The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by the productRemovalUpdate.php script. The token (key POST param) needs to be set to 159 to trigger the command execution.

Title: ABB Cylon Aspect 3.08.03 (productRemovalUpdate.php) Remote Code Execution  
Advisory ID: ZSL-2025-5945  
Type: Local/Remote  
Impact: System Access, DoS  
Risk: (5/5)  
Release Date: 22.05.2025

**Summary**

ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices.

**Description**

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by the productRemovalUpdate.php script. The token (key POST param) needs to be set to 159 to trigger the command execution.

**Vendor**

ABB Ltd. - https://www.global.abb

**Affected Version**

NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
Firmware: <=3.08.03

**Tested On**

GNU/Linux 3.15.10 (armv7l)  
GNU/Linux 3.10.0 (x86\_64)  
GNU/Linux 2.6.32 (x86\_64)  
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
PHP/7.3.11  
PHP/5.6.30  
PHP/5.4.16  
PHP/4.4.8  
PHP/5.3.3  
AspectFT Automation Application Server  
lighttpd/1.4.32  
lighttpd/1.4.18  
Apache/2.2.15 (CentOS)  
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86\_64)  
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)  
ErgoTech MIX Deployment Server 2.0.0

**Vendor Status**

\[21.04.2024\] Vulnerability discovered.  
\[22.04.2024\] Vendor contacted.  
\[22.04.2024\] Vendor responds.  
\[02.05.2024\] Working with the vendor.  
\[21.05.2025\] No response from the vendor.  
\[22.05.2025\] Public security advisory released.

**PoC**

abb\_aspect\_rce25.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <\[email protected\]\>

**References**

\[1\] https://packetstorm.news/files/id/194974/

**Changelog**

\[22.05.2025\] - Initial release  
\[26.05.2025\] - Added reference \[1\]

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: \[email protected\]

ABB Cylon Aspect 3.08.03 (productRemovalUpdate.php) Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by the logMixDownload.php script and dependant on SELECTED=ALL case.

Title: ABB Cylon Aspect 3.08.03 (logMixDownload.php) Remote Code Execution  
Advisory ID: ZSL-2025-5946  
Type: Local/Remote  
Impact: System Access, DoS  
Risk: (5/5)  
Release Date: 22.05.2025

**Summary**

ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices.

**Description**

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by the logMixDownload.php script and dependant on SELECTED=ALL case.

**Vendor**

ABB Ltd. - https://www.global.abb

**Affected Version**

NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
Firmware: <=3.08.03

**Tested On**

GNU/Linux 3.15.10 (armv7l)  
GNU/Linux 3.10.0 (x86\_64)  
GNU/Linux 2.6.32 (x86\_64)  
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
PHP/7.3.11  
PHP/5.6.30  
PHP/5.4.16  
PHP/4.4.8  
PHP/5.3.3  
AspectFT Automation Application Server  
lighttpd/1.4.32  
lighttpd/1.4.18  
Apache/2.2.15 (CentOS)  
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86\_64)  
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)  
ErgoTech MIX Deployment Server 2.0.0

**Vendor Status**

\[21.04.2024\] Vulnerability discovered.  
\[22.04.2024\] Vendor contacted.  
\[22.04.2024\] Vendor responds.  
\[02.05.2024\] Working with the vendor.  
\[21.05.2025\] No response from the vendor.  
\[22.05.2025\] Public security advisory released.

**PoC**

abb\_aspect\_rce26.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <\[email protected\]\>

**References**

\[1\] https://packetstorm.news/files/id/194975/

**Changelog**

\[22.05.2025\] - Initial release  
\[26.05.2025\] - Added reference \[1\]

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: \[email protected\]

ABB Cylon Aspect 3.08.03 (logMixDownload.php) Remote Code Execution

The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware.

The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling **DanaBot**, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The **FBI** says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware.

DanaBot’s features, as promoted on its support site. Image: welivesecurity.com.

Initially spotted in May 2018 by researchers at the email security firm **Proofpoint**, DanaBot is a malware-as-a-service platform that specializes in credential theft and banking fraud.

Today, the **U.S. Department of Justice** unsealed a criminal complaint and indictment from 2022, which said the FBI identified at least 40 affiliates who were paying between $3,000 and $4,000 a month for access to the information stealer platform.

The government says the malware infected more than 300,000 systems globally, causing estimated losses of more than $50 million. The ringleaders of the DanaBot conspiracy are named as **Aleksandr Stepanov**, 39, a.k.a. “**JimmBee**,” and **Artem Aleksandrovich Kalinkin**, 34, a.k.a. “**Onix**”, both of Novosibirsk, Russia. Kalinkin is an IT engineer for the Russian state-owned energy giant **Gazprom**. His Facebook profile name is “Maffiozi.”

According to the FBI, there were at least two major versions of DanaBot; the first was sold between 2018 and June 2020, when the malware stopped being offered on Russian cybercrime forums. The government alleges that the second version of DanaBot — emerging in January 2021 — was provided to co-conspirators for use in targeting military, diplomatic and non-governmental organization computers in several countries, including the United States, Belarus, the United Kingdom, Germany, and Russia.

“Unindicted co-conspirators would use the Espionage Variant to compromise computers around the world and steal sensitive diplomatic communications, credentials, and other data from these targeted victims,” reads a grand jury indictment dated Sept. 20, 2022. “This stolen data included financial transactions by diplomatic staff, correspondence concerning day-to-day diplomatic activity, as well as summaries of a particular country’s interactions with the United States.”

