This is your easyDNS #AxisOfEasy Briefing for the week of April 27th, 2026. Our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

In this issue:

• Toronto Police Bust Canada’s First SMS Blaster Cybercrime Operation
• CrowdStrike Patches Critical LogScale Vulnerability Allowing Unauthenticated File Access
• Vercel Breach Traced to Roblox-Seeking “Patient Zero” at Context.ai
• North Korean Hackers Target 100+ Crypto Firms in Sophisticated Global Phishing Campaign
• ShinyHunters Leaks Data from Zara, 7-Eleven, and Udemy in Salesforce-Linked Campaign
  
• CopyFail – the bug that hacked every linux server on earth

Elsewhere Online:

• New Vidar Infostealer Campaign Exploits Social Engineering and Image Files
• LiteLLM Patch Urged Following Exploitation of High Severity Security Defect
• Researchers Uncover Critical Identity Takeover Path in Microsoft Entra ID Agent Platform
• FIRESTARTER Malware Exploits Known Cisco Vulnerabilities to Gain Remote Control
• US Extradites Chinese National Accused of Global Microsoft Exchange Attacks

Still fighting with the OpenClaw install?

Try easyClaw VPS (Beta) — 

Ready-to-go VPS with easyClaw preinstalled so you can deploy and operate faster. Get on the invite list.

Join early access→ https://invite.easyclaw.md

Toronto Police Bust Canada’s First SMS Blaster Cybercrime Operation

Toronto Police’s Project Lighthouse has resulted in Canada’s first-ever SMS blaster arrests, with three men facing 44 combined charges following March 31 raids in Markham and Hamilton. The vehicle-mounted devices mimicked legitimate cell towers to deliver “smishing” messages impersonating trusted organizations like Canada Post and 407 ETR, harvesting personal and financial data from unsuspecting victims.

Over several months, the blasters triggered 13 million network disruptions and blocked emergency service access across thousands of devices. Dafeng Lin, 27, Junmin Shi, 25, and Weitong Hu, 21, face charges including mischief endangering life and unauthorized possession of credit card data.

More via National Post 

CrowdStrike Patches Critical LogScale Vulnerability Allowing Unauthenticated File Access

CrowdStrike disclosed CVE-2026-40050, a CVSS 9.8 path traversal flaw in self-hosted LogScale’s cluster API endpoint, enabling remote attackers to read arbitrary files — including credentials and configurations — without authentication. Affected self-hosted versions span 1.224.0–1.234.0 and LTS 1.228.0–1.228.1. Patched versions 1.235.1, 1.234.1, 1.233.1, and LTS 1.228.2 are available; immediate upgrade is strongly urged.

SaaS and Next-Gen SIEM customers are unaffected. Discovered internally, no active exploitation has been confirmed, though such flaws are rapidly weaponized post-disclosure. Organizations should patch immediately and restrict API endpoint exposure.

More via Cyberpress

Vercel Breach Traced to Roblox-Seeking “Patient Zero” at Context.ai

A February 2026 Lumma Stealer infection — contracted by a Context.ai employee downloading Roblox auto-farm scripts — triggered a breach of Next.js creator Vercel. Attackers compromised Context.ai, potentially used as unsanctioned shadow AI by a Vercel employee, hijacking their Google Workspace account to access Vercel’s internal systems and decrypt environment variables.

Context.ai has since deprecated its AI Office Suite. CEO Guillermo Rauch confirmed the threat actor targeted tokens and API keys across multiple providers. Vercel also identified separate pre-existing customer compromises. Security firm Tanium flagged attackers’ speed in mapping systems before detection as the primary operational concern.

More via The Hacker News

North Korean Hackers Target 100+ Crypto Firms in Sophisticated Global Phishing Campaign

BlueNoroff, a Lazarus Group subunit linked to North Korea’s Reconnaissance General Bureau, attacked 100+ cryptocurrency organizations across 20+ countries using typosquatted Zoom and Teams links, fake Calendly invites, and ClickFix clipboard injections — achieving full system compromise in under five minutes and maintaining access for 66 days.

