#AxisOfEasy 446: Internet Content Regulation Is Coming To Canada

Mark E. Jeftovic

Weekly Axis Of Easy #446

Last Week’s Quote was: “A lot of people give up just before they’re about to make it. You know you never know when that next obstacle is going to be the last one,”  was by Chuck Norris.  Jeff got it right.  Well done! Congrats!

This Week’s Quote:  “If you don’t like what you’re doing, then don’t do it.”   By ???

THE RULES:  No searching up the answer, must be posted at the bottom of this blog post, in the comments section.

The Prize:  First person to post the correct answer gets their next domain or hosting renewal on us.

This is your easyDNS #AxisOfEasy Briefing for the week of April 13th, 2026. Our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

In this issue:

  • Internet Content Regulation is Coming To Canada
  • Court Orders OpenAI to Block User in ChatGPT Case Raising Free Speech Concerns
  • Fake Claude “Pro” Site Spreads PlugX Malware via DLL Sideloading
  • n8n Abuse Turns Workflow Automation Tool into Phishing and Malware Delivery Channel
  • AI Agents in GitHub Actions Bypassed via Prompt Injection
  • Fake Microsoft Update Campaign Drops Stealth Infostealer via Electron and Python Chain

Elsewhere Online:

  • Over 200000 Accounts Targeted by Sophisticated Mirax Banking Malware
  • Microsoft Issues Fixes for 165 Vulnerabilities Including Actively Exploited SharePoint Zero Day
  • APT41 Deploys Undetectable Backdoor Targeting Major Cloud Environments
  • JanelaRAT Malware Executes Thousands of Attacks Against Latin American Banks
  • Rockstar Games Data Leak Reveals Internal Business Metrics But No Personal Info


Still fighting with the OpenClaw install?

Try easyClaw VPS (Beta) — 

Ready-to-go VPS with easyClaw preinstalled so you can deploy and operate faster. Get on the invite list.

Join early access→ https://invite.easyclaw.md

 

Internet Content Regulation is Coming To Canada
(from the desk of Mark Jeftovic, CEO)

Now that there’s a majority government in place for the first time in six years, Heritage Minister Marc Miller has made it clear that “this opportunity” should be used to put through internet regulations that failed under previous minority efforts.

In this full length piece on AxisOfEasy, Mark looks at what was attempted under the Trudeau years (previous cracks at “Online Harms” bills),  more recently Bill C-2 under Carney, and even Bill C372, one of the zanier private member bills that would have put you in prison for speaking out in favour of fossil fuels – which would now be possible under a majority government.

What we know is coming for sure:

  • Ban on social media for under 16’s
  • New online harms bill (third try)
  • Warrantless surveillance at ISP level
  • Gag orders on ISPs from telling you you’re being surveilled.

It’s easy to see which way the puck is going if you’ve been paying attention all these years. And we have.

Read the full length piece here

Court Orders OpenAI to Block User in ChatGPT Case Raising Free Speech Concerns

On April 13, California Superior Court Judge Harold Kahn ordered OpenAI to keep “John Roe” locked out of ChatGPT until May 6. Filed by Edelson PC on April 9 for “Jane Doe,” the case alleges GPT-4o reinforced delusions, generated fake psychological reports, and enabled stalking behavior. Roe, a 53-year-old Silicon Valley entrepreneur, was later arrested on four felony charges including bomb threats and assault with a deadly weapon.

OpenAI cited First Amendment concerns under Packingham v. North Carolina, but the court granted the order without addressing them. Roe had previously been flagged for “Mass Casualty Weapons,” reinstated after review, and later found incompetent to stand trial.

More via Reclaim The Net


Fake Claude “Pro” Site Spreads PlugX Malware via DLL Sideloading

Malwarebytes has uncovered a phishing campaign abusing Claude by Anthropic through a spoofed Windows “Pro” download (“Claude-Pro-windows-x64.zip”). The installer runs VBScript, launches the real app as a decoy, and deploys PlugX via DLL sideloading using signed NOVUpdate.exe from G DATA alongside malicious files.

PlugX persists in Startup, alters TCP/IP registry keys, deletes itself, and contacts 8.217.190.58:443 on Alibaba Cloud within 22 seconds. Phishing used Kingmailer (March 28, 2026) and CampaignLark (April 5, 2026). Attribution remains inconclusive despite historic China-linked associations.

More via Hack Read

n8n Abuse Turns Workflow Automation Tool into Phishing and Malware Delivery Channel

Threat actors are abusing n8n, an AI workflow automation platform, to run phishing campaigns, deliver malicious payloads, and fingerprint devices via automated emails, according to Cisco Talos researchers Sean Gallagher and Omid Mirzaei. Attackers exploit cloud-hosted n8n accounts that generate *.app.n8n.cloud domains and expose webhooks used as “reverse APIs.”

