A Tennessee man accused of abusing and sexually exploiting children while actively participating in 764, a sprawling online nihilistic violent extremist collective affiliated with The Com, pleaded not guilty Thursday to a series of charges that could keep him locked up for 50 years.

Zachary Sweeney has allegedly victimized multiple children, on numerous occasions grooming and coercing minors to produce child sexual abuse material that he distributed and sometimes sold, the Justice Department said. One of the 30-year-old’s alleged victims later died of an overdose.

Sweeney has been the subject of multiple FBI investigations, which uncovered extensive crimes against children dating back to at least 2022, prosecutors said. His alleged involvement in 764 and, by extension, The Com, underscores the growing, multi-faceted threat of physical violence, cybercrime, extortion and the pursuit of criminal underground notoriety posed by thousands of members typically between 11 and 25 years old.

Victims of these crimes are often young, vulnerable and degraded or traumatized for years with life-altering impact.

“Violent extremists who victimize vulnerable children online are among the worst predators in our community and across the country,” Braden Boucek, U.S. attorney for the Middle District of Tennessee, said in a statement.

Members of 764 and related groups commit crimes in the United States and engage with other extremists globally to foment social unrest and destroy civilized society through the corruption and exploitation of vulnerable people, the Justice Department said.

Police arrested Sweeney Thursday and charged him with three counts of sexual exploitation and attempted sexual exploitation of a minor and three counts of receiving visual depictions of CSAM. Prosecutors said they intend to request Sweeney remain detained at his next court appearance June 3. 

Sweeney allegedly traveled to New York, Indiana, Missouri and Georgia to meet numerous victims in person. Officials received reports from some of his alleged victims and online platforms, triggering FBI interviews with some of his alleged victims as early as 2023. 

One of his alleged victims, who began interacting with Sweeney when she was a teenager, told investigators she degraded herself and participated in virtual self-harm group video calls with a group of people she described as friends of his in The Com. Sweeney alleged raped her and streamed the crime online. 

She died of an overdose in 2024, approximately ten days after FBI agents interviewed her. 

Sweeney allegedly drugged and raped other victims and shared videos of those acts online, according to court records.

The FBI searched Sweeney’s residence in St. Louis in September 2023, more than two months after Meta sent a pair of tips to the National Center for Missing and Exploited Children that linked him to Instagram chats containing CSAM.

Agents seized devices containing evidence of 99 possible CSAM images and videos, but encryption and passwords prevented authorities from conducting further examination, according to court records.

Sweeney moved to Tennessee in the summer of 2024 and allegedly continued to travel out of state to meet victims in person and coerce other victims to produce CSAM through at least the summer of 2025.

Authorities accuse Sweeney of boasting about his crimes and sharing blackmail material, sexual assault and CSAM depicting underage female victims.

Authorities have arrested multiple members of 764 during the past year, reflecting heightened law enforcement activity targeting the violent extremist collective and other offshoots affiliated with The Com.

Two alleged leaders of 764, Leonidas Varagiannis and Prasan Nepal, were arrested and charged for directing and distributing CSAM in April. Alexis Aldair Chavez, of San Antonio, pleaded guilty in December to multiple crimes involving the sexual exploitation of children while acting as an administrator and leader of 8884, a splinter group of 764.

“This operation puts every child predator on notice: the FBI will hunt you down and bring you to justice,” Terence Reilly, special agent in charge of the FBI Nashville Field Office, said in a statement. “Removing violent extremists from our streets protects our most innocent and vulnerable members of society.”

You can read the indictment below.

The post Tennessee man linked to 764 accused of series of crimes against children dating back to 2022 appeared first on CyberScoop.

A Google security engineer was arrested in New York and charged with crimes related to bets he allegedly placed on Polymarket using confidential information he pulled from Google systems, the Justice Department said Wednesday. 

Michele Spagnuolo, a 36-year-old Italian citizen who lives in Switzerland, is accused of placing multiple trades on the prediction marketplace last year that netted him a profit of more than $1.2 million. He allegedly abused internal access to Google’s nonpublic Year in Search data and placed a series of bets on the most searched people on Google in 2025.

“Today’s charges reinforce a decades-old message: corporate insiders cannot use confidential information to turn a profit in our markets,” Jay Clayton, U.S. attorney for the Southern District of New York, said in a statement Wednesday. “Insider trading compromises the integrity of our markets, and the American people want this greed-driven conduct investigated and prosecuted.”

Spagnuolo was charged with violating the Commodity Exchange Act, wire fraud and money laundering, which carry a combined maximum sentence up to 50 years in prison. 

He was also served with a civil complaint by the Commodity Futures Trading Commission that accused him of insider trading. The government agency is seeking restitution, disgorgement, civil monetary penalties, trading and registration bans and a permanent injunction against further regulation violations. 