The indictment says the FBI in 2022 seized servers used by the DanaBot authors to control their malware, as well as the servers that stored stolen victim data. The government said the server data also show numerous instances in which the DanaBot defendants infected their own PCs, resulting in their credential data being uploaded to stolen data repositories that were seized by the feds.

“In some cases, such self-infections appeared to be deliberately done in order to test, analyze, or improve the malware,” the criminal complaint reads. “In other cases, the infections seemed to be inadvertent – one of the hazards of committing cybercrime is that criminals will sometimes infect themselves with their own malware by mistake.”

Image: welivesecurity.com

A statement from the DOJ says that as part of today’s operation, agents with the **Defense Criminal Investigative Service** (DCIS) seized the DanaBot control servers, including dozens of virtual servers hosted in the United States. The government says it is now working with industry partners to notify DanaBot victims and help remediate infections. The statement credits a number of security firms with providing assistance to the government, including **ESET**, **Flashpoint**, **Google**, **Intel 471**, **Lumen**, **PayPal**, **Proofpoint**, **Team CYMRU**, and **ZScaler**.

It’s not unheard of for financially-oriented malicious software to be repurposed for espionage. A variant of the **ZeuS Trojan**, which was used in countless online banking attacks against companies in the United States and Europe between 2007 and at least 2015, was for a time diverted to espionage tasks by its author.

As detailed in this 2015 story, the author of the ZeuS trojan created a custom version of the malware to serve purely as a spying machine, which scoured infected systems in Ukraine for specific keywords in emails and documents that would likely only be found in classified documents.

The public charging of the 16 DanaBot defendants comes a day after **Microsoft** joined a slew of tech companies in disrupting the IT infrastructure for another malware-as-a-service offering — Lumma Stealer, which is likewise offered to affiliates under tiered subscription prices ranging from $250 to $1,000 per month. Separately, Microsoft filed a civil lawsuit to seize control over 2,300 domain names used by Lumma Stealer and its affiliates.

Further reading:

Danabot: Analyzing a Fallen Empire

ZScaler blog: DanaBot Launches DDoS Attack Against the Ukrainian Ministry of Defense

Flashpoint: Operation Endgame DanaBot Malware

Team CYMRU: Inside DanaBot’s Infrastructure: In Support of Operation Endgame II

March 2022 criminal complaint v. Artem Aleksandrovich Kalinkin

September 2022 grand jury indictment naming the 16 defendants

Oops: DanaBot Malware Devs Infected Their Own PCs

A new US indictment against a group of Russian nationals offers a clear example of how, authorities say, a single malware operation can enable both criminal and state-sponsored hacking.

The hacker ecosystem in Russia, more than perhaps anywhere else in the world, has long blurred the lines between cybercrime, state-sponsored cyberwarfare, and espionage. Now an indictment of a group of Russian nationals and the takedown of their sprawling botnet offers the clearest example in years of how a single malware operation allegedly enabled hacking operations as varied as ransomware, wartime cyberattacks in Ukraine, and spying against foreign governments.

The US Department of Justice today announced criminal charges today against 16 individuals law enforcement authorities have linked to a malware operation known as DanaBot, which according to a complaint infected at least 300,000 machines around the world. The DOJ’s announcement of the charges describes the group as “Russia-based,” and names two of the suspects, Aleksandr Stepanov and Artem Aleksandrovich Kalinkin, as living in Novosibirsk, Russia. Five other suspects are named in the indictment, while another nine are identified only by their pseudonyms. In addition to those charges, the Justice Department says the Defense Criminal Investigative Service (DCIS)—a criminal investigation arm of the Department of Defense—carried out seizures of DanaBot infrastructure around the world, including in the US.

Aside from alleging how DanaBot was used in for-profit criminal hacking, the indictment also makes a rarer claim—it describes how a second variant of the malware it says was used in espionage against military, government, and NGO targets. “Pervasive malware like DanaBot harms hundreds of thousands of victims around the world, including sensitive military, diplomatic, and government entities, and causes many millions of dollars in losses,” US attorney Bill Essayli wrote in a statement.

Since 2018, DanaBot—described in the criminal complaint as “incredibly invasive malware”—has infected millions of computers around the world, initially as a banking trojan designed to steal directly from those PCs' owners with modular features designed for credit card and cryptocurrency theft. Because its creators allegedly sold it in an “affiliate” model that made it available to other hacker groups for $3,000 to $4,000 a month, however, it was soon used as a tool to install different forms of malware in a broad array of operations, including ransomware. Its targets, too, quickly spread from initial victims in Ukraine, Poland, Italy, Germany, Austria, and Australia to US and Canadian financial institutions, according to an analysis of the operation by cybersecurity firm Crowdstrike.

At one point in 2021, according to Crowdstrike, Danabot was used in a software supply-chain attack that hid the malware in a javascript coding tool called NPM with millions of weekly downloads. Crowdstrike found victims of that compromised tool across the financial service, transportation, technology, and media industries.

That scale and the wide variety of its criminal uses made DanaBot “a juggernaut of the e-crime landscape,” according to Selena Larson, a staff threat researcher at cybersecurity firm Proofpoint.

More uniquely, though, DanaBot has also been used at times for hacking campaigns that appear to be state-sponsored or linked to Russian government agency interests. In 2019 and 2020, it was used to target a handful of Western government officials in apparent espionage operations, according to the DOJ's indictment. According to Proofpoint, the malware in those instances was delivered in phishing messages that impersonated the Organization for Security and Cooperation in Europe and a Kazakhstan government entity.

Then, in the early weeks of Russia's full-scale invasion of Ukraine, which began in February 2022, DanaBot was used to install a distributed denial-of-service (DDoS) tool onto infected machines and launch attacks against the webmail server of the Ukrainian Ministry of Defense and National Security and Defense Council of Ukraine.

