This is your easyDNS #AxisOfEasy Briefing for the week of April 20th, 2026. Our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

In this issue:

• Unauthorized Group Accesses Anthropic’s Mythos Security Tool
• Vercel Breached via Compromised Google Workspace OAuth App
• Canada’s Liberals Move to Revive Online Speech Legislation
• Crypto Scam Targets Shipping Chaos in Strait of Hormuz
• Mastodon and Bluesky Hit by DDoS Attacks in Rapid Succession
• Ethereum gateway domain hijacked on our watch
  
  

Elsewhere Online:

• Targeted Wiper Malware Paralyzes Venezuelan Energy Sector Organizations
• New Ransomware Toolkit Enables Rapid Domain Wide Encryption Across Multiple Systems
• Harvester Threat Actor Expands Capabilities with New Linux GoGra Backdoor
• Emergency Update Required for ASP.NET Core to Block Authentication Forgery
• CISA Demands Urgent Federal Patching as Three Cisco SD-WAN Vulnerabilities Face Active Attacks

Still fighting with the OpenClaw install?

Try easyClaw VPS (Beta) — 

Ready-to-go VPS with easyClaw preinstalled so you can deploy and operate faster. Get on the invite list.

Join early access→ https://invite.easyclaw.md

Unauthorized Group Accesses Anthropic’s Mythos Security Tool

A group of unauthorized users reportedly accessed Mythos, the cybersecurity tool recently announced by Anthropic, during its limited Claude Mythos Preview release. Bloomberg reported that a private online forum gained entry the same day of the public announcement through a third-party vendor environment, allegedly by guessing the model’s online location based on Anthropic’s prior formatting patterns and leveraging contractor access. The group, active on Discord and focused on unreleased AI models, shared screenshots and a live demo as proof. Anthropic told TechCrunch it is investigating and has found no evidence its systems were affected. Mythos was released to select vendors, including Apple, under Project Glasswing.

More via Techcrunch

Vercel Breached via Compromised Google Workspace OAuth App

Vercel, a major web app hosting and deployment platform, was breached through a compromised third-party AI tool’s Google Workspace OAuth application, an attack that impacted hundreds of users across multiple organizations. ShinyHunters — the group behind the recent Rockstar Games hack — posted stolen employee names, email addresses, and activity timestamps online while attempting to sell the data.

Vercel confirmed the incident on X, stating it affected a limited customer subset. Administrators are urged to audit activity logs, rotate environmental variables, check for exposed API keys, and review connected apps for the malicious OAuth application.

More via The Verge

Canada’s Liberals Move to Revive Online Speech Legislation

Canada’s Liberal government under PM Mark Carney, with Culture Minister Marc Miller signaling imminent action, is reviving online speech legislation. The Department of Industry confirmed a new “online safety regime” giving government unilateral power to define “harm.” The reconvened Expert Advisory Group — including Bernie Farber of the Canadian Anti-Hate Network — will shape those definitions.

A new Liberal majority, secured through byelection wins and five MP defections, eliminates barriers that previously killed Bills C-63 and C-36. Violations could carry penalties up to $70,000 or house arrest. The Justice Centre for Constitutional Freedoms has launched a national opposition campaign.

More via Reclaim the net

Crypto Scam Targets Shipping Chaos in Strait of Hormuz

Crypto scammers are exploiting disruption in the Strait of Hormuz, where thousands of vessels remain stranded amid ongoing regional conflict. On April 20, MARISKS warned that fraudsters posing as Iranian authorities were demanding bitcoin or tether “transit fees,” taking advantage of confusion around Iran’s own crypto-based transit demands.

One ship may have been scammed on April 18, while about 2,000 ships and 20,000 mariners remain stuck. On April 22, the cargo ship Epaminondas was fired upon after reported clearance, with authorities investigating possible fraudulent messages. Maritime security reports cite 22 attacks and 13 suspicious incidents amid escalating military activity and a US Navy blockade.

More via Arstechnica 

Mastodon and Bluesky Hit by DDoS Attacks in Rapid Succession

Mastodon’s flagship server, Mastodon.social, was struck by a major DDoS attack on April 20th, causing a significant outage from 1 PM until mitigations restored access by 4 PM. Full recovery was confirmed the following morning. The attack followed a similar hit on Bluesky just days earlier, for which pro-Iran hacktivist group 313 Team claimed unverified responsibility.

No group claimed the Mastodon attack. Both platforms rose to prominence as decentralized alternatives to X following Elon Musk’s acquisition, potentially making them high-profile targets.

More via Security Week

Ethereum gateway domain hijacked on our watch.
(via The Cobbler’s Children Have No Shoes dept.)

Every week we talk about (in Joey’s favourite phrase [on the podcast]LINK THIS) “the very best in data-breachin’ over-reachin'” and after many years reporting on it, our turn’s come up and we have to take ownership of one.

Last weekend ETH.LIMO, the ENS gateway domain that provides a web-native bridge to .ETH domains was successfully hijacked via a social engineering attack against us. It was the first successful social engineering event in our 28 year history.

It is important to emphasize that this was not a software or data breach, and it did not affect any systems nor any other customers – they gamed our processes and they pulled it off, however briefly.

Also interesting to note, DNSSEC saved the day in this case.

It goes without saying, we’ve learned from his and already made structural changes to our processes.

Our mea culpa is here: https://easydns.com/blog/2026/04/18/we-screwed-up-and-we-own-it-the-eth-limo-shtshow-is-on-us/
And the eth.limo post-mortem here:  https://x.com/eth_limo/status/2045552916157563148

Elsewhere Online:

Targeted Wiper Malware Paralyzes Venezuelan Energy Sector Organizations
Read: https://www.securityweek.com/new-wiper-malware-targeted-venezuelan-energy-sector-prior-to-us-intervention/

New Ransomware Toolkit Enables Rapid Domain Wide Encryption Across Multiple Systems
Read: https://www.infosecurity-magazine.com/news/gentlemen-ransomware-rapid/

Harvester Threat Actor Expands Capabilities with New Linux GoGra Backdoor
Read: https://thehackernews.com/2026/04/harvester-deploys-linux-gogra-backdoor.html

Emergency Update Required for ASP.NET Core to Block Authentication Forgery
Read: https://arstechnica.com/security/2026/04/microsoft-issues-emergency-update-for-macos-and-linux-asp-net-threat/

CISA Demands Urgent Federal Patching as Three Cisco SD-WAN Vulnerabilities Face Active Attacks
Read: https://www.theregister.com/2026/04/21/cisco_sdwan_bugs_kev/

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

• • • • April 17th, 2026: Internet Content Regulation Is Coming To Canada
      • April 10th, 2026: Project Glasswing: Industry Coalition Uses AI To Strengthen Cybersecurity
      • April 3rd,2026: Age Verification Laws Reshape The Internet
      • March 27th, 2026: Apple Becomes The UK Government’s Favorite Compliance Officer
      • March 20th, 2026: Canada Introduces Bill C-22 For Mandatory Metadata Retention