Spagnuolo has been employed as a security engineer at Google since 2014, where he built products, specifications and led multiple projects in the information security unit, according to his company bio, which has since been taken down. 

A Google spokesperson said the company is working with law enforcement on its investigation. “The employee accessed our marketing material using a tool available to all employees, but using such confidential information to place bets is a serious breach of our policies,” the spokesperson said in a statement. “We’ve placed the employee on leave and will take the appropriate action.”

Spagnuolo did not respond to a request for comment.

In a complaint unsealed Wednesday, a federal investigator said Spagnulo, who used the “AlphaRaccoon” user name on Polymarket, took deliberate steps to conceal his use of nonpublic information, including efforts to obscure the source and ownership of his proceeds. 

Prosecutors noted that Google’s internal software tool, which provided Spagnuolo access to search trends, bore a banner that stated “Google Confidential” in red text, adding that Spagnuolo confirmed he understood the company’s various confidentiality and ethics policies to access the data. 

Spagnuolo allegedly created his Polymarket account in May 2024 and placed a series of trades between later that year risking approximately $2.75 million on 25 outcomes that the market treated as unlikely.

The FBI said it traced Spagnuolo’s Polymarket account to a cryptocurrency wallet he allegedly used to fund the account and initiate multiple transfers. Spagnuolo is also accused of sending multiple transactions through a cryptocurrency swapping service that were received by an account in his name linked to his Italian government ID card. 

Spagnuolo allegedly changed his Polymarket username to an alphanumeric wallet address in early December, after Google released its Year in Search results and multiple users on Discord and X speculated the person between the account was a Google insider.

The post Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket appeared first on CyberScoop.

Authorities arrested and unsealed charges against a Canadian man accused of running Kimwolf, one of the most far-reaching DDoS botnets on record, the Justice Department said Thursday.

Jacob Butler was arrested Wednesday in Ottawa, Canada, and awaits extradition to the United States where he is charged with aiding and abetting computer intrusions and, if convicted, faces up to 10 years in prison.

Investigators said the 23-year-old, also known as “Dort,” was a principal administrator of Kimwolf, a variant of the record-setting Aisuru DDoS botnet that spread like wildfire and eventually took over more than 2 million Android TV devices after its operators figured out how to abuse residential-proxy networks for local control.

Authorities in March seized infrastructure powering the Kimwolf, Aisuru, JackSkid and Mossad botnets, which hijacked a combined three million devices and launched more than 300,000 DDoS attacks collectively.

Kimwolf, which operated as a DDoS-for-hire service for other cybercriminals, initiated more than 25,000 attacks, resulting in network outages, disruptions and financial losses exceeding millions of dollars, officials said. Officials also said they found evidence linking Kimwolf to DDoS attacks targeting Department of Defense Information Network IP addresses.

“Kimwolf and the botnets associated with this operation have supported persistent corporate intrusion efforts and been used by a wide range of serious threat actors,” Zach Edwards, staff threat researcher at Infoblox, told CyberScoop.

Authorities searched Butler’s residence during the globally coordinated operation, but did not arrest him until Wednesday, roughly two months later. Officials filed a criminal complaint against Butler in the U.S. District Court for the District of Alaska in April, and unsealed the complaint following his arrest.

A special agent with the Defense Criminal Investigative Service confirmed Butler’s identity and involvement in the Kimwolf botnet after Butler used the same IP address to access multiple email accounts he controlled and Discord accounts linked to Kimwolf. 

“I have observed significant operational security lapses on Butler’s part resulting in patterns of overlapping IP usage among a Google account in Butler’s true name, other Google accounts that I believe to be controlled by Butler due to use of the same machine cookies, and Discord accounts which have been used in support of the KimWolf operation,” the special agent said in an affidavit. 

“The Discord accounts show patterns of overlapping IP usage with the KimWolf backend server. These IP addresses appear to be proxy or VPN IPs which were likely used by Butler in an unsuccessful attempt to evade law enforcement scrutiny. However, like many cybercriminals, Butler did not use proxy or VPN IP addresses exclusively,” the special agent added. 

Authorities described the botnet takedowns in March in nearly conclusive terms at the time, yet court records indicate the Kimwolf botnet is back in operation. 

“While today’s announcement is encouraging to see, there are still hundreds of millions of insecure IoT and network devices connected to sensitive government, corporate and home networks, and these remain a priority target for threat actors looking to build the next version of Kimwolf,” Edwards said.

“Until we find solutions to this underlying problem,” he added, “we’ll unfortunately continue to play Whac-A-Mole with botnet operators year after year.”

You can read the affidavit supporting the criminal complaint against Butler below.

The post Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada appeared first on CyberScoop.