
Weekly Axis Of Easy #458
Last Week’s Quote was: “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say,” was by Edward Snowden. MarilynS is our winner!
This Week’s Quote: “What is freedom of expression? Without the freedom to offend, it ceases to exist.” By ???
THE RULES: No searching up the answer, must be posted at the bottom of this blog post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
This is your easyDNS #AxisOfEasy Briefing for the week of July 6th, 2026. Our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.
To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.
In this issue:
- Ottawa Weighed Suing Citizens Over “Misleading” Social Media Posts
- Canada’s Spy Agency Goes on Offense: CSE Details Hacks on Traffickers, Extremists, Ransomware Gangs
- GitHub AI Agents Can Be Tricked Into Leaking Private Repo Data
- North Korean Hackers Hit Open Source Supply Chain in “PolinRider” Campaign
- New “Armored Likho” Threat Actor Targets Government and Energy Sectors with AI-Obfuscated Stealer
- Have you checked out DomainHelp lately?
Elsewhere Online:

Need to expose localhost with a public URL?
Use tunnel.to for:
- connecting to your local agent (openclaw, hermes)
- local executables
- internal applications
Get a tunnel up and running in under 60 seconds, free.
Supports authentication and (of course) custom domains.
Ottawa Weighed Suing Citizens Over “Misleading” Social Media Posts
A redacted ISED memo, obtained by Blacklock’s Reporter, reveals Minister Mélanie Joly’s department considered legal action against Canadians posting “false and misleading” content on Facebook, Twitter, and LinkedIn—with ISED itself, not courts, judging accuracy and punishments needing only “senior level approval.”
The strategy would shift daily monitoring toward “prevention and early detection.” Tellingly, the government’s own research found Canadians reject Ottawa “declaring what is true,” yet it proceeded anyway—contradicting a four-year-old Liberal pledge that rights offline “must also be protected online.”
More via Reclaimthenet
Canada’s Spy Agency Goes on Offense: CSE Details Hacks on Traffickers, Extremists, Ransomware Gangs
Canada’s CSE disclosed three state-authorized cyberattacks last year: disrupting fentanyl-precursor chemical brokers, undermining an extremist group recruiting in Canada, and dismantling a ransomware-as-a-service gang that hit Canadian healthcare, transport, and business sectors, wiping its servers.
CSE also disrupted infrastructure at ten major ransomware gangs and defended federal institutions against a phishing campaign. Locations and technical methods stayed undisclosed. Context: U.S. Cyber Command’s allied “hunt-forward” operations grew from a handful in 2018 to over two dozen in 2025.
More via Techcrunch
GitHub AI Agents Can Be Tricked Into Leaking Private Repo Data
Researchers at Noma Labs disclosed “GitLost,” a prompt-injection flaw in GitHub’s Agentic Workflows that lets Claude- or Copilot-powered AI agents leak private repository data. Attackers need no credentials — just a public GitHub issue with hidden instructions, like one posing as a “VP of Sales,” to trick agents into posting private README contents publicly.
Research lead Sasi Levi warned of “silent data exfiltration” risk, urging teams to audit agent access before deployment. As of Tuesday, GitHub had implemented no fix and hadn’t responded to inquiries.
More via Theregister
North Korean Hackers Hit Open Source Supply Chain in “PolinRider” Campaign
North Korean hackers are running PolinRider, targeting open source developers since December 2025, per researcher Socket. Compromised GitHub repos carry JavaScript loaders that fetch encrypted payloads via blockchain/RPC infrastructure, delivering the DEV#POPPER RAT and OmniStealer malware.
Linked to the broader Contagious Interview operation, the campaign hits NPM, Packagist, Go modules, and Chrome extensions—162 malicious artifacts found across 108 packages. Attackers compromise maintainer accounts, rewrite Git history, and hid loaders in Packagist’s sevenspan namespace. Socket urges affected teams to remediate from a clean machine, as credentials may be exposed.
More via Securityweek
New “Armored Likho” Threat Actor Targets Government and Energy Sectors with AI-Obfuscated Stealer
Kaspersky has uncovered Armored Likho (aka Eagle Werewolf), a new threat actor spear-phishing government and energy organizations in Russia, Kazakhstan, and Brazil for financial gain and espionage. Its Python-based BusySnake stealer, spread via malicious EXE droppers or LNK files, harvests cookies, clipboard data, Telegram tokens, 2FA codes, and crypto wallets, while reverse SSH tunneling enables persistent remote access.
AI-generated payloads are complicating attribution. Kaspersky ties the group to earlier AquilaRAT activity through shared infrastructure and Microsoft-disguised scheduled tasks. No nation has been attributed; the group remains highly active.
More via Hackread
It started as “easyWhois” over 25 years ago, and over time added more dns lookup functionality as it evolved into DomainHelp.
It now has handy functions like “What is my resolver?” (handy), an updated SPF wizard, SPF flattenre, AI discoverability tool and more:
In the latest upgrade, we’ve add several agentic dns tools that your openclaw, (or easyClaw), Hermes or Claude/Codex can use.
Just point them at DNSskills.md… they’ll know what to do.
Head to Domainhelp.com to see what’s new.
Thanks.
Curated Posts
Posts added to axisofeasy.com since the last edition:
- The most profitable skill of the 21st century (not AI) (Jul 04)
- Career advice in the age of AI (Jul 07)
- 46 thoughts on the near future (Jul 03)
Elsewhere Online:
Operation Riptide Leads to Arrest of Suspected Russian State Sponsored Hacker
Read: https://hackread.com/fbi-spanish-police-arrest-cyber-army-russia-reborn-member/
Attackers Exploit Critical Code Execution Flaw in Adobe ColdFusion
Read: https://www.infosecurity-magazine.com/news/exploit-maximum-severity-adobe/
Critical Google Cloud Bug Enabled Data Exfiltration and AI Session Manipulation
Read: https://www.securityweek.com/google-dialogflow-cx-bug-allowed-attackers-to-hijack-ai-conversations/
Bad Epoll Vulnerability Threatens Linux Desktops Servers and Android Devices
Read: https://thehackernews.com/2026/07/new-bad-epoll-linux-kernel-flaw-lets.html
Apple Fails to Fix Vulnerability That Reveals Hidden iCloud Email Addresses
Read: https://reclaimthenet.org/apple-hide-my-email-vulnerability-exposes-real-email-addresses
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
-
-
-
-
-
-
-
-
-
-
-
-
- July 3rd, 2026: Canada’s New Cyber Law Lets A Minister Cut Your Phone Off — No Warrant Required
- June 26th, 2026: House Leaders Strike Deal On KIDS Act—Minus Key Safety Provision
- June 19th, 2026:Canada’s New Bill Would Trade Online Anonymity For “Child Safety”
- June 12th, 2026: Anthropic Splits Its Most Capable Model In Two — One For The Public, One For Cyber Defenders
- June 5th, 2026: Instagram’s AI Chatbot Exploited To Hijack High-Profile Accounts
-
-
-
-
-
-
-
-
-
-
-


Salmon Rushdie!
Stephen Fry?