is from a trusted and legitimate source.
- Trust Your Instincts: If something seems off or too enticing, it's best to avoid interaction.

Jim Love [00:19]: "Because in 2025, the streets themselves have become part of the cybercriminals toolkit."

Conclusion

Jim Love wraps up the episode by emphasizing the evolving nature of cybersecurity threats and the necessity for continuous vigilance:

Jim Love [00:20]: "Next time you see a QR code, whether it's promising free Wi-Fi, a discount, or revealing someone else's secrets, pause, verify the source, and trust your instinct."

He invites listeners to engage with the podcast through various channels and encourages support to continue delivering insightful content.

Stay Informed, Stay Secure: This episode of Cybersecurity Today underscores the critical need for timely updates, awareness of emerging threats, and proactive measures to protect against sophisticated cyberattacks both online and in the physical world.

Loading summary...

Transcript

Jim Love (0:00)

Google issues an emergency Chrome patch for an actively exploited zero day Microsoft releases an emergency patch KB56 2170 to fix Windows 11 boot failures. A mysterious leaker called Gang Exposed is doxing major ransomware leaders, and it's called quishing. Taking it to the streets has a whole new meaning. This is cybersecurity today and I'm your host Jim Love. Google released an emergency security update Monday to fix a high severity zero day vulnerability in Chrome that hackers are actively exploiting in the wild. The flaw, traced as CVE2025 5419, is an out of bounds read and write vulnerability in Chrome's V8 JavaScript engine, and it allows attackers to potentially exploit heap corruption through specially crafted HTML pages. Google's Threat Analysis Group discovered the vulnerability on May 27 and implemented initial mitigation the next day. Google is aware that an exploit for CVE 20255419 exists in the wild, was what the company confirmed in its security advisory. This marks the third actively exploited Chrome Zero Day vulnerability patched by Google in 2025, following CVE 20252783 in March and CVE 20254664 in May. The March vulnerability was used in a sophisticated espionage attack targeting Russian government organizations and media outlets. Users should immediately update to Chrome version 137.0.7151.68 for Windows and macOS or version 137.0.7151.68 for Linux. Google is withholding technical details about the attacks and threat actors until more users have updated their browsers. The company has assigned a vulnerability CVSS score of 8.8, indicating a high severity. Users of Chromium based browsers including Microsoft Edge, Brave, Opera and Vivaldi should also apply fixes when they become available. The vulnerability could allow remote attackers to execute arbitrary code, making immediate patching critical for users security Microsoft issued an emergency update over the weekend to fix critical boot failures affecting Windows 11 systems after installing the May 2025 security update. The emergency patch KB5062170 resolved systems experiencing an error code that prevented computers from starting. The problems began after Microsoft released security update KB5058405 on May 13, 2025. Affected systems display the message your PC device needs to be repaired. The operating system couldn't be loaded because a required file is missing or contains errors. It notes errors on the file. ACPI sys the ACPI sys file Advanced Configuration and Power interface is a critical Windows system driver for that manages hardware resources and power states. When this driver fails to load, systems cannot boot properly. The issue Primarily affects Windows 11, 22H2 and 23H2 systems in enterprise environments, especially the Azure Virtual Machines, Azure Virtual Desktop, and on Premises virtual machines hosted on Citrix or Hyper V. Microsoft stated that home users are unlikely to face this issue, and as virtual machines are mostly used in IT environments, the KB56 2170 emergency update can only be installed manually from the Microsoft Update Catalog. It's not available through Windows Update, and the patch includes build numbers 226-21-5415 and 226-31-5415 and it's cumulative, meaning it includes all previously released fixes and patches. Microsoft recommends that if you have not yet deployed the May 2025 Windows security update, that's KB5058405 and your environment includes devices running in a virtual desktop infrastructure. On Windows 11 versions 22H2 and 23H2, we recommend you apply the out of band update instead. For organizations already experiencing boot failures, Microsoft suggests using Azure Virtual Machine repair commands as a workaround for recovery. The Emergency update introduces one known issue affecting no. 2 fonts in Chromium based browsers. When system scaling is set to 100%, Microsoft recommends increasing scaling to 125% or 150% as a temporary workaround. This emergency patch continues a recent pattern of Microsoft issuing out of band updates to address installation problems, including recently fixes for Windows 10 BitLocker recovery issues and Windows update blocks. Enterprise IT administrators should test the Emergency Update in controlled environments before widespread deployment, prioritizing virtual infrastructure where boot failures have been most commonly observed. A mysterious whistleblower calling themselves Gang Exposed is actually exposing the real identities of some of the world's most wanted cybercriminals, including the masterminds behind Conti and Trickbot ransomware operations. The anonymous leaker has published thousands of internal chat logs, personal videos, ransom negotiations, and personally identifiable information about key figures in gangs responsible for billions in extortion from companies, hospitals and individuals worldwide. Gang Exposed first revealed that Stern, the leader of Trikbot and Conti operations, is actually Vitaly Nikolovich Kovalev, a 36 year old Russian national. His identity was later confirmed by German Federal Police, who issued an Interpol red notice. That's an international alert requesting law enforcement worldwide to locate him and arrest him. The leaker then doxed another key figure known as professor, identifying him as Vladimir viktorovich Kviko, a 39 year old Russian who allegedly relocated from Moscow to Dubai in 2020 to continue cyber attacks against Western organizations. Despite being eligible for at least $10 million in FBI bounties for the information, Gang Exposed claims to have no interest in the rewards, he says. Or, she says, I take pleasure in thinking I can rid society of at least some of them. I simply enjoy solving the most complex cases. The leaker claims to use classical intelligence analysis, logic, factual research, OSINT methodology, stylometry and human psychology, and access to Darknet databases, including allegedly purchasing FSB border control data for $250,000. Some security analysts speculate Gang Exposed may be a disgruntled former gang member seeking revenge, while others believe that claiming the bounty could incriminate him. The leaker claims to be a cosmopolitan with many homes but no permanent base who moves between countries. The revelations have significant implications for global cybersecurity efforts, providing law enforcement with actionable intelligence to pursue these high value targets who have operated with impunity for years. Here's something that should make people think twice before scanning a random QR code. Cybercriminals have moved beyond your inbox and are now taping malicious codes to lamp posts and and street corners. Security professionals discovered a handwritten note taped to a lamp post that read, john, I know you were cheating on me, followed by a QR code and the message, here's the proof it would be worthwhile for everyone to see. It's a perfect psychological trap. Curiosity, drama, and that irresistible urge to see someone else's private business. And that's exactly what makes it so dangerous. QR code phishing known as quishing, has exploded recently. Action Fraud reports that QR code scams increased 14 fold since 2019, jumping from 100 reports to 1,386 reports in 2024. Even more concerning, quishing attacks rose 25% in 2025 alone, and now account for one in every eight credential harvesting campaigns. Research shows that only 36% of employees can identify a QR code phishing attack. Catherine Hart from the Chartered Trading Standards Institute says, we've seen huge amounts lost this way. People have seen their life savings gone and that money is going to finance criminals. Street level QR attacks bypass all traditional digital defenses. Your email filters can't catch a piece of paper taped to a pole. Your corporate security systems can't scan a restaurant sticker. The psychological manipulation is sophisticated, exploiting human curiosity, jealousy and our natural tendency to investigate drama. It's social engineering taken to the physical world as one cybersecurity expert put it, cybersecurity awareness isn't just for the inbox anymore. We spent years training people to be suspicious of email links, but we haven't prepared them for malicious codes in the physical world around them. So the new message is next time you see a QR code, whether it's promising free WI fi a discount or revealing someone else's secrets, pause, verify the source and trust your instinct. Because in 2025, the streets themselves have become part of the cybercriminals toolkit. And that's our show for today. Love to hear what you think. You can reach me at editorialechnewsday CA or on LinkedIn or if you're watching this on YouTube, just drop a note under the video if you're enjoying this content. We'd love it if you recommend it to a friend. And if you can help us out financially with a small donation@buymeacoffee.com techpodcast it would be great. I'm your host, Jim Love. Thanks for listening.

