{"id":156,"date":"2026-03-05T14:30:15","date_gmt":"2026-03-05T14:30:15","guid":{"rendered":"https:\/\/cybercolombia.co\/index.php\/2026\/03\/05\/ddr5-bot-scalping-samsung-tv-tracking-reddit-privacy-fine-more-cyberdefensa-mx\/"},"modified":"2026-03-05T14:30:15","modified_gmt":"2026-03-05T14:30:15","slug":"ddr5-bot-scalping-samsung-tv-tracking-reddit-privacy-fine-more-cyberdefensa-mx","status":"publish","type":"post","link":"https:\/\/cybercolombia.co\/index.php\/2026\/03\/05\/ddr5-bot-scalping-samsung-tv-tracking-reddit-privacy-fine-more-cyberdefensa-mx\/","title":{"rendered":"DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More \u2013 CYBERDEFENSA.MX"},"content":{"rendered":"
\n

Some weeks in cybersecurity feel routine. This one doesn\u2019t.<\/p>\n

Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity, security teams shared new findings, and a few unexpected moves from major tech companies also drew attention.<\/p>\n

Together, these updates offer a useful snapshot of what is happening behind the scenes in the cyber world right now. From new tactics and campaigns to security and policy changes that could affect millions of users, there is a lot unfolding at once.<\/p>\n

Below is a quick roundup of the most notable stories making headlines this week.<\/p>\n

\n
\n
    \n
  1. \n <\/p>\n
    \n Phishing Campaign Deploys Multiple Malware Strains<\/span><\/p>\n

    \n The Computer Emergency Response Team of Ukraine (CERT-UA) has warned<\/a> of a hacking campaign targeting Ukrainian government institutions using phishing emails containing a ZIP archive (or a link to a website vulnerable to cross-site scripting attacks) to distribute SHADOWSNIFF and SALATSTEALER information-stealing malware and a Go backdoor called DEAFTICKK. The agency attributed the activity to a threat actor tracked as UAC-0252. The development comes as a suspected Russian espionage campaign is targeting Ukraine with two previously undocumented malware strains, BadPaw and MeowMeow, according to ClearSky. While the campaign is likely said to be the work of APT28, the cybersecurity company did not identify the targets of the campaign or say whether the attacks were successful.\n <\/p>\n<\/div>\n<\/li>\n

  2. \n <\/p>\n
    \n Fake RMM Service Spreads RAT via Phishing<\/span><\/p>\n

    \n A new malware-as-a-service (MaaS) dubbed TrustConnect (\u00abtrustconnectsoftware[.]com\u00bb) masqueraded as a legitimate remote monitoring and management (RMM) tool for $300 per month. It\u2019s assessed that the threat actor behind TrustConnect was also a prominent user of RedLine Stealer. According to email security firm Proofpoint<\/a>, multiple threat actors have been observed distributing the malware via phishing emails as of January 27, 2026. The emails claim to be event invites or bid proposals, tricking recipients into clicking on links that lead to the download of bogus executables that install TrustConnect RAT. The RAT backdoors users\u2019 machines and gives attackers full mouse and keyboard control, allowing them to record and stream the victim\u2019s screen. Some campaigns have also been observed delivering legitimate remote access software like ScreenConnect and LogMeIn Resolve alongside TrustConnect between January 31 and February 3, 2026. Customers who purchase the toolkit are granted access to a dashboard to remotely commandeer infected devices and generate branded installers containing the malware. After Proofpoint took steps to disrupt some of the malware\u2019s infrastructure on February 17, 2026, the threat actor resurfaced with a rebranded version of the malware platform called DocConnect. \u00abDisruptions to MaaS operations like RedLine, Lumma Stealer, and Rhadamanthys have created new opportunities for malware creators to fill gaps in the cybercrime market,\u00bb Proofpoint said. \u00abAlthough TrustConnect only masqueraded as a legitimate RMM, the lures, attack chains, and follow-on payloads (which include RMMs) show overlap with techniques and delivery methods that are frequently observed in RMM campaigns and used by multiple threat actors.\u00bb The development comes amid skyrocketing abuse of legitimate RMM software in cyber attacks.\n <\/p>\n<\/div>\n<\/li>\n

