A Tennessee man accused of abusing and sexually exploiting children while actively participating in 764, a sprawling online nihilistic violent extremist collective affiliated with The Com, pleaded not guilty Thursday to a series of charges that could keep him locked up for 50 years.

Zachary Sweeney has allegedly victimized multiple children, on numerous occasions grooming and coercing minors to produce child sexual abuse material that he distributed and sometimes sold, the Justice Department said. One of the 30-year-old’s alleged victims later died of an overdose.

Sweeney has been the subject of multiple FBI investigations, which uncovered extensive crimes against children dating back to at least 2022, prosecutors said. His alleged involvement in 764 and, by extension, The Com, underscores the growing, multi-faceted threat of physical violence, cybercrime, extortion and the pursuit of criminal underground notoriety posed by thousands of members typically between 11 and 25 years old.

Victims of these crimes are often young, vulnerable and degraded or traumatized for years with life-altering impact.

“Violent extremists who victimize vulnerable children online are among the worst predators in our community and across the country,” Braden Boucek, U.S. attorney for the Middle District of Tennessee, said in a statement.

Members of 764 and related groups commit crimes in the United States and engage with other extremists globally to foment social unrest and destroy civilized society through the corruption and exploitation of vulnerable people, the Justice Department said.

Police arrested Sweeney Thursday and charged him with three counts of sexual exploitation and attempted sexual exploitation of a minor and three counts of receiving visual depictions of CSAM. Prosecutors said they intend to request Sweeney remain detained at his next court appearance June 3. 

Sweeney allegedly traveled to New York, Indiana, Missouri and Georgia to meet numerous victims in person. Officials received reports from some of his alleged victims and online platforms, triggering FBI interviews with some of his alleged victims as early as 2023. 

One of his alleged victims, who began interacting with Sweeney when she was a teenager, told investigators she degraded herself and participated in virtual self-harm group video calls with a group of people she described as friends of his in The Com. Sweeney alleged raped her and streamed the crime online. 

She died of an overdose in 2024, approximately ten days after FBI agents interviewed her. 

Sweeney allegedly drugged and raped other victims and shared videos of those acts online, according to court records.

The FBI searched Sweeney’s residence in St. Louis in September 2023, more than two months after Meta sent a pair of tips to the National Center for Missing and Exploited Children that linked him to Instagram chats containing CSAM.

Agents seized devices containing evidence of 99 possible CSAM images and videos, but encryption and passwords prevented authorities from conducting further examination, according to court records.

Sweeney moved to Tennessee in the summer of 2024 and allegedly continued to travel out of state to meet victims in person and coerce other victims to produce CSAM through at least the summer of 2025.

Authorities accuse Sweeney of boasting about his crimes and sharing blackmail material, sexual assault and CSAM depicting underage female victims.

Authorities have arrested multiple members of 764 during the past year, reflecting heightened law enforcement activity targeting the violent extremist collective and other offshoots affiliated with The Com.

Two alleged leaders of 764, Leonidas Varagiannis and Prasan Nepal, were arrested and charged for directing and distributing CSAM in April. Alexis Aldair Chavez, of San Antonio, pleaded guilty in December to multiple crimes involving the sexual exploitation of children while acting as an administrator and leader of 8884, a splinter group of 764.

“This operation puts every child predator on notice: the FBI will hunt you down and bring you to justice,” Terence Reilly, special agent in charge of the FBI Nashville Field Office, said in a statement. “Removing violent extremists from our streets protects our most innocent and vulnerable members of society.”

You can read the indictment below.

The post Tennessee man linked to 764 accused of series of crimes against children dating back to 2022 appeared first on CyberScoop.

Cybercrime remains a booming business. 

Annual cybercrime losses amounted to almost $20.9 billion last year, reflecting a 26% increase from 2024, the FBI’s Internet Crime Complaint Center (IC3) said in its annual report Tuesday.

The comprehensive study exposes a worsening digital crime environment that is driving financial losses, with momentum moving in the wrong direction and compounding at an alarming rate. Annual cybercrime losses have jumped almost 400% from $4.2 billion in 2020, and cumulative losses in that five-year period surpassed $71.3 billion.

The FBI’s IC3, which formed as the country’s central hub for cybercrime reporting in 2000, is busier than ever. “We now average almost 3,000 complaints per day,” Jose Perez, the FBI’s operations director for its criminal and cyber branch, wrote in the report. 

The annual internet crime report highlights growing and sustaining trends. Yet, the scope of the study is limited and relies entirely on cybercrime incidents submitted to the FBI. 

The full impact of cybercrime remains murky, as an unknown number of victims suffer in the shadows and never report the crimes they endure.

The FBI received more than 1 million complaints last year, with victims aged over 60 reporting the largest amount of crimes that also resulted in the greatest amount of total losses by age group. Victims at least 60 years old filed 201,000 complaints with losses totaling nearly $7.75 billion, or about 37% of all cybercrime-related losses last year.