Podcast Summary: Cybersecurity Today Episode: Emergency Patches, Ransomware Exposes, and Rising QR Code Scams
Host: Jim Love
Release Date: June 4, 2025

Introduction

Emergency Chrome Patch

Jim Love opens the episode by addressing a significant vulnerability in Google Chrome:

Jim Love [00:00]: "Google releases an emergency Chrome patch for an actively exploited zero day."

Key Points:

Vulnerability Details: Google identified a high-severity zero-day vulnerability in Chrome's V8 JavaScript engine, cataloged as CVE-2025-5419. This flaw allows attackers to exploit heap corruption via specially crafted HTML pages, potentially enabling remote code execution.
Discovery and Mitigation: Google's Threat Analysis Group discovered CVE-2025-5419 on May 27, 2025, and implemented initial mitigation measures the following day. The company confirmed the presence of an active exploit in the wild.
Historical Context: This marks the third actively exploited zero-day in Chrome for 2025, following CVE-2025-2783 in March and CVE-2025-4664 in May. The March vulnerability was notably used in espionage targeting Russian governmental bodies and media.
Recommended Actions: Users are urged to update to Chrome version 137.0.7151.68 across all platforms (Windows, macOS, Linux). Additionally, users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should apply available fixes promptly.

Jim Love [00:02]: "Google is withholding technical details about the attacks and threat actors until more users have updated their browsers."

Severity Assessment: The vulnerability has been assigned a CVSS score of 8.8, indicating high severity.

Microsoft Emergency Patch

Following the Chrome update, Jim discusses an urgent patch from Microsoft addressing critical boot failures in Windows 11:

Key Points:

Issue Overview: After installing the May 2025 security update (KB5058405), some Windows 11 systems encountered boot failures, displaying an error related to the ACPI.sys file—a crucial driver for hardware and power management.
Affected Systems: Primarily impacts Windows 11 versions 22H2 and 23H2, especially within enterprise environments using Azure Virtual Machines, Azure Virtual Desktops, and on-premises virtual machines hosted on Citrix or Hyper-V.
Emergency Patch Details: Microsoft released KB5062170 to resolve these boot failures. This update is cumulative, encompassing all previous fixes, and is available manually through the Microsoft Update Catalog rather than via Windows Update.