  3. \n <\/p>\n
    \n Chrome Moves to Two-Week Release Cycle<\/span><\/p>\n

    \n Google has announced that new Chrome iterations will be released every two weeks, moving away from the current four-week release cycle. Since 2021, Google has been shipping major Chrome versions every four weeks, and since 2023, it has been delivering security updates every week for a reduced patch gap and improved quality. \u00abThe web platform is constantly advancing, and our goal is to ensure developers and users have immediate access to the latest performance improvements, fixes, and new capabilities,\u00bb Google said<\/a>. The new release cycle will also apply to beta releases, starting with Chrome 153, which will arrive on September 8, 2026.\n <\/p>\n<\/div>\n<\/li>\n

  4. \n <\/p>\n
    \n TPMS Signals Allow Covert Vehicle Tracking<\/span><\/p>\n

    \n Researchers at IMDEA Networks Institute have found that Tire Pressure Monitoring System (TPMS) sensors inside each car wheel broadcast unencrypted wireless signals containing persistent identifiers. While the feature is designed for vehicle safety, each sensor transmits a unique ID that does not change, allowing the same car to be recognized again and tracked over time. This, in turn, opens the door to a low-cost monitoring network that uses software-defined radio receivers near roads (at a distance of up to 40m from the car) and parking areas to collect TPMS messages from thousands of vehicles and build profiles of their movements over time. \u00abMalicious users could deploy passive receivers on large scales and track citizens without their knowledge. The advantage of such a system, over more traditional camera-based ones, is that no direct line-of-sight is needed with the TPMS sensors, and spectrum receivers could be placed in covert or hidden locations, making them harder to spot by victims,\u00bb the researchers warned<\/a>. \u00abOur results show that TPMS transmissions can be used to systematically infer potentially sensitive information such as the presence, type, weight, or driving pattern of the driver.\u00bb The disclosure adds to a growing body of research demonstrating how various components fitted into modern vehicles can become unintended conduits for surveillance and exploits.\n <\/p>\n<\/div>\n<\/li>\n

  5. \n <\/p>\n
    \n Telegram Emerges as Cybercrime Command Hub<\/span><\/p>\n

    \n A new analysis from CYFIRMA has pointed out how Telegram\u2019s structure offers threat actors a way to extend their reach globally without the need for specialized tooling, enable frictionless onboarding of buyers and affiliates, support payment options, and facilitate audience growth. The emergence of the platform has fundamentally changed the way cyber operations are coordinated, monetized, and publicized. \u00abFor financially motivated actors, Telegram functions as a scalable storefront and customer support hub,\u00bb the company said<\/a>. \u00abFor hacktivists, it serves as a mobilization and propaganda amplifier. For state-aligned operations, it offers a rapid distribution channel for narratives and leaks. In many cases, telegram complements and increasingly replaces traditional Tor-based ecosystems by removing technical friction while maintaining operational flexibility.\u00bb\n <\/p>\n<\/div>\n<\/li>\n

  6. \n <\/p>\n
    \n AuraStealer Infrastructure Revealed<\/span><\/p>\n

    \n A new analysis of AuraStealer from Intrinsec has uncovered<\/a> 48 command-and-control (C2) domain names linked to the stealer\u2019s operations. The threat actor behind the malware has been found to use .shop and .cfd top-level domains, in addition to routing all traffic through Cloudflare as a reverse proxy to conceal the real server. AuraStealer first appeared on underground hacker forums in July 2025, shortly after the disruption of the Lumma Stealer as part of a law enforcement operation. It was advertised by a user named AuraCorp on the XSS forum. It comes in two subscription packages: $295\/month for Basic and $585\/month for Advanced. One of the primary mechanisms through which the stealer is distributed is ClickFix.\n <\/p>\n<\/div>\n<\/li>\n

  7. \n <\/p>\n
    \n Malvertising Pushes New Atomic Stealer Variant<\/span><\/p>\n

    \n A malvertising campaign is using bogus ads on Google Search results pages to redirect users looking for ways to free up macOS storage to fraudulent web pages hosted on Medium, Evernote, and Kimi AI to serve ClickFix-style instructions that drop a new variant of the Atomic Stealer called malext to steal a wide range of data from compromised macOS systems. The campaign uses more than 50 compromised Google Ads accounts that push \u00abover 485 malicious landing pages, ultimately leading to a ClickFix attack that deployed a potentially new version of AMOS Stealer onto infected systems,\u00bb security researcher Gi7w0rm said<\/a>.\n <\/p>\n<\/div>\n<\/li>\n