All of that makes DanaBot a particularly clear example of how cybercriminal malware has allegedly been adopted by Russian state hackers, Proofpoint's Larson says. “There have been a lot of suggestions historically of cybercriminal operators palling around with Russian government entities, but there hasn't been a lot of public reporting on these increasingly blurred lines,” says Larson. The case of DanaBot, she says, “is pretty notable, because it's public evidence of this overlap where we see e-crime tooling used for espionage purposes.”

In the criminal complaint, DCIS investigator Elliott Peterson—a former FBI agent known for his work on the investigation into the creators of the Mirai botnet—alleges that some members of the DanaBot operation were identified after they infected their own computers with the malware. Those infections may have been for the purposes of testing the trojan, or may have been accidental, according to Peterson. Either way, they resulted in identifying information about the alleged hackers ending up on DanaBot infrastructure that DCIS later seized. “The inadvertent infections often resulted in sensitive and compromising data being stolen from the actor's computer by the malware and stored on DanaBot servers, including data that helped identify members of the DanaBot organization,” Peterson writes.

The operators of DanaBot remain at large, but the takedown of a large-scale tool in so many forms of Russian-origin hacking—both state-sponsored and criminal—represents a significant milestone, says Adam Meyers, who leads threat intelligence research at Crowdstrike.

“Every time you disrupt a multiyear operation, you're impacting their ability to monetize it. It also creates a bit of a vacuum, and somebody else is going to step up and take that place,” Meyers says. “But the more we can disrupt them, the more we keep them on their back heels. We should rinse and repeat and go find the next target.”

Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying

On today’s episode of ‘Uncanny Valley,’ we discuss how WIRED was able to legally 3D-print the same gun allegedly used by Luigi Mangione, and where US law stands on the technology.

WIRED senior writer Andy Greenberg has been reporting on ghost guns for more than a decade. He first used a 3D printer to assemble a gun in 2015, and he says that today’s process is not only faster but cheaper. We talk to Andy about how he legally printed the same gun Luigi Mangione allegedly used in the alleged killing of the United Healthcare CEO last year, and whether US law is keeping up with the technology of 3D-printed guns.

You can follow Zoë Schiffer on Bluesky at @zoeschiffer and Andy Greenberg on Bluesky at ‪@agreenberg. Write to us at uncannyvalley@wired.com.

**Articles mentioned in this episode:**

*   We Made Luigi Mangione’s 3D-Printed Gun—and Fired It
*   Bluesky Is Plotting a Total Takeover of the Social Internet
*   The Delirious, Violent, Impossible True Story of the Zizians

**How to Listen**

You can always listen to this week's podcast through the audio player on this page, but if you want to subscribe for free to get every episode, here's how:

If you're on an iPhone or iPad, open the app called Podcasts, or just tap this link. You can also download an app like Overcast or Pocket Casts and search for “Uncanny Valley.” We’re on Spotify too.

**Transcript**

_Note: This is an automated transcript, which may contain errors._

**Zoë Schiffer:** This is Zoë. Before we start, I want to take a chance to remind you that we really want to hear from you. If you have a tech-related question that's been on your mind or a topic that you wish we'd cover in the show, write to us at uncannyvalley@wired.com. If you listen and enjoy the episodes, please, please rate it and leave a review on your podcast app of choice. It honestly does help other people find us.

Welcome to WIRED's _Uncanny Valley_. I'm WIRED director of business and industry Zoë Schiffer. Today on the show, WIRED built and tested a 3D-printed pistol, the exact same model of the gun that Luigi Mangione allegedly used in the brutal killing of a health care CEO last year. Untraceable and often built entirely in private, those guns remain legal in some parts of the country due in part to a loophole in the US federal gun control laws. Today we hear about the process of creating a ghost gun, how those laws have evolved over time, and what future regulations may come. I'm joined today by Andy Greenberg, a senior writer at WIRED.

Andy, welcome to the show.

**Andy Greenberg:** Glad to be here. Thanks.

**Zoë Schiffer:** Andy, you've been reporting on ghost guns for a long time, and you started out this story with a question. Has the law in the United States actually caught up with the technology? I guess I wanted to start by asking you that same question. Has it?

**Andy Greenberg:** Well, the short answer is no. Even as the technology to make these so-called ghost guns and in particular 3D-printed guns has gotten more powerful, more practical, far, far, cheaper, the law has really lagged behind. It's opened up this space between the technology and the law that has allowed people to make their own guns at home in total privacy and anonymity more easily than ever.

**Zoë Schiffer:** I remember you saying that the first guns took hours and hours and hours. Now they still take half a day, but it's a lot less time.

**Andy Greenberg:** It's definitely faster. I printed two gun frames in 13 hours for this experiment.

**Zoë Schiffer:** Wow.

**Andy Greenberg:** That's probably just a little bit faster than it was 10 years ago, when I first … I should say 10 years ago, I made an AR-15 ghost gun in WIRED's San Francisco office.

**Zoë Schiffer:** Oh my gosh.

**Andy Greenberg:** Three different ways. One of those ways was trying to 3D-print the body of the gun known as the lower receiver of an AR-15. For the Glock-style pistol that Luigi Mangione allegedly used, it's called the frame. I was able to compare how this technology has changed and how well it works to make a gun back then in 2015 and then now. Yes, it's faster, but it's also just much better. And 3D printers are much, much cheaper.

That's perhaps the biggest thing of all. The 3D printer that I used back in 2015 to make the body of an AR-15 cost almost $3,000 alone. The entire ingredient list for my experiments in making allegedly Luigi Mangione's ghost gun was $1,144 or so, plus shipping.