Jim Love [00:05]: "The operating system couldn't be loaded because a required file is missing or contains errors."

Workarounds and Recommendations: For organizations not yet deploying KB5058405 and utilizing virtual desktop infrastructures, applying the emergency update is recommended. For those already experiencing issues, Microsoft advises using Azure Virtual Machine repair commands as a temporary fix.
Known Issues: The emergency patch introduces a minor issue affecting font rendering in Chromium-based browsers when system scaling is set to 100%. Users are advised to increase scaling to 125% or 150% as a temporary measure.

Jim Love [00:07]: "Enterprise IT administrators should test the Emergency Update in controlled environments before widespread deployment."

Gang Exposed: Ransomware Leaders Doxed

One of the most compelling segments of the episode discusses the actions of an anonymous leaker known as Gang Exposed, who has been revealing the identities of major ransomware operators:

Key Points:

Identity Revelations: Gang Exposed has exposed several high-profile cybercriminals, including leaders behind Conti and Trickbot ransomware groups. Notably, the leader of these operations, known as Stern, has been identified as Vitaly Nikolovich Kovalev, a 36-year-old Russian national.

Jim Love [00:09]: "Gang Exposed first revealed that Stern, the leader of Trikbot and Conti operations, is actually Vitaly Nikolovich Kovalev."

Confirmation and Legal Actions: German Federal Police confirmed Kovalev's identity and issued an Interpol red notice, prompting an international alert for his arrest.
Further Exposures: Another key figure, referred to as Professor, has been identified as Vladimir Viktorovich Kviko, a 39-year-old Russian who allegedly moved to Dubai in 2020 to continue cyberattacks against Western targets.
Leaker's Motivation: Despite being eligible for FBI bounties exceeding $10 million for this information, Gang Exposed has declined the rewards, stating:

Gang Exposed [00:11]: "I take pleasure in thinking I can rid society of at least some of them."

Methodology: The leaker employs classical intelligence analysis, logic, factual research, OSINT (Open Source Intelligence) methods, stylometry, human psychology, and access to Darknet databases. Notably, they reportedly purchased FSB border control data for $250,000 to aid their efforts.
Speculations and Implications: Analysts speculate that Gang Exposed might be a former gang member seeking vengeance or someone avoiding incrimination by not claiming bounties. The revelations provide actionable intelligence for global law enforcement to pursue these elusive cybercriminals.

Jim Love [00:13]: "The revelations have significant implications for global cybersecurity efforts, providing law enforcement with actionable intelligence to pursue these high-value targets."

Rising QR Code Scams (Quishing)

In the final major segment, Jim addresses the alarming increase in QR code-based phishing attacks, a tactic known as quishing:

Key Points:

Attack Vectors: Cybercriminals are attaching malicious QR codes to physical objects like lamp posts and street corners. An example described involves a handwritten note with a QR code that entices victims by claiming personal infidelity, thereby exploiting emotional triggers.

Jim Love [00:15]: "It's a perfect psychological trap. Curiosity, drama, and that irresistible urge to see someone else's private business."

Statistical Surge: According to Action Fraud, reports of QR code scams have surged 14-fold since 2019, jumping from 100 cases to 1,386 reports in 2024. In 2025 alone, quishing attacks increased by 25%, now comprising one in every eight credential harvesting campaigns.
User Vulnerability: Research indicates that only 36% of employees can identify a QR code phishing attack, highlighting a significant gap in awareness and preparedness.

Catherine Hart [00:16]: "We've seen huge amounts lost this way. People have seen their life savings gone and that money is going to finance criminals."

Bypassing Traditional Defenses: These physical QR attacks circumvent digital security measures like email filters and corporate security systems, making them exceptionally challenging to defend against.

Jim Love [00:18]: "It's social engineering taken to the physical world as one cybersecurity expert put it, cybersecurity awareness isn't just for the inbox anymore."

Preventative Measures: Security professionals advocate for heightened vigilance when encountering QR codes. Practical advice includes:
- Verify the Source: Before scanning, ensure the QR code is from a trusted and legitimate source.
- Trust Your Instincts: If something seems off or too enticing, it's best to avoid interaction.

Jim Love [00:19]: "Because in 2025, the streets themselves have become part of the cybercriminals toolkit."

Conclusion

Jim Love wraps up the episode by emphasizing the evolving nature of cybersecurity threats and the necessity for continuous vigilance:

Jim Love [00:20]: "Next time you see a QR code, whether it's promising free Wi-Fi, a discount, or revealing someone else's secrets, pause, verify the source, and trust your instinct."

He invites listeners to engage with the podcast through various channels and encourages support to continue delivering insightful content.