Investment-related fraud remained the largest component of cybercrime losses in 2025, reaching almost $8.65 billion. Business email compromise took the No. 2 spot with almost $3.05 billion in losses, followed by tech support scams at more than $2.1 billion. 

Cryptocurrency was the primary conduit for fraud linked to investment and tech support scams last year, while wire transfers composed the bulk of fraud resulting from business email compromise, according to the report.

Phishing was the most commonly reported type of cybercrime last year, followed by extortion, investment scams and personal data breaches. The FBI tallied losses amounting to $122.5 million from extortion and $32.3 million from ransomware last year.

The FBI also received more than 75,000 reports of sextortion last year, including more than 5,700 submissions that were referred to the National Center for Missing and Exploited Children.

The top five cyber threats reported to IC3 in 2025 included data breaches at 39%, ransomware at 36%, SIM swapping at 10%, malware at 9% and botnets at 7%. 

The FBI received more than 3,600 complaints reporting ransomware last year. The five most reported variants included Akira, Qilin, INC, BianLian and Play.

Each of the 16 critical infrastructure sectors reported ransomware attacks last year, and the most heavily targeted included health care, manufacturing, financial services, government and IT.

The IC3 primarily receives complaints from U.S. residents and businesses, but it also received complaints from more than 200 countries last year, which accounted for nearly $1.6 billion in total losses. 

While losses and the sheer amount of cybercrime continued to climb last year, “the FBI continues to disrupt and deter malicious cyber actors — and shift the cost from victims to our adversaries,” Perez wrote in the report.

“It has never been more important to be diligent with your cybersecurity, social media footprint, and electronic interactions,” he added. “Cyber threats and cyber-enabled crime will continue to evolve as the world embraces emerging technologies such as artificial intelligence.”

The post Cybercrime losses jumped 26% to $20.9 billion in 2025 appeared first on CyberScoop.

Washington has rediscovered consequences. Just not consistently.

The March 6 executive order rests on a simple, correct idea: cyber-enabled fraud persists because it is profitable, scalable, and too often tolerated. So the government’s answer is to raise the cost. More coordination. More disruption. More prosecutions. More diplomatic pressure on the states that shelter these operations.

Good.

But weeks ago, an OMB Memo rescinded earlier federal software supply chain memos issued during the Biden administration. In practice, that pulled back from the prior attestation-centered model and made tools like the Secure Software Development Attestation Form and SBOM requests optional rather than durable expectations.

Put plainly, we are getting tougher on the people exploiting digital systems while getting softer on the conditions that make those systems so easy to exploit.

The executive order gets something important right. Cyber-enabled fraud is not a collection of random online annoyances. It is an industrialized form of predation: ransomware, phishing, impersonation, sextortion, and financial fraud that’s run as repeatable business models, often transnational and sometimes protected by permissive states. The order responds with a more centralized federal posture built around disruption, coordination, intelligence sharing, prosecution, resilience, and international pressure.

That is directionally correct. Criminal ecosystems do not retreat because we publish better guidance. They retreat when the cost of doing business rises.

But then we arrive at software.

The critique of the old federal assurance regime is not entirely wrong. Compliance can become theater. Bureaucracies are very good at turning legitimate security goals into rituals of form collection and checkbox management. Some skepticism was warranted. OMB says as much explicitly, arguing the prior model became burdensome and prioritized compliance over genuine security investment.

Still, the failure of bad compliance is not proof that accountability itself was the problem.

That is where the logic breaks. The administration is clearly willing to believe that criminal actors respond to deterrence. It is willing to use prosecutions, sanctions, visa restrictions, and coordinated pressure downstream. But upstream, where insecure technology shapes the terrain those criminals exploit, the theory suddenly changes. There, we are told to trust discretion. Local judgment. Flexible, risk-based decisions.

Sometimes that is wisdom. Often it is just a more elegant way of saying no one wants a hard requirement.

This is also why my own position has not changed. In a post I wrote in 2024, I argued that the industry did not need softer expectations or another round of polite encouragement. It needed more concrete action and consequences strong enough to change incentives. The problem was never that we were demanding too much accountability. The problem was that insecure software remained too cheap to ship.

That is the deeper issue. Cybercrime at scale does not thrive only because criminals exist. It thrives because the environment rewards them. Weak identity systems, brittle software, sprawling dependency chains, poor visibility, and diffuse accountability all make predation cheaper. The people who ship avoidable risk rarely absorb the full cost of it. Everyone else does.

So these two policy moves, taken together, reveal something uncomfortable. The government seems to believe in consequences for cybercriminals, but not quite in consequences for insecure production. It wants deterrence for the scammer, but discretion for the supplier.

A coherent cyber strategy would do both. It would aggressively disrupt criminal networks and also create meaningful pressure for secure-by-design production and procurement. It would recognize that punishing attackers matters, but so does changing the terrain that keeps making attack profitable.

The administration is right about one thing: cybercrime will not shrink until the costs of predation rise.

The unanswered question is why that logic should stop at the edge of the scam center.

Brian Fox is the co-founder and CTO of Sonatype.

The post If consequences matter, they should apply to vendors, too appeared first on CyberScoop.