#AxisOfEasy 451: Ontario Police Secretly Used Israeli Spyware, Watchdog Finds

Mark E. Jeftovic

Weekly Axis Of Easy #451

Last Week’s Quote was: “The problem with economic historians is that half of them are historians who don’t  know any economics, the other half are economists who don’t know any history!” was by Murray Rothbard.  Jeremy is our winner!

This Week’s Quote:  “Intellectuals are naturally seduced by the idea of a planned society, because they think they will be in charge of it.”  By ???

THE RULES:  No searching up the answer, must be posted at the bottom of this blog post, in the comments section.

The Prize:  First person to post the correct answer gets their next domain or hosting renewal on us.

This is your easyDNS #AxisOfEasy Briefing for the week of May 18th, 2026. Our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

In this issue:

  • Ontario Police Secretly Used Israeli Spyware, Watchdog Finds
  • Microsoft Dismantles Fox Tempest, a Ransomware-Enabling Code-Signing Operation
  • Canada Promotes VPNs While Passing a Law to Kill Them
  • GitHub Breached: 4,000 Private Repos Stolen via Poisoned VS Code Extension
  • CISA Contractor Exposes Federal Cloud Credentials on Public GitHub for Six Months

Elsewhere Online:

  • Unpatched Chromium Backdoor Vulnerability Disclosed Online with Functional Exploit
  • Grafana Labs Suffers GitHub Breach and Rejects Extortion Demands
  • Security Flaw Fixed in Claude Code Sandbox After Bypassing Outbound Filters
  • Hackers Deploy Advanced Banana RAT via WhatsApp and Phishing Links
  • Verizon DBIR Finds Vulnerability Exploits Surpass Compromised Credentials for First Time

 

Trying to self-host OpenClaw can eat two weeks of your time …if you’re lucky.

easyClaw is the done-for-you alternative: a managed VPS with the control panel preinstalled, your agents running on your own domain in minutes.

Build your own agentic workflows: CVE scanners, customer support assistants, personal note-takers, marketing helpers, I even use one to manage my DNS through the easyDNS MCP connection.

Whatever you can dream up: tell them what to build, wire them together, and walk away.

 

Ontario Police Secretly Used Israeli Spyware, Watchdog Finds

Citizen Lab revealed Ontario Provincial Police may have covertly deployed Paragon Solutions’ military-grade spyware, Graphite, after tracing a connected server directly to OPP headquarters in Orillia. OPP neither confirmed nor denied the allegations. Paragon, founded in Israel in 2019, counts former Israeli PM Ehud Barak among its founders.

Graphite was previously used to hack an Italian journalist and migrant activists. The report also exposed wider surveillance: the RCMP used spyware across 30+ investigations since 2017, and five Ontario police services have deployed similar tools — all without consulting the province’s Privacy Commissioner.

More via CBC 


Microsoft Dismantles Fox Tempest, a Ransomware-Enabling Code-Signing Operation

Microsoft seized websites and hundreds of virtual machines tied to Fox Tempest, a malware signing-as-a-service operation active since May 2025 that abused Microsoft’s own Artifact Signing service. Operators sold fraudulent code-signing certificates — making malware appear legitimate — to ransomware groups for $5,000–$9,500 via bitcoin.

Customers included Vanilla Tempest (aka Rhysida), who deployed backdoor Oyster, infostealers Lumma and Vidar, and Rhysida ransomware. An undercover sting by Microsoft’s Digital Crimes Unit exposed the operation, which compromised thousands of U.S. machines, including over a dozen of Microsoft’s own, with ties to ransomware families INC, Qilin, and Akira.

More via Theregister


Canada Promotes VPNs While Passing a Law to Kill Them

Public Safety Canada promoted VPN use on May 19, days after advancing Bill C-22, the Lawful Access Act, which would mandate surveillance infrastructure, 365-day metadata retention, and secret ministerial compliance orders that providers cannot disclose. Toronto-based Windscribe vowed to relocate; NordVPN and Signal issued identical warnings.

Apple refused backdoor compliance; Meta warned of forced encryption-breaking. Shopify CEO Tobi Lütke warned of a death blow to Canadian tech. The EU has twice struck down identical retention schemes. US congressional leaders formally warned of cross-border privacy risks to Americans.

More via Reclaimthenet 


GitHub Breached: 4,000 Private Repos Stolen via Poisoned VS Code Extension

Financially motivated threat actor TeamPCP — linked to the Shai-Hulud self-replicating worm — breached GitHub by compromising an employee device through a malicious VS Code extension, exfiltrating approximately 3,800–4,000 private repositories. The group advertised the stolen code on a Dark Web forum, offering it to a single buyer or threatening a free leak, explicitly framing it as a sale rather than a ransom.

Microsoft-owned GitHub isolated the endpoint, removed the extension, and rotated critical credentials overnight. Security experts warn VS Code extensions carry full editor privileges, exposing filesystems, credentials, SSH keys, and cloud keys with virtually no verification gatekeeping.

More via Darkreading 


CISA Contractor Exposes Federal Cloud Credentials on Public GitHub for Six Months

A Nightwing contractor working for CISA/DHS publicly exposed sensitive federal credentials on GitHub after disabling the platform’s built-in secrets detection and ignoring GitGuardian alerts. Security consultant Philippe Caturegli of Seralys confirmed the leaked credentials authenticated to three AWS GovCloud servers at high privilege.

Exposed data included admin cloud keys, plaintext passwords for dozens of internal systems, and access to CISA’s internal code repository — a potential supply-chain attack vector. AWS keys remained valid 48 hours after CISA was notified. CISA, down nearly a third of its staff, claimed no data was compromised.

More via Krebsonsecurity

 

Curated Posts

Posts added to axisofeasy.com since the last edition:

Elsewhere Online:

 

Unpatched Chromium Backdoor Vulnerability Disclosed Online with Functional Exploit
Read: https://arstechnica.com/security/2026/05/google-publishes-exploit-code-threatening-millions-of-chromium-users/

Grafana Labs Suffers GitHub Breach and Rejects Extortion Demands
Read: https://techcrunch.com/2026/05/18/open-source-tool-maker-grafana-labs-says-hackers-stole-its-code-refuses-to-pay-ransom/

Security Flaw Fixed in Claude Code Sandbox After Bypassing Outbound Filters
Read: https://www.securityweek.com/anthropic-silently-patches-claude-code-sandbox-bypass/

Hackers Deploy Advanced Banana RAT via WhatsApp and Phishing Links
Read: https://hackread.com/banana-rat-malware-fake-invoices-16-brazilian-banks/

Verizon DBIR Finds Vulnerability Exploits Surpass Compromised Credentials for First Time
Read: https://www.infosecurity-magazine.com/news/verizon-dbir-exploits-top-access/

 

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

Related Posts

ICANN Is Failing Its Community

Weekly Axis Of Easy #22 In this issue:     • Kaspersky Labs find (Yet another) Adobe Flash 0-Day Vulnerability     • Brits blame Iran for cyber-attack on Parliament      • Facebook launches hotline for hacked Canadian politicians     • World’s First “AI” ETF launches     • ICANN is failing its community      • easyDNS […]

Leave a Reply

Your email address will not be published. Required fields are marked *