This is your easyDNS #AxisOfEasy Briefing for the week of February 23rd, 2026. Our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

In this issue:

• OpenAI Flagged Tumbler Ridge Shooter’s Chat Sessions, But Did Nothing
• GitLab Disrupts North Korean “Contagious Interview” and Fake IT Worker Networks
• DJI Robot Vacuum Flaw Exposed 7,000 Homes
• Google Patches First Chrome Zero-Day of 2026
• UK Fines Reddit Over Child Data and Age Verification

Elsewhere Online:

• ShinyHunters Group Targets Wynn Resorts Employee Data in Recent Breach
• Anthropic Accuses Chinese AI Firms of Harvesting Claude Data to Train Rivals
• New Supply Chain Worm Injects Malicious MCP Servers into AI Coding Tools
• SolarWinds Patches Four Critical ServU Flaws Allowing Root Code Execution
• Former L3Harris Executive Sentenced to Seven Years for Selling Hacking Tools to Russia

OpenAI Flagged Tumbler Ridge Shooter’s Chat Sessions, But Did Nothing

The shooting spree in Tumbler Ridge, BC was the worst mass shooting in Canada since 1989.

As more facts come out about the event, it appears as though multiple systems and institutions failed practically every test, and fumbled every opportunity to avert the tragedy. The shooter, Jesse Van Rootselaar (a.k.a Jesse Strang) had a history of mental illness and had previously had his weapons seized under “Red Flag” laws, but the guns were later returned.

There’s no need to rehash the details of Van Rootselaar’s identity (born male, transgender at age 12), what’s germane for what we cover here in AxisOfEasy, is perhaps an even more complicated issue:

According to the WSJ, in the months before the attack, members of OpenAI’s safety team expressed concern about Van Rootselaar’s chat sessions.

In multiple sessions, Van Rootselaar described scenarios involving gun violence which were flagged by an automated review system (AI, we presume).

As many as a dozen staffers on the OpenAI safety team debated internally whether to report Van Rootselaar to Canadian Law Enforcement Agencies (LEA) and their managers eventually decided not to do so.

The implications are enormous — was there a duty to report? Does a future mass murderer have any expectation of privacy? What kind of slippery slope do we embark on if the answers are “yes” and “no”? It’s practically a “Department of Pre-Crime” if so, but would any of us mind if it saved our child from such a horrific fate?

We don’t have the answers to this. In the same situation, I’d probably have reported it and maybe tried to balance it somehow by advising the user of our actions. This is the only thing I can think of with the benefit of hindsight that tries to thread the needle in order to get it close to right.

OpenAI management has been summoned by Canadian AI Minister Evan Solomon to address some hard questions around this.

Our hearts and condolences go out to the family and friends of all the victims in Tumbler Ridge. There is a Tumbler Ridge Community Resiliency Fund being raised and administered via CanadaHelps.org (which is the body through which we do most of our charitable giving).

Read: https://www.wsj.com/us-news/law/openai-employees-raised-alarms-about-canada-shooting-suspect-months-ago-b585df62 (paywalled).
Also: The Tumbler Ridge Support Fund via Canada Helps: https://www.canadahelps.org/en/charities/nebccf/campaign/TR-Fund/

GitLab Disrupts North Korean “Contagious Interview” and Fake IT Worker Networks

The GitLab Threat Intelligence Team says North Korean actors have run the Contagious Interview campaign since 2022, posing as recruiters to trick developers into executing malware. In 2025, GitLab banned 131 accounts; activity spiked in late 2025, peaking in September. More than 95% of cases used JavaScript malware families BeaverTail and Ottercookie.

One IT worker cell led by Kil-Nam Kang generated $1.64 million from Q1 2022–Q3 2025, likely operating from Beijing. Another cluster controlled 135 synthetic identities, accessing 48 private codebases. A separate operator ran 21 stolen personas and was geolocated to Moscow before securing U.S. agency work and five additional contracts.

More via GitLab

DJI Robot Vacuum Flaw Exposed 7,000 Homes

Software engineer Sammy Azdoufal uncovered a sweeping security flaw while hacking his DJI vacuum to work with a game controller. Using an AI coding assistant to probe DJI’s cloud, he found his credentials unlocked live video, audio, maps, IP locations, and floor plans from nearly 7,000 DJI Romo units across 24 countries.

The $2,000 Romo stores visual data remotely. After The Verge alerted DJI, the company said it fixed the DJI Home vulnerability with automatic patches on Feb. 8 and 10, amid broader scrutiny of smart-home surveillance and Chinese tech firms.

More via Popular Science

Google Patches First Chrome Zero-Day of 2026

Google has released a critical patch for Chrome’s first zero-day of 2026, CVE-2026-2441, a high-severity use-after-free bug in CSSFontFeatureValuesMap affecting versions before 145.0.7632.75/76 on Windows, macOS, and Linux. The flaw lets attackers execute code in Chrome’s sandbox via crafted HTML, risking account and cloud service access.

Google confirms active exploitation but hasn’t disclosed targets. Users should update immediately, enable automatic updates, restart Chrome, avoid suspicious links, and use real-time anti-malware. Other Chromium-based browsers are expected to release similar updates.

More via Malwarebytes

UK Fines Reddit Over Child Data and Age Verification

The UK’s Information Commissioner’s Office fined Reddit £14.47 million for failing to prevent children under 13 from bypassing age checks. Commissioner John Edwards said children’s data was used without understanding or consent.

Reddit now uses Persona for selfies or government ID verification, but researchers found 269 checks per user, including facial recognition, watchlists, financial and database searches. Persona collects extensive third-party data, while Reddit receives only verification status and birthdate. Similar fines against Imgur led to UK access blocks, highlighting the ICO’s Age Appropriate Design Code enforcement.

More via Reclaim The Net

Curated Posts

Posts added to axisofeasy.com since the last edition:

• It’s Too Obvious. What If AI Doesn’t Actually End The World? — February 24, 2026
• How We Get to Abundance by 2035 & Why the Next 18 Months Will Define the Next Century — February 24, 2026
• The AI Revolution Will Not Be Televised — February 21, 2026

Elsewhere Online:

ShinyHunters Group Targets Wynn Resorts Employee Data in Recent Breach
Read: https://www.securityweek.com/wynn-resorts-confirms-data-breach-after-hackers-remove-it-from-leak-site/

Anthropic Accuses Chinese AI Firms of Harvesting Claude Data to Train Rivals
Read: https://hackread.com/anthropic-china-ai-firms-distilled-claude-train-models/

New Supply Chain Worm Injects Malicious MCP Servers into AI Coding Tools
Read: https://www.infosecurity-magazine.com/news/shai-hulud-like-worm-devs-npm-ai/

SolarWinds Patches Four Critical ServU Flaws Allowing Root Code Execution
Read: https://thehackernews.com/2026/02/solarwinds-patches-4-critical-serv-u.html

Former L3Harris Executive Sentenced to Seven Years for Selling Hacking Tools to Russia
Read: https://techcrunch.com/2026/02/24/former-l3harris-trenchant-boss-jailed-for-selling-hacking-tools-to-russian-broker/

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

• February 20th, 2026: Apple Patches Actively Exploited Zero-Day Across Devices
• February 13th, 2026: Discord Is Asking For Your ID
• February 6th, 2026: OpenClaw And Moltbook: Inside The Rise Of Autonomous AI Agents
• January 30th, 2026: FBI Accesses Microsoft BitLocker Keys In Guam Fraud Case
• January 23rd, 2026: Ireland Moves To Expand Digital Surveillance Powers