**Zoë Schiffer:** Wow.

**Andy Greenberg:** That includes the cost of the printer, which was about $650. That's an enormous drop in price that has made this much more accessible to people, and just a much more practical way to try to obtain one of these guns in a fashion that completely circumvents all US gun control.

**Zoë Schiffer:** Right, completely. Before we go further on, I think it would be helpful if you explain for the audience what exactly is a ghost gun. What is the loophole that allows these guns to be made?

**Andy Greenberg:** Well, a ghost gun is this term that was originally used by gun control advocates, but now has actually been picked up by a lot of gun proponents as well. It basically means a gun that is homemade that has no serial number, and therefore is not registered with any government agency. You don't have to get a background check or show anyone ID. No gun control of any kind to obtain it. In that sense, it's a ghost.

The notion really is that you make just the parts of the gun that are regulated under US law, and then you can buy the rest of it off the internet or from stores, or whatever. And assemble it at home.

**Zoë Schiffer:** Right, yeah. Now we see why it's called a loophole. That's a pretty serious one. I want to actually go off-script, because I'm curious how you approached the story. But honestly, when I was reading it, I was like, “How the hell did Andy convince our lawyers to let him build not one, but multiple guns in the WIRED office?” I want to know how those initial conversations actually went.

**Andy Greenberg:** Well, the trick was in 2015 that I didn't ask anybody.

**Zoë Schiffer:** Oh, right.

**Andy Greenberg:** I just did it.

**Zoë Schiffer:** Right, right, right.

**Andy Greenberg:** In 2025, that turns out to be a lot harder, and we had to ask a lot of lawyers. We had to have an armorer on set, and a medic, and a special firearms specialist lawyer vet this. Then of course, I spoke to lawyers for the piece as well to make sure that what we were doing was legal. And also, to sketch out US gun control in 2025 and this gaping hole in it for homemade guns.

**Zoë Schiffer:** One of the things we're talking about is what you just mentioned, what has changed since you first started covering the space. You mentioned that the first time you built a 3D-printed gun, you did it in the WIRED office in San Francisco. This time, you actually went to Louisiana. Can you tell me about why that was important? What has changed on the regulatory side?

**Andy Greenberg:** Well, on some level, US law is trying to catch up with this problem, really at the state level mostly. 3D-printing a gun in New York is illegal unless you obtain a serial number for it. That's the same now in California too. My experiment in San Francisco would now be totally illegal. That's the case in 15 US states, that there are some laws around ghost guns.

In fact, there was a ban under Biden from the Bureau of Alcohol, Tobacco, and Firearms on ghost gun kits. These premade kits that allow anybody to finish a Glock-style frame or an AR-15 lower receiver from a plastic, or polymer, or even metal part with just a few tools in a matter of minutes. Those kits are not illegal according to the ATF. There was a Supreme Court ruling just in March upholding that ban.

Part of what I was trying to find out here is, despite a Supreme Court ruling, what's seen as a big crackdown on ghost guns, is this still possible to do legally with a 3D printer? And it is. The Supreme Court ruling basically said you can't sell parts that are readily convertible into a ghost gun, but it didn't say anything about creating one out of thin air and some plastic filaments out of empty space, which is really what a 3D printer does. What we did in Louisiana, where there is no state law around this, remains a wide-open loophole in the law, if you can call it that.

If you 3D-print a frame of a Glock-style pistol, then you can buy the rest of the parts off the internet and assemble it, and you have a gun that is a ghost gun. An anonymous, fully private, lethal weapon.

**Zoë Schiffer:** When we get back, we'll get into the details of how Andy actually made and assembled the ghost gun. But for now, we have to go to break.

\[_break_\]

**Zoë Schiffer**:Welcome back to _Uncanny Valley_. Okay, Andy, I want to get into the gun assembly process. Talk to me about the point from printing, to ordering the parts, to actually putting it together.

**Andy Greenberg:** The printing is definitely the easiest part in 2025. You really can download these files, these CAD files for gun frames from a bunch of different open source websites run by basically opponents of gun control. Then put them into some software and click print, and 13 hours later, in this case I had two perfect Glock-style frames. It was really remarkable how powerful the 3D printer, and cheap it was, that I was using.

The assembly is a lot trickier. That is as hard as ever. It's like assembling a very small piece of Ikea furniture. There's a lot of hammering little pins into place, and assembling the trigger mechanism, and it all has to fit into this small cavity inside of the frame. It took me more than an hour to do, and I was being guided in this process by a 3D-printed-gun aficionado. He calls himself Print, Shoot, Repeat, who was really helpful and patient about it. But I think that for people who know what they're doing, this takes 15 or 20 minutes—

**Zoë Schiffer:** Wow.

**Andy Greenberg:** —to assemble, once you have some practice at it.

**Zoë Schiffer:** OK. Then you shot the gun. What happened? How were you feeling at that moment at the gun range?

**Andy Greenberg:** Well, before I even shot it, there is this incredible moment when you're building a gun. It feels like this interesting, a little technical process, like making a model airplane or something. Then all of a sudden, I'm getting this slide onto the frame and then it clicks into place. Then you see for the first time that you actually have a gun in your hands, that it's a lethal weapon. The way that you have to treat a gun in your hands is so different from a collection of gun parts. Suddenly, it's this lethal weapon, you have to be careful where you point it. It's a really dramatic moment. It was for me, anyway.

**Zoë Schiffer:** There was that final part in the assembly where you put on a silencer, like allegedly Luigi Mangione had on his gun, right?

