This is your easyDNS #AxisOfEasy Briefing for the week of June 22nd, 2026. Our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

In this issue:

• House Leaders Strike Deal on KIDS Act—Minus Key Safety Provision
• Zombie Routers: AryStinger Botnet Hijacks 4,300+ Outdated D-Link Devices
• Klue Breach Traced to Forgotten 2022 Credential
• Squidbleed: 29-Year-Old Bug in Popular Proxy Server Leaked Passwords
• New “Crypto Clipper” Worm Hijacks Crypto Wallets via USB Drives

Elsewhere Online:

Need to expose localhost with a public URL?

Use tunnel.to for:

• connecting to your local agent (openclaw, hermes)
• local executables
• internal applications

Get a tunnel up and running in under 60 seconds, free.
Supports authentication and (of course) custom domains.

https://tunnel.to

House Leaders Strike Deal on KIDS Act—Minus Key Safety Provision

House Energy and Commerce leaders Guthrie (R) and Pallone (D) announced a bipartisan KIDS Act deal Monday, bundling KOSA, COPPA 2.0, the SCREEN Act, SAFE BOTs Act, and SPY Kids Act. The bill drops a “duty of care” mandate, prompting Sen. Blumenthal’s rebuke that “KOSA without a duty of care isn’t KOSA.”

It defines “knows” as “should have known,” risking liability despite disclaiming age-verification requirements—a contradiction critics say still pressures surveillance. Platforms must default minors to protective settings and parental tools; states keep power to impose stricter rules. It awaits Senate passage and Trump’s signature.

Read: https://reclaimthenet.org/the-kids-act-a-bipartisan-mass-surveillance-megabill
More via Reclaimthenet

Zombie Routers: AryStinger Botnet Hijacks 4,300+ Outdated D-Link Devices

A newly discovered botnet, AryStinger, has compromised over 4,300 end-of-life D-Link routers (DIR-850L/DIR-818LW) and some NAS devices worldwide, exploiting 13-year-old unpatched flaws. Infected devices become “Executors,” enabling large-scale network scanning and reconnaissance.

Most concerning: DNS tampering lets attackers redirect users to phishing sites and intercept traffic—even from connected phones and laptops. Watch for slow connections or odd traffic spikes. Risks include stolen credentials and misuse of your IP for fraud. Best defense: replace old hardware, or at minimum, update firmware, use strong passwords, and disable remote WAN access.

Read: https://www.malwarebytes.com/blog/news/2026/06/thousands-of-d-link-routers-under-control-of-arystinger-botnet
More via Malwarebytes

Klue Breach Traced to Forgotten 2022 Credential

Vancouver-based Klue detected a breach June 12 (disclosed Friday) after hackers exploited stolen OAuth tokens to access and steal customer data, including from LastPass, then used it for extortion. The credential traced back to an undisclosed 2022 third-party pilot—details Klue won’t share, including why it was never revoked.

Hacking group Icarus claimed responsibility, threatening to leak the data unless paid. Klue, whose spokesperson Katie Berg confirmed the credential’s origin, says it’s reviewing its credential and vendor-access controls but hasn’t disclosed contact with the attackers.

Read: https://techcrunch.com/2026/06/23/klue-says-hackers-stole-credential-from-2022-that-led-to-customer-data-breaches/
More via Techcrunch

Squidbleed: 29-Year-Old Bug in Popular Proxy Server Leaked Passwords

A Heartbleed-style flaw dating back 29 years, dubbed Squidbleed (CVE-2026-47729), leaked plaintext HTTP requests—including credentials—from Squid, an open-source proxy widely used by corporations, schools, and ISPs.

Researcher Lam Jun Rong of Calif.io, aided by Anthropic’s Claude Mythos Preview, found it via a decade-old Squid version on in-flight Wi-Fi. The bug traces to a 1997 commit for NetWare FTP support, causing a heap overread when attacker-controlled FTP servers omit filenames. Reported in April, it was patched in Squid v7.6 (June 8). Rong recommends disabling FTP entirely.

Read: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/5260367
More via Theregister

New “Crypto Clipper” Worm Hijacks Crypto Wallets via USB Drives

Microsoft has detected Crypto Clipper, a self-spreading worm that travels through USB .lnk files hunting for cryptocurrency credentials. It scans clipboards for seed phrases or wallet addresses, snaps five screenshots within 10 seconds, then exfiltrates data via Tor through a local SOCKS5 proxy—skirting traditional malware infrastructure.

Crucially, it swaps detected wallet addresses with attacker-controlled ones to redirect payments directly. Microsoft warns this “lightweight backdoor” pairs theft with remote code execution. Detection signs include suspicious script processes, PowerShell screen captures, and Defender’s flag: Trojan:Win32/CryptoBandits.A.

Read: https://arstechnica.com/security/2026/06/microsoft-spots-new-self-propagating-malware-for-stealing-cryptocurrency/
More via Arstechnica