This is your easyDNS #AxisOfEasy Briefing for the week of June 8th, 2026. Our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

In this issue:

• Anthropic Splits Its Most Capable Model in Two — One for the Public, One for Cyber Defenders
• Disgruntled Ex-Microsoft Researcher Drops Seventh Zero-Day, Targets Defender
• Meta Bug Exposes 20,000+ Instagram Accounts
• Vidar Malware Spreads Via Fake Tutorial Videos on TikTok and Instagram
• Red Hat npm Packages Backdoored in GitHub Account Compromise

Elsewhere Online:

easyClaw Launch Resumed

After a big lead-up and much fanfare, we launched easyClaw – the hosted openclaw VPS in last week’s edition of AxisOfEasy

It was fun while it lasted, but at some point in the early hours of Saturday morning, we ran out of IPs and had to throw the brakes on sign-ups.

Sorry if you were one of the people affected.

We’ve since added more netblocks to the easyNode ecosystem, and we’re good to go.

Try easyclaw 

Anthropic Splits Its Most Capable Model in Two — One for the Public, One for Cyber Defenders

Anthropic launched Claude Fable 5 on June 9 as two products: Fable 5 for the public and Mythos 5 — identical but with cyber safeguards lifted — restricted to vetted defenders via Project Glasswing. Both cost $10/$50 per million input/output tokens, free on Pro, Max, Team, and Enterprise plans through June 22, then shifting to usage credits.

Flagged requests are silently rerouted to the weaker Opus 4.8. Glasswing partners found vulnerabilities at record rates — Cloudflare logged 2,000 bugs, Mozilla ten times more than before — yet critical patches still average two weeks. All traffic carries mandatory 30-day retention.

More via Thehackernews

Disgruntled Ex-Microsoft Researcher Drops Seventh Zero-Day, Targets Defender

Security researcher Nightmare Eclipse disclosed RoguePlanet, a seventh zero-day targeting Microsoft Defender on fully patched Windows 10 and 11, hours after Microsoft’s record-breaking June Patch Tuesday. The flaw exploits a race condition for SYSTEM-level privilege escalation; public PoC code was validated by Tharros Labs analyst Will Dormann and ThreatLocker.

Three of six prior zero-days — RedSun, UnDefend, and BlueHammer — were exploited before patches arrived; all six are now fixed. Microsoft’s initial response sparked infosec backlash after being interpreted as a legal threat. Nightmare Eclipse retracted a promised large-scale July 14 disclosure, citing exhaustion.

More via Theregister

Meta Bug Exposes 20,000+ Instagram Accounts

Meta disclosed a breach affecting 20,225 Instagram accounts after attackers exploited a verification bug in its AI-powered High Touch Support (HTS) tool, discovered May 31. HTS helps locked-out users reset passwords, but a code path bug sent reset links to unassociated email addresses, allowing attackers to access accounts lacking two-factor authentication (2FA).

Exposed data included contact details, dates of birth, posts, direct messages, and linked services. Meta disabled HTS, invalidated all reset links, and enrolled affected accounts in mandatory security checkpoints. The company will fix the authentication flaw before relaunching HTS and is reviewing all account recovery flows across its platforms.

More via Infosecurity-magazine

Vidar Malware Spreads Via Fake Tutorial Videos on TikTok and Instagram

Threat actors are distributing Vidar — a $300 malware-as-a-service tool that harvests credentials, financial data, and authentication tokens — through fake software tutorial videos on TikTok and Instagram Reels. ReversingLabs identified two campaigns gaming platform algorithms for maximum reach.

The first used Windows-impersonating accounts with AI-voiced clips directing viewers to run PowerShell commands that silently downloaded Vidar from lookalike domain msget[.]run. The second baited comment replies on free Spotify Premium clips to deliver malicious download links via DM. Instagram rejected abuse reports. Organizations are advised to audit install privileges and expand phishing training to include social media.

More via Infosecurity-magazine

Red Hat npm Packages Backdoored in GitHub Account Compromise

On June 1, 2026, Microsoft, Wiz Research, Snyk, and Aikido uncovered a supply chain attack on Red Hat’s @redhat-cloud-services npm namespace. Attackers accessed a legitimate Red Hat employee’s GitHub account, injecting malicious code into RedHatInsights repositories via unauthorized commits that exploited GitHub Actions OIDC tokens to publish backdoored packages with valid SLSA attestations.

At least 32 packages and 96 versions — downloaded 80,000–117,000 times weekly — were compromised. The malware, Miasma, steals AWS, Azure, Google Cloud, SSH, and AI credentials including Claude and Gemini API keys, then self-propagates to additional packages. Administrators revoked malicious versions within hours.

More via Hackread

Elsewhere Online:

Mandiant Links Silent Ransom Group to High Value Data Extortion Campaign
Read: https://www.darkreading.com/cyberattacks-data-breaches/silent-ransom-us-law-firms-extortion-attacks

Red Flags Raised Over Alleged 10M Discord Data Breach Notice in Maine
Read: https://hackread.com/maine-govt-portal-discord-data-breach-notice/

Urgent Hotfix Issued After Attackers Exploit Zero Day Vulnerability in Check Point VPN
Read: https://www.infosecurity-magazine.com/news/check-point-critical-auth-bypass/

Attackers Target SolarWinds Serv-U Servers to Cause Denial of Service
Read: https://www.securityweek.com/solarwinds-patches-exploited-serv-u-vulnerability/

Investigation Reveals SDSU Wired Student Housing with Massive AI Surveillance Network
Read: https://reclaimthenet.org/sdsu-adds-1300-ai-cameras-330-in-student-dorms

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

• • • • • • • • • • • June 5th, 2026: Instagram’s AI Chatbot Exploited To Hijack High-Profile Accounts
                    • May 29th, 2026: Canada’s Bill C-22 Draws Global Tech Backlash Over Surveillance Demands
                    • May 22nd, 2026: Ontario Police Secretly Used Israeli Spyware, Watchdog Finds
                    • May 15th, 2026: Foxconn Hit by Nitrogen Ransomware, 8 TB of Client Data Stolen
                    • May 8th, 2026: Canada’s Parliament Is Filing Your Posts About Politicians