**Andy Greenberg:** Right. Luigi Mangione, in his backpack allegedly had a 3D-printed silencer too, which is a very new phenomenon, even in the 3D-printed gun world. We built that too. We 3D-printed a silencer. That actually is one part that's different. It's a felony for me to 3D-print a suppressor, a silencer as it's known. We did have an actual licensed gunsmith, the owner of the range that we were about to test that, who pushed print in that case and helped us to build that silencer. When Luigi Mangione allegedly did that, he would have been breaking the law. I would have been too, if not for having a gunsmith on-hand to help us out.

**Zoë Schiffer:** Then it started to jam a little bit. Or I don't know the correct term, but it did malfunction, right?

**Andy Greenberg:** Yeah, it did jam and it misfired several times. We reloaded it and I fired it a bunch more times. It would fire, and then misfire, and fire, and misfire. We did a bunch of troubleshooting, but ultimately we did get it working as a full semi-automatic handgun that could really empty a whole magazine worth of rounds.

**Zoë Schiffer:** You also pointed out that Brian Thompson's alleged killer—their gun also malfunctioned. It looked like, from the videos, that they had practiced a fair amount because they were totally unperturbed by the experience that you had, where the gun jammed, and then you had to troubleshoot, and then keep going.

**Andy Greenberg:** Right. Once we had gotten the gun working as a real semi-automatic, then we put the silencer on, our 3D-printed silencer. The silencer, based on the way that it attaches to the muzzle, it does actually prevent the slide from getting its full range of motion. It no longer actually worked as a true semi-automatic weapon. I had to, every time I pulled the trigger, pull back the slide, rack the gun as they say, which ejects a casing and pushes a new round into the chamber, ready to be fired. You have to manually rack it each time.

But when I looked at the surveillance video of allegedly Luigi Mangione killing Brian Thompson, or whoever that was in that video, you can see that they do exactly that. They pull back the slide with every shot. In fact, they seem to be fully prepared to do that. They don't hesitate at all. It was this eerie feeling of realizing that we had arrived at exactly the place where Brian Thompson's killer did. It was this very unnerving feeling of realizing that I was carrying out exactly the same process, I was going through exactly the same sensations of recoil, and racking, and firing again that I was seeing in this actual murder video.

**Zoë Schiffer:** Talk to me about what proponents of ghost guns say. Why are they for this untraceable and potentially really dangerous technology?

**Andy Greenberg:** I think there's a whole range of people who are interested in ghost guns and 3D-printed guns. Cody Wilson, the creator of the first fully 3D-printed gun, I was there in 2013 when he fired for the first time the Liberator, this fully plastic, fully 3D-printed one-shot pistol. He wants to destroy the state. He's a full-on radical Libertarian who believes that actually making gun control impossible, but demonstrating that it is fundamentally impossible. He can use that as a lever to show that “all government is impossible.”

But then you talk to somebody like Print, Shoot, Repeat, who was the one who helped us out in this experiment. He's also a real advocate for 3D-printed guns. But he told me, “I like this because I like the idea of being able to make my own guns at home. You can experiment with the process, and build guns that are not commercially available, and do it with full anonymity and privacy.” I did ask him, “Doesn't that also pose a real risk? Doesn't the ability for anybody essentially to make a gun at home with anonymity and privacy mean that they can use it to commit a crime?” He, like a lot of gun advocates I think in general, his answer was, “Well, freedom is dangerous,” and that's the American way, essentially.

**Zoë Schiffer:** I was really struck by that in your work. That it really felt like their POV was the occasional outburst of violence is the cost of freedom in this country, which is a very different way of seeing the world. My last question is just where do you think this is all heading? What does 3D printing and the way the technology has developed since you first started covering this space tell us about our ability to regulate guns in the United States?

**Andy Greenberg:** Well, it's just definitely clear that the law in this country is not keeping up with technology on this issue. That's a running theme probably of this podcast and everything we do at WIRED. But it's very visible. I feel like this is almost a parable about the ways that technology runs ahead of the law, especially in this country. And especially in a country where people love to defy the law and break the law. This is one example where Americans, it's the American way to try to have more guns than even our very meager gun control laws would allow us.

For me, as someone who's covered 3D-printed guns since 2012, it just strikes me that this topic caught up and even ran ahead of me in my reporting. I used to think of this as some future threat that I was describing in this science fictional way. Now it's definitely a present threat. In fact, it took me by surprise in December 2024, when a 3D-printed gun was used allegedly in this massively high-profile murder. I don't know. It's a future shock, as Alvin Toffler would call it. Where it's like, “Wow, we are in that future now.” This is a particularly scary one.

**Zoë Schiffer:** We're going to take a quick break. When we come back, we'll share our recommendations for what to read on Wired.com this week.

\[_break_\]

**Zoë Schiffer:** Welcome back to _Uncanny Valley_. I'm Zoë Schiffer, WIRED's director of business and industry. I'm joined today by WIRED senior writer Andy Greenberg. Before we take off, Andy, tell our listeners what they need to read on Wired.com today.

**Andy Greenberg:** Well, this ghost gun story is part of the Rogue's package as we're calling it, all about people on the edge of the law and breaking the law in interesting ways. There's another story in that package that I thought was incredible, written by my colleague Evan Ratliff. It's about the Zizians, this group that went in an extremely irrational direction—became actually this violent militant group. It's a remarkable piece about their evolution and how they came to do truly horrifying criminal things.

There's also this idea in the piece that has just haunted me in the weeks since I read it. It's called Roko's basilisk. It's something that rationalists and AI people talk about. Which is this notion that, if there is going to be a superintelligent AI in the future, it might punish people who were aware that it could be created and didn't work to create it.