These links have been used in phishing since October 2025, with email volume rising 686% between January 2025 and March 2026. Campaigns use fake “shared document” emails leading to CAPTCHA pages that trigger JavaScript-based malware downloads disguised as n8n traffic. Payloads install modified Datto and ITarian RMM tools for C2 persistence, while tracking pixels capture victim emails via HTTP requests.

More via The Hacker News

AI Agents in GitHub Actions Bypassed via Prompt Injection

Researchers led by Aonan Guan (Johns Hopkins University, reported by The Register) demonstrated “comment-and-control prompt injection” against Anthropic Claude Code Security Review, Google Gemini CLI Action, and Microsoft GitHub Copilot.

By injecting payloads into PR titles, issue content, and hidden HTML comments, they manipulated AI agents that automatically process GitHub data and run tools like Bash, enabling leakage of GitHub tokens, Anthropic API keys, and GEMINI_API_KEY. Claude was tricked into executing commands and exposing outputs; Gemini was bypassed via a fake “trusted content section”; Copilot was compromised through invisible Markdown comments despite multiple defenses. Researchers reported bounties ($100, $1,337, $500), no CVEs, and warned that AI agents require least-privilege access and phishing-style security controls.

More via The Register


Fake Microsoft Update Campaign Drops Stealth Infostealer via Electron and Python Chain

A phishing campaign uses the typosquatted domain microsoft-update[.]support to impersonate a Microsoft Windows 24H2 update, delivering WindowsUpdate 1.0.0.msi (April 4, 2026). The installer deploys an Electron app via AppLauncher.vbs and cscript.exe, then executes a Python 3.10 payload (_winhost.exe) with tools like pycryptodome, psutil, and pywin32.

Obfuscated JavaScript enables data theft, including Discord token capture. Persistence is achieved through a “SecurityHealth” Run key and a Spotify.lnk Startup shortcut. The malware communicates with Render and Cloudflare Workers C2 servers, exfiltrates data via gofile.io, and uses IP tracking services. It targets French users and evades detection through legitimate components, runtime execution, and obfuscation, resulting in zero antivirus detections.

More via Malwarebytes

 

Curated Posts

Posts added to axisofeasy.com since the last edition:

Elsewhere Online:

Over 200000 Accounts Targeted by Sophisticated Mirax Banking Malware
Read: https://www.infosecurity-magazine.com/news/mirax-trojan-devices-proxy-nodes/

Microsoft Issues Fixes for 165 Vulnerabilities Including Actively Exploited SharePoint Zero Day
Read: https://www.securityweek.com/microsoft-patches-exploited-sharepoint-zero-day-and-160-other-vulnerabilities/

APT41 Deploys Undetectable Backdoor Targeting Major Cloud Environments
Read: https://www.darkreading.com/cloud-security/apt41-zero-detection-backdoor-harvest-cloud-credentials

JanelaRAT Malware Executes Thousands of Attacks Against Latin American Banks
Read: https://thehackernews.com/2026/04/janelarat-malware-targets-latin.html

Rockstar Games Data Leak Reveals Internal Business Metrics But No Personal Info
Read: https://hackread.com/shinyhunters-leak-rockstar-games-data-player-records/

 

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

Related Posts

What You Need To Know About The WannaCry Ransomware Worm

This week’s #AxisOfEasy had a few topics lined up, such as comedian John Oliver’s epic rant about net neutrality crashing the web servers of the U.S FCC (again), but forget all that. Everything has taken a back seat to the WanaCrypt0r (a.k.a “WanaCry”, or “WannaCrypt”) Ransomware Worm. WanaCry broke out overnight May 11th and quickly […]

[Axis of Easy] Erstwhile Non-Profit .ORG TLD Has Been Sold To VCs

Weekly Axis Of Easy #123 Last Week’s Quote was  “The liberties of none are safe unless the liberties of all are protected.” by William O. Douglas. Winner was Lucien. This Week’s Quote:   “Secrecy is the keystone to all tyranny. Not force, but secrecy and censorship.” THE RULES:  No searching up the answer, must be posted to […]

[Axis of Easy] Apple Dropped Plan For Encrypted Backups After FBI Complained

Weekly Axis Of Easy #130 Last Week’s Quote was “I’ve learned that the monsters ain’t underneath the bed”.  …was Eric Church, nobody got it.  This Week’s Quote: “Life is a long lesson in humility” …by ???? THE RULES: No searching up the answer, must be posted to the blog The Prize: First person to post the correct answer […]

Leave a Reply

Your email address will not be published. Required fields are marked *