Infrastructure included a PowerShell C2 implant, AES-encrypted payloads, Telegram-based exfiltration, and a 950-file deepfake pipeline built from stolen webcam footage. US firms represented 41% of victims, with 45% being CEOs or founders. Arctic Wolf Labs published findings April 27.

More via Infosecurity-magazine

ShinyHunters Leaks Data from Zara, 7-Eleven, and Udemy in Salesforce-Linked Campaign

ShinyHunters published dark web breach listings for Zara, 7-Eleven, and Udemy between April 22–27, 2026, claiming all three ignored ransom negotiations. Udemy’s alleged breach includes 1.4 million Salesforce records; 7-Eleven’s totals 12.8 GB with 600,000-plus Salesforce records. Zara’s is the most severe — 192 GB pulled from BigQuery via third-party platform Anodot, previously tied to a Rockstar Games breach.

The group claims 400 total targets in its broader Salesforce campaign, with 42 organizations already exposed. None of the three companies have confirmed the breaches.

More via Hackread

CopyFail – the bug that hacked every linux server on earth
(also, cPanel has been hacked in a separate incident)

Earlier this week a security researcher using AI discovered CVE-2026-31431, a.k.a “Copy Fail” a 732-byte python script that cracks root for any local user on pretty well every linux distro since 2017.

I put out a short 2 minute video (via X , Facebook or LinkedIn) on what it looks like, along with a two line hot fix to put the fire out until you can properly patch your linux kernel.

Props to the easyDNS ops team who patched the entire fleet (close to 500 servers) in under 8 hours.

While they were in there, they also upgraded the cPanel servers, which was fortuitous because no sooner had copyfail hit, a cPanel exploit dropped that (combined with copyfail, remember copyfail?) would give anybody remote admin access across all versions of cPanel and WHM.

There were also so many supply chain hacks this week we ran out of gas enumerating them (PyPi, Vercel, Bitwarden CLI, the list goes on)

The TL;DR here is that AI has given everybody the ability to hack everything.

What’s to be done?

If you’re a developer or have code deployed, you need to be using tools defensively. One of my favourite tools is Shannon  by KeygraphHQ (no affiliation). It’s a pen-testing tool that looks at your source code from the inside (you can only run against sites that you have access to the git repo, or a private gitlab) and then comes at your site from the outside, using AI and the knowledge of your source to find all the attack vectors.

More info on copyfile

cPanel exploit via Watchtowr labs

My coverage via AoE Website 

Elsewhere Online

New Vidar Infostealer Campaign Exploits Social Engineering and Image Files
Read: https://hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/

LiteLLM Patch Urged Following Exploitation of High Severity Security Defect
Read: https://www.securityweek.com/fresh-litellm-vulnerability-exploited-shortly-after-disclosure/

Researchers Uncover Critical Identity Takeover Path in Microsoft Entra ID Agent Platform
Read: https://thehackernews.com/2026/04/microsoft-patches-entra-id-role-flaw.html

FIRESTARTER Malware Exploits Known Cisco Vulnerabilities to Gain Remote Control
Read: https://hackread.com/linux-firestarter-backdoor-cisco-firepower-devices/

US Extradites Chinese National Accused of Global Microsoft Exchange Attacks
Read: https://techcrunch.com/2026/04/27/hacker-who-allegedly-carried-out-cyberattacks-for-china-is-extradited-to-u-s/

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

• • • • • April 24th, 2026: Unauthorized Group Accesses Anthropic’s Mythos Security Tool
        • April 17th, 2026: Internet Content Regulation Is Coming To Canada
        • April 10th, 2026: Project Glasswing: Industry Coalition Uses AI To Strengthen Cybersecurity
        • April 3rd,2026: Age Verification Laws Reshape The Internet
        • March 27th, 2026: Apple Becomes The UK Government’s Favorite Compliance Officer