**Zoë Schiffer:** That's just so weird and scary.

**Andy Greenberg:** It just really bothers me that there's this idea that's so dangerous you can't even think about it.

But I would also say that I have a piece in this Rogue's package also coming out tomorrow that I've been working on for about a year and a half, about at one point the dark web's biggest dealer in DMT, this incredibly potent psychedelic that he made in secret labs across the western half of the US. I hope you'll check that out, too.

**Zoë Schiffer:** I am very excited for that one. DMT is a big topic of discussion in California these days.

I have another recommendation. I feel like the topic of this podcast has been very, at least to me, and I understand I have my own biases here, a bleak vision of the future. But we also have this interview that our fantastic reporter Kate Knibbs did with Jay Graber, the head of Bluesky. She lays out a vision of the future of the social web that I actually found extremely uplifting.

I thought it was interesting, because Jay uses a lot of the language that you hear from the cutting-edge tech VCs and executives, but she does it in a way that feels completely different from the future that these other people and a lot of the men lay out. I really found her words compelling, and I think everyone should read it.

That's our show for today. We'll link to all the stories we spoke about in the show notes. Make sure to check out Thursday's episode of _Uncanny Valley_, which is about AI in schools and a big question we're having. Is using this technology cheating?

Kyana Moghadam and Adriana Tapia produced this episode. Greg Obis mixed this episode. Pran Bandi was our New York studio engineer. Jordan Bell is our executive producer. Conde Nast's head of global audio is Chris Bannon. Katie Drummond is WIRED's global editorial director.

Why 3D-Printing an Untraceable Ghost Gun Is Easier Than Ever

Global crackdown: Operation RapTor leads to 270 arrests, millions seized as law enforcement targets dark web drug, weapon, and crypto vendors.

In one of the largest global law enforcement actions against dark web crime to date, authorities from ten countries have arrested 270 individuals involved in drug trafficking, weapons sales, and the distribution of counterfeit goods online. The operation has been dubbed Operation RapTor.

Coordinated by Europol and the U.S. Department of Justice’s JCODE task force, the operation followed months of intelligence gathering after the takedowns of several dark web marketplaces: Nemesis, Incognito, Tor2Door, Bohemia, and Kingdom Market. These takedowns gave investigators access to key infrastructure and transaction data, which they used to identify vendors and buyers across the globe.

****A Multi-Continent Crackdown****

The arrests span the United States (130), Germany (42), the United Kingdom (37), France (29), South Korea (19) and several other nations. Authorities also confiscated over €184 million ($200 million) in cash and cryptocurrency, more than 2 metric tons of drugs, 144 kilograms of fentanyl, over 180 firearms, and thousands of counterfeit and illicit products.

Machines used by drug traffickers to produce fake prescription pills (Seized now) Via US DOJ

According to Europol and the DOJ, the scope of the operation reflects the evolving nature of cybercrime, where illegal activity often mirrors legitimate e-commerce in form but thrives in secrecy and deception. Many of those arrested had conducted thousands of sales, using crypto and encryption tools to evade detection.

****Dark Web Isn’t Invisible Anymore****

“This historic international seizure of firearms, deadly drugs, and illegal funds will save lives,” said Attorney General Pam Bondi. “Criminals cannot hide behind computer screens or seek refuge on the dark web.”

The operation also marks a major step forward in dismantling supply chains responsible for fentanyl-laced pills, a growing threat in the opioid crisis. Several US-based vendors convicted as part of related investigations were directly linked to fatal overdoses, including a trafficking ring that distributed over 120,000 fentanyl-laced pills nationwide.

****Targeting Infrastructure and Crypto****

A notable element of Operation RapTor is its focus not just on sellers but also on the marketplace infrastructure itself. The seizure of Nemesis Market, in particular, played a pivotal role. The market’s alleged operator, Behrouz Parsarad, an Iranian national, was sanctioned and indicted on drug trafficking charges.

The IRS Criminal Investigation Division noted that crypto forensics played a central role in tracing illicit transactions. “No digital wallet can hide you from facing justice,” said DEA Acting Administrator Robert Murphy.

****Changing Tactics of Dark Web Operators****

Law enforcement agencies are observing a shift in how dark web vendors operate. As major marketplaces go offline, criminals are increasingly turning to single-vendor shops, smaller, standalone sites that reduce exposure.

While this decentralization makes investigations more fragmented, the Operation RapTor results show that targeted surveillance and intelligence sharing can still yield high-impact outcomes.

The international partnerships powering the operation included not only Europol but also agencies from Austria, Brazil, France, Germany, the Netherlands, South Korea, Spain, Switzerland, and the United Kingdom, along with U.S. federal agencies like the FBI, DEA, FDA OCI, HSI, and IRS-CI.

Europol’s Head of Cybercrime Edvardas Šileris stressed that this operation is not the finish line but the launchpad for deeper investigations. “Operation RapTor shows that the dark web is not beyond the reach of law enforcement and Europol will continue working with our partners to make the internet safer for everyone,” he said in a press release.

Operation RapTor: 270 Arrested in Global Crackdown on Dark Web Vendors

Ever tried resizing an image only to end up with a blurry, pixelated mess? Whether you’re adjusting a…

Ever tried resizing an image only to end up with a blurry, pixelated mess? Whether you’re adjusting a photo for a website, social media, or an email campaign, keeping your images sharp and professional is essential.

But if you’ve worked with JPEG files, you’ve probably noticed how resizing can significantly impact quality. That’s where Pippit AI comes in, a powerful AI-driven tool that helps resize images while preserving their clarity.

JPEG remains one of the most commonly used image formats due to its balance of quality and file size. However, it’s also a lossy format, meaning that every time you modify it, some image data gets discarded.

