This is your easyDNS #AxisOfEasy Briefing for the week of May 25th, 2026. Our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

In this issue:

• Canada’s Bill C-22 Draws Global Tech Backlash Over Surveillance Demands
• Microsoft’s Email System Exploited for Months in Phishing Campaign
• Texas AG Sues Meta Over WhatsApp Encryption Claims — But Experts Are Skeptical
• AI-Generated npm Malware Targets Claude Users, Exposes Itself With Rookie Mistake
• 7-Eleven Data Breach Exposes 185,000 Customers’ Personal Information
• GPG Email Forwarding Returns, Because Plaintext Was Apparently a Bad Idea

Elsewhere Online:

easyClaw Launch Resumed

After a big lead-up and much fanfare, we launched easyClaw – the hosted openclaw VPS in last week’s edition of AxisOfEasy

It was fun while it lasted, but at some point in the early hours of Saturday morning, we ran out of IPs and had to throw the brakes on sign-ups.

Sorry if you were one of the people affected.

We’ve since added more netblocks to the easyNode ecosystem, and we’re good to go.

Try easyclaw 

Canada’s Bill C-22 Draws Global Tech Backlash Over Surveillance Demands

Canada’s Bill C-22 would force digital services to rebuild systems for police and CSIS surveillance, retaining user metadata for up to a year on millions of unsuspected citizens. Google warns it creates a “surveillance infrastructure” enabling secret ministerial orders and encryption backdoors.

Apple, Meta, and Signal oppose it — Signal threatening a full Canadian exit — while Swiss-based Proton VPN refused outright, citing Swiss law. US lobby group ITI and congressional chairs Jordan and Mast flagged impossible security tradeoffs for American firms. Minister Anandasangaree dismissed concerns as misinterpretation; RCMP confirmed metadata would identify bystanders near crime scenes.

More via Reclaimthenet

Microsoft’s Email System Exploited for Months in Phishing Campaign

Scammers have abused a Microsoft loophole for several months, sending phishing emails from msonlineservicesteam@microsoftonline.com — an address normally reserved for two-factor authentication and critical account alerts. By exploiting the platform’s overly customizable notification system, fraudulent emails mimicked official fraud alerts or directed recipients to malicious sites.

After TechCrunch reported the issue, Microsoft spokesperson Emelia Katon confirmed an active investigation and removal of violating accounts. Anti-spam nonprofit Spamhaus, which had already alerted Microsoft, criticized the system’s excessive customization permissions. Similar infrastructure abuses have recently hit fintech firm Betterment and domain registrar Namecheap.

More via Techcrunch 

Texas AG Sues Meta Over WhatsApp Encryption Claims — But Experts Are Skeptical

Texas AG Ken Paxton sued Meta, alleging WhatsApp’s advertised end-to-end encryption (E2EE) is false — despite the case resting solely on a single Bloomberg article referencing a closed Commerce Department investigation. Meta denied the claims as “baseless.” Since 2016, WhatsApp has used the open-source Signal protocol, and in 2018 Senate testimony, CEO Mark Zuckerberg swore Meta cannot access message content.

Cryptographers from ETH Zurich, Johns Hopkins, and King’s College London all dismissed the lawsuit, pointing to a 2023 independent reverse-engineering of WhatsApp that found it fully E2EE compliant. Paxton’s timing — amid a Senate primary runoff — raises political motivations questions.

More via Arstechnica

AI-Generated npm Malware Targets Claude Users, Exposes Itself With Rookie Mistake

A malicious npm package, “mouse5212-super-formatter,” hit 676 downloads before removal after targeting Anthropic’s Claude users. OX Security researchers Moshe Siman Tov Bustan and Nir Zadok revealed the malware posed as an “archive deployment sync” utility while silently exfiltrating files from Claude’s “/mnt/user-data” directory to attacker-controlled GitHub repositories via base64 encoding and randomized folder names.

The attacker fatally leaked their own GitHub token within the code, enabling researchers to trace the campaign. The account was deleted post-attack. OX Security warns of increasing AI-assisted npm malware ahead.

More via Theregister

7-Eleven Data Breach Exposes 185,000 Customers’ Personal Information

On April 8th, 7-Eleven suffered a data breach targeting franchise document systems, exposing names, addresses, emails, and dates of birth for approximately 185,300 individuals, per a filing with the Maine Attorney General’s Office. Extortion group ShinyHunters claimed responsibility, alleging theft of 600,000 Salesforce records and demanding ransom by April 21st.

When unpaid, the stolen data was listed on a Russian hacking forum and later confirmed by breach notification site HaveIBeenPwned. ShinyHunters has a pattern of targeting major organizations’ Salesforce instances, with additional claimed attacks against Instructure, Vimeo, Wynn Resorts, Vercel, and Medtronic.

More via Securityweek


GPG Email Forwarding Returns, Because Plaintext Was Apparently a Bad Idea

Back in 2013, easyDNS launched GPG-encrypted email forwarding and almost nobody cared. Funny how a little “lawful access” legislation can sharpen the mind. Now it’s back: point your MX at mx-crypt.easydns.com, add your public key, and mail forwarded into Gmail, iCloud, Rogers, Bell, Telus, etc. lands encrypted at rest. Not end-to-end, not fairy dust, just one less bucket of subpoena-ready plaintext sitting around waiting for somebody with a clipboard.

The better part: the mxcrypt Postfix relay is now open source, so anyone can run one, anywhere. Basement, offshore VPS, jurisdictionally inconvenient bunker, take your pick. Centralized authorities keep looking for the master switch; open-source relays, public-key crypto, and decentralized infrastructure keep turning that switch into confetti.

More from easyDNS 

Elsewhere Online:

New Anthropic AI Model Discovers Critical Encryption Flaw Affecting Smart Devices
Read: https://hackread.com/claude-mythos-ai-vulnerabilities-one-month/

Joint Operation Disrupts Complex Glassworm Botnet Command Channels
Read: https://www.infosecurity-magazine.com/news/crowdstrike-google-takedown/

MuddyWater Exploits Legitimate Binaries in New Global Cyber Espionage Effort
Read: https://thehackernews.com/2026/05/muddywater-uses-dll-side-loading-in.html

Iranian Group Nimbus Manticore Deploys AI Assisted MiniFast Backdoor
Read: https://thehackernews.com/2026/05/iranian-hackers-deploy-minifast-and.html

Ransomware Actors Pose as IT Support and Show Up in Person to Target Law Firms
Read: https://www.darkreading.com/cyberattacks-data-breaches/ransomware-actors-steal-law-firm-data

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

• • • • • • • • • May 22nd, 2026: Ontario Police Secretly Used Israeli Spyware, Watchdog Finds
                • May 15th, 2026: Foxconn Hit by Nitrogen Ransomware, 8 TB of Client Data Stolen
                • May 8th, 2026: Canada’s Parliament Is Filing Your Posts About Politicians
                • May 1st, 2026: Toronto Police Bust Canada’s First SMS Blaster Cybercrime Operation
                • April 24th, 2026: Unauthorized Group Accesses Anthropic’s Mythos Security Tool