Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      How To Prevent WordPress SQL Injection Attacks

      June 13, 2025

      This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

      June 13, 2025

      Open Talent platforms emerging to match skilled workers to needs, study finds

      June 13, 2025

      Java never goes out of style: Celebrating 30 years of the language

      June 12, 2025

      OneDrive for Mac will soon give you more flexible storage options

      June 13, 2025

      From The Editor’s Desk — new Windows Central community features, we’d like to hear from you!

      June 13, 2025

      New code strings attached to Xbox Game Pass suggests a price increase may be imminent

      June 13, 2025

      This could be the versatile laptop accessory I’ve been waiting for — Here’s why it stands out from other portable monitors

      June 13, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Worker Threads in Node.js: A Complete Guide for Multithreading in JavaScript

      June 13, 2025
      Recent

      Worker Threads in Node.js: A Complete Guide for Multithreading in JavaScript

      June 13, 2025

      Everybody’s gone lintin’

      June 13, 2025

      QAQ-QQ-AI-QUEST

      June 13, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      OneDrive for Mac will soon give you more flexible storage options

      June 13, 2025
      Recent

      OneDrive for Mac will soon give you more flexible storage options

      June 13, 2025

      From The Editor’s Desk — new Windows Central community features, we’d like to hear from you!

      June 13, 2025

      New code strings attached to Xbox Game Pass suggests a price increase may be imminent

      June 13, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Development»$17 Million Black Market Empire Crushed in Cybercrime Sting

    $17 Million Black Market Empire Crushed in Cybercrime Sting

    June 6, 2025

    BidenCash Marketplace

    The U.S. government has seized approximately 145 domains associated with the BidenCash marketplace and other criminal marketplaces, effectively dismantling one of the most notorious darknet operations for trafficking stolen credit card data and personal information. 

    Announced by the U.S. Attorney’s Office for the Eastern District of Virginia, this sweeping operation targeted both darknet and surface web domains. According to court records, the U.S. also obtained authorization to seize cryptocurrency wallets used by BidenCash to process illicit payments, further choking off the revenue stream that sustained its criminal operations. 

    BidenCash Marketplace: A Hub for Cybercrime 

    Launched in March 2022, the BidenCash marketplace quickly gained notoriety in the criminal underworld. Operating as a one-stop shop for stolen financial data, the marketplace offered credit card numbers, expiration dates, CVV codes, and even personal identification details such as names, addresses, phone numbers, and emails. For each transaction facilitated on the site, BidenCash administrators collected a fee. 

    Over time, the platform grew to serve more than 117,000 users and facilitated the trafficking of over 15 million payment card records. In just under two years, it generated over $17 million in revenue. 

    To boost their visibility and expand their user base, BidenCash operators engaged in marketing strategies more often seen in legitimate businesses, such as promotional giveaways. Between October 2022 and February 2023, they released 3.3 million stolen credit card records for free, hoping to attract more buyers to their services. 

    The BidenCash marketplace wasn’t limited to payment card data. It also offered stolen credentials to access computers, effectively enabling a range of unauthorized and potentially destructive cyber intrusions. 

    Beyond BidenCash: Ongoing Crackdown on Cybercrime Syndicates 

    This isn’t the first time federal authorities have disrupted cybercrime infrastructures. In a related case, the Department of Justice previously seized four domains tied to a crypting service—a software-based method for concealing malware from antivirus detection. These crypting and counter-antivirus (CAV) services allowed cybercriminals to deploy more advanced and undetectable malicious software, often linked to ransomware attacks. 

    According to an affidavit, undercover agents made purchases from the seized sites and traced connections to known ransomware groups operating in the U.S. and abroad, including in Houston. “Modern criminal threats require modern law enforcement solutions,” said U.S. Attorney Nicholas J. Ganjei. “This investigation struck at the infrastructure enabling cybercriminals, not just the end users.” 

    FBI Houston Special Agent in Charge Douglas Williams echoed the sentiment: “Cybercriminals don’t just create malware; they perfect it for maximum destruction.” 

    Operation Endgame: A Global Effort 

    These seizures were part of Operation Endgame, a multi-national law enforcement initiative focused on dismantling malware and cybercriminal services worldwide. On May 27, coordinated actions by U.S., Dutch, Finnish, German, French, and Danish authorities led to the takedown of several domain infrastructures supporting criminal activity. 

    The FBI Houston Field Office, along with the U.S. Secret Service and international partners, played a pivotal role in this effort. Assistant U.S. Attorneys Shirin Hakimzadeh and Rodolfo Ramirez are leading the prosecution, with AUSA Kristine Rollinson overseeing the seizures. 

    Earlier in May, another operation saw the seizure of nine DDoS-for-hire sites, commonly known as booter or stresser services. These services allow paying users to launch Distributed Denial-of-Service (DDoS) attacks, disrupting internet access for individuals, schools, government agencies, and gaming platforms. 

    The FBI and Poland’s Central Cybercrime Bureau, which arrested four site administrators, discovered that these sites had facilitated hundreds of thousands of DDoS attacks globally. While the services claimed to be for “network testing,” evidence showed they were routinely used to attack third-party systems. 

    Assistant U.S. Attorney Bill Essayli for the Central District of California stated, “Booter services facilitate cyberattacks that harm victims and compromise everyone’s ability to access the internet.” 

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleNew PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack
    Next Article Can the EU Lead the Global Digital Future? Here’s What the Strategy Says

    Related Posts

    Security

    Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

    June 14, 2025
    Security

    Grafana Alert: Medium-Severity Flaw (CVE-2025-3415) Exposes DingDing API Keys

    June 14, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    Mutual Reinforcement of LLM Dialogue Synthesis and Summarization Capabilities for Few-Shot Dialogue Summarization

    Machine Learning

    No more alt-tabbing: Edge Game Assist floats guides, Discord, and more over your games

    News & Updates

    CVE-2025-4152 – PHPGurukul Online Birth Certificate System SQL Injection Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    Novità nel kernel Linux: rimozione del supporto per i486 e i primi Pentium

    Linux

    Highlights

    CVE-2025-47651 – Infility Global SQL Injection

    June 9, 2025

    CVE ID : CVE-2025-47651

    Published : June 9, 2025, 4:15 p.m. | 5 hours, 14 minutes ago

    Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Infility Infility Global allows SQL Injection. This issue affects Infility Global: from n/a through 2.12.4.

    Severity: 8.5 | HIGH

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Critical Linux Kernel Vulnerability Exposes Systems to Privilege Escalation Attacks

    April 29, 2025

    Microsoft’s new AI skills are coming to Copilot+ PCs – including some for all Windows 11 users

    May 6, 2025

    How to get Google’s new Pixel 9a for free

    April 11, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.