This is why resizing JPEGs can result in lower-quality images. But don’t worry, there are ways to minimize quality loss and ensure your resized images look crisp and professional. Let’s explore why resizing affects JPEGs and how you can avoid common pitfalls.

****Why Does Resizing JPEG Affect Quality?****

Resizing an image might seem like a simple task, but when it comes to JPEGs, it’s a bit more complicated. Unlike vector graphics, which remain sharp at any size, JPEGs rely on pixel data, making them vulnerable to distortion when resized. Let’s break down the key reasons why quality drops when modifying a JPEG.

****Compression Artefacts: The Cause of Pixelation and Blurriness****

JPEG compression works by simplifying image data, removing subtle color variations, and grouping similar pixels. While this reduces file size, it also introduces compression artefacts, and visual distortions such as pixelation, blurring, and color banding. When a JPEG is resized, these artefacts become more pronounced, making the image look low-quality or “muddy.”

For example, if you shrink a high-resolution JPEG to a small size and then enlarge it again, you’ll notice a significant drop in clarity. This happens because JPEG compression has already removed key details, and stretching the image back only amplifies the missing information.

****Lossy Compression Explained: Why JPEG Loses Data with Every Resize****

JPEG uses a lossy compression algorithm, meaning that each time a file is saved or resized, some image data is permanently lost. Unlike PNG or TIFF files, which preserve quality through lossless compression, JPEG reduces file size by discarding unnecessary details.

Imagine making a photocopy of a photocopy, the more copies you make, the worse the quality gets. This is exactly what happens when you repeatedly resize a JPEG. Each adjustment results in slight quality degradation, leading to a loss of sharpness and color accuracy over time.

****Resizing vs. Scaling: The Key Difference****

Many people use the terms resizing and scaling interchangeably, but they are not the same. Resizing changes the image’s pixel dimensions (e.g., reducing a 2000×1500 image to 1000×750 pixels), which can lead to a loss of detail if not done correctly.

Scaling maintains the aspect ratio while adjusting the image’s size, preserving more of the original details. When resizing a JPEG, it’s important to maintain the correct aspect ratio and avoid excessive downscaling, which can make the image look stretched or distorted.

****Repeated Resizing: Why It Makes Things Worse****

Every time you resize a JPEG, it undergoes another round of compression. If you resize an image multiple times, shrinking, enlarging, and then resizing again, you’ll notice a compounding effect of quality loss.

To prevent this, always work with the original high-resolution image and resize it only once to the required dimensions. If you need to make multiple adjustments, use a tool designed to minimize compression loss.

****How to Resize JPEG Images Without Losing Quality****

Now that we know why JPEGs lose quality when resized let’s discuss how to prevent it. By following these best practices, you can maintain sharp, high-quality images even after resizing.

****Use High-Quality Source Images****

The golden rule of image resizing: start with the highest resolution possible. A larger, high-quality image retains more details, making it easier to resize without noticeable degradation. If you begin with a low-resolution JPEG, any resizing will amplify quality issues.

****Choose the Right Tool for the Job****

Not all resizing tools are created equal. Basic image editors may simply stretch or shrink an image without accounting for quality loss. That’s why using an AI-powered resizer, like the resize of JPEG tool from Pippit AI, makes a difference. AI algorithms intelligently enhance images while resizing, preserving sharpness and reducing compression artefacts.

****Resize in Small Increments****

If you need to significantly change an image’s size, avoid drastic one-step resizing. Instead of shrinking an image from 3000px to 500px in one go, resize it in smaller steps to help maintain clarity. This approach prevents excessive pixelation and preserves details.

****Use Proper Resampling Methods****

Resampling determines how pixels are adjusted when resizing an image. Standard resizing methods can blur details, but advanced resampling techniques like Bicubic and Lanczos interpolation help maintain crisp edges and smooth gradients. AI-based tools automatically apply the best resampling method, ensuring top-quality results.

****Introducing Pippit AI: A Smart Solution for Resizing JPEGs****

Resizing images doesn’t have to be a frustrating process. Pippit AI simplifies it by using AI to enhance images while resizing, ensuring minimal loss of quality. Unlike traditional tools, which often produce blurry or pixelated results, Pippit AI’s innovative resizing features ensure sharp, professional-looking images every time.

****What Makes Pippit AI Stand Out?****

*   **AI-Powered Resizing:** Automatically optimizes images for the best quality.

*   **No Manual Adjustments Needed:** Ensures perfect clarity with smart resampling.

*   **Multi-Platform Compatibility:** Resize images for websites, social media, and digital ads effortlessly.

****3 Easy Steps to Resize a JPEG Using Pippit AI****

Resizing images with Pippit AI is a quick, three-step process:

****Step 1: Upload Your Image****

Drag and drop your JPEG or select it from your files. The tool supports high-resolution images and automatically analyzes them for the best resizing approach.

****Step 2: Adjust Size with AI-Powered Controls****

Enter the desired dimensions, and the AI ensures the best balance between file size and quality. It automatically enhances sharpness and reduces artefacts, making the image look professional.

****Step 3: Export to High Quality****

Once resized, download your JPEG in the optimal resolution for web, social media, or email use. Pippit AI ensures the image remains sharp and clear, even after resizing.

****Conclusion****

Resizing JPEGs without losing quality requires more than just adjusting dimensions. It demands the proper techniques and tools. Since JPEGs use lossy compression, resizing them improperly can result in pixelation, blurring, and color loss. By following best practices like using high-quality source images, AI-powered resizing tools, and proper resampling methods, you can maintain sharp and vibrant images.

Why Image Quality Drops When Resizing a JPEG (and How to Fix It)

The Lumma infostealer infrastructure has suffered a serious blow by a coordinated action of the DOJ and Microsoft.

The US Department of Justice (DOJ) and Microsoft have disrupted the infrastructure of the Lumma information stealer (infostealer).

Lumma Stealer, also known as LummaC or LummaC2, first emerged in late 2022 and quickly established itself as one of the most prolific infostealers. Infostealers is the name we use for a group of malware that collects sensitive information from infected devices and sends the data to an operator. Depending on the type of infostealer and the goals of the operator, infostealers can be interested in taking anything from usernames and passwords to credit card details, and cryptocurrency wallets.

Lumma operates under a malware-as-a-service (MaaS) model, meaning its creators sell access to the malware on underground marketplaces and platforms like Telegram. This model allows hundreds of cybercriminals worldwide to deploy Lumma for their own malicious campaigns.

What makes Lumma particularly dangerous is its wide range of targets and its evolving sophistication. It doesn’t just grab browser-stored passwords or cookies. It’s also capable of extracting autofill data, email credentials, FTP client data, and even two-factor authentication tokens and backup codes, which enables attackers to bypass additional security layers.

As Matthew R. Galeotti, head of the Justice Department’s Criminal Division put it:

> “Malware like LummaC2 is deployed to steal sensitive information such as user login credentials from millions of victims in order to facilitate a host of crimes, including fraudulent bank transfers and cryptocurrency theft.”

Over the last few months alone, Microsoft identified over 394,000 Windows computers infected with Lumma worldwide. The FBI estimates that Lumma has been involved in around 10 million infections globally.

Using a court order from the US District Court for the Northern District of Georgia, Microsoft’s DCU seized and facilitated a takedown, suspension, and blocking of approximately 2,300 malicious domains that were part of the infostealer’s backbone.

Most of the seized domains served as user panels, where Lumma customers are able to access and deploy the infostealer, so this will stop the criminals from being able to to access Lumma in order to compromise computers and steal victim information.

Government agencies and researchers sometimes alter DNS addresses to lead the traffic to their own servers (called sinkholes). By redirecting the seized domains to Microsoft-controlled sinkholes, investigators can now monitor ongoing attacks and provide intelligence to help defend against similar threats in the future. This takedown slows down cybercriminals, disrupts their revenue streams, and buys time and knowledge for defenders to strengthen security.

**How to protect yourself**

Even with the Lumma infrastructure disrupted, the threat of information stealers remains very real and evolving. Here are some practical steps to reduce your risk:

*   **Use strong, unique passwords** for every account and consider a reputable password manager to keep track of them.
*   **Enable multi-factor authentication (MFA)** wherever possible. Although Lumma tries to bypass 2FA, having it still adds a crucial layer of defense.
*   **Be cautious with emails and downloads.** Lumma often spreads through phishing emails and malicious downloads, sometimes disguised as legitimate CAPTCHAs or antivirus software.
*   **Keep your software and operating system updated** to patch vulnerabilities that malware can exploit.
*   **Regularly monitor your financial and online accounts** for suspicious activity.
*   **Educate yourself about phishing and social engineering tactics** to avoid falling victim to trickery.
*   **Use an up-to-date real-time anti-malware solution** to block install attempts and detect active information stealers.

By understanding how threats like Lumma operate and by taking the necessary steps to protect ourselves, we can reduce the risk of falling prey to these invisible thieves.

You can use Malwarebytes’ free Digital Footprint Portal to see if any of your data has been stolen by a Lumma infostealer. We have many millions of stolen records stemming from Lumma stealers that are being traded on the Dark Web in our database.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Lumma information stealer infrastructure disrupted 

Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Cybercriminals are using AI-based tools to generate voice clones of the voices of senior US officials in order to scam people.

The FBI has issued a warning about an ongoing malicious text and voice messaging campaign that impersonates senior US officials.

The targets are predominantly current or former US federal or state government officials and their contacts. In the course of this campaign, the cybercriminals have used test messages as well as Artificial Intelligence (AI)-generated voice messages.

After establishing contact, the criminals often send targets a malicious link which the sender claims will take the conversation to a different platform. On this messaging platform, the attacker may push malware or introduce hyperlinks that direct targets to a site under the criminals’ control in order to steal login information, like user names and passwords.

The AI-generated audio used in the vishing campaign is designed to impersonate public figures or a target’s friends or family to increase the believability of the malicious schemes. A vishing attack is a type of phishing attack in which a threat actor uses social engineering tactics via voice communication to scam a target—the word “vishing” is a combination of “voice” and “phishing.”

Due to the rapid developments in AI, vishing attacks are becoming more common and more convincing. We have seen reports about callers pretending to be employers, family, and now government officials. What they have in common is that they are after information they can use to steal money or sensitive information from the victim.

**How to stay safe**

Because these campaigns are very sophisticated and targeted, it’s important to stay vigilant. Some recommendations:

*   Independently verify the identity of the person contacting you, via a different method.
*   Carefully examine the origin of the message. The criminals typically use software to generate phone numbers that are not attributed to a specific mobile phone or subscriber.
*   Listen closely to the tone and word choice of the caller. Do they match those of the person allegedly calling you? And pay attention to any kind of voice call lag time.
*   AI-generated content has advanced to the point that it is often difficult to identify. When in doubt about the authenticity of someone wishing to communicate with you, contact your relevant security officials or the FBI for help.

If you believe you have been the victim of the campaign described above, contact your relevant security officials and report the incident to your local FBI Field Office or the Internet Crime Complaint Center (IC3) at www.ic3.gov. Be sure to include as much detailed information as possible.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Tag

#intel