  8. \n <\/p>\n
    \n Bots Hammer DRAM Pages for DDR5 Inventory<\/span><\/p>\n

    \n A large-scale data gathering operation has submitted more than 10 million web scraping requests to hit DRAM product pages on e-commerce sites in an effort to find sellers carrying desirable DRAM stock. The bots have been found to check the stock of specific RAM kits every 6.5 seconds by using a technique called cache busting to ensure they get the most up-to-date information, DataDome said. \u00abThese bots aggressively target the entire supply chain, from consumer RAM to B2B industrial memory providers and raw hardware components like DIMM sockets,\u00bb the company said<\/a>. \u00abScrapers attempt to avoid detection by adding cache-busting parameters<\/a> to every request and calibrating their speed to stay just below volumetric alarm thresholds. By rapidly snapping up the limited DDR5 memory inventory for profitable resale, these bots further deplete the consumer supply, effectively boxing out legitimate customers and driving market prices even higher.\u00bb\n <\/p>\n<\/div>\n<\/li>\n

  9. \n <\/p>\n
    \n Reddit Fined Over Children\u2019s Data Handling<\/span><\/p>\n

    \n The U.K. Information Commissioner\u2019s Office (ICO) has fined<\/a> Reddit \u00a314.47 million for unlawfully processing the personal information of children under the age of 13 and for failing to properly check the age of its users, thereby putting them at risk of being exposed to inappropriate and harmful content online. In July 2025, Reddit introduced age assurance measures that include age verification to access mature content and asking users to declare their age when opening an account. Reddit said<\/a> it would appeal the decision, stating it doesn\u2019t require users to share information about their identities, regardless of age, to ensure users\u2019 online privacy and safety.\n <\/p>\n<\/div>\n<\/li>\n

  10. \n <\/p>\n
    \n Samsung Restricts TV Data Collection in Texas<\/span><\/p>\n

    \n Texas Attorney General Ken Paxton announced that Samsung will no longer collect Automated Content Recognition (ACR<\/a>) data without consumers\u2019 express consent. The development comes in the wake of a lawsuit filed against the South Korean electronics giant for its data collection practices and over allegations that the collected ACR information could be used to serve targeted ads. \u00abAdditionally, it compels Samsung to promptly update its smart TVs and implement disclosures and consent screens that are clear and conspicuous to ensure that Texans can make an informed decision regarding whether their data is collected and how it\u2019s used,\u00bb the Office of the Attorney General said<\/a>. Samsung has denied it spies on users.\n <\/p>\n<\/div>\n<\/li>\n

  11. \n <\/p>\n
    \n NATO Clears Consumer iPhones and iPads<\/span><\/p>\n

    \n Apple iPhones and iPads have been approved<\/a> to handle classified information in NATO networks. They are the first consumer-grade devices to be approved for NATO use without additional special software or settings. iPhone and iPad previously received approval to handle classified German government data on devices using native iOS and iPadOS security measures following a security evaluation conducted by Germany\u2019s Federal Office for Information Security.\n <\/p>\n<\/div>\n<\/li>\n

  12. \n <\/p>\n
    \n TikTok Rejects End-to-End Encryption for DMs<\/span><\/p>\n

    \n ByteDance\u2019s TikTok said it has no plans to add end-to-end encryption (E2EE) to direct messages because it would prevent law enforcement and safety teams from reading messages if necessary. In a statement shared with the BBC, the company said<\/a> it wanted to protect users, especially young people, from harm.\n <\/p>\n<\/div>\n<\/li>\n

  13. \n <\/p>\n
    \n Multi-Stage Phishing Attack Spreads Agent Tesla<\/span><\/p>\n

    \n A new phishing campaign using purchase order lures has leveraged a multi-stage attack chain to deliver Agent Tesla, allowing threat actors to harvest sensitive data, while taking steps to evade detection using techniques like obfuscation and in-memory execution. \u00abFrom the initial obfuscated JSE loader to the reflective loading of .NET assemblies and process hollowing of legitimate Windows utilities, Agent Tesla is designed to stay invisible,\u00bb Fortinet FortiGuard Labs said<\/a>. \u00abIts extensive anti-analysis checks further ensure that it only reveals its true nature when it\u2019s certain it isn\u2019t being watched.\u00bb\n <\/p>\n<\/div>\n<\/li>\n

  14. \n <\/p>\n
    \n Attackers Abuse Infrastructure-Only .arpa Domain<\/span><\/p>\n

    \n With organizations taking steps to tighten their traditional email and web filters, new research from Infoblox has found<\/a> a novel campaign where actors are abusing the .arpa top-level domain, a space strictly reserved for network infrastructure, to host malicious content and bypass standard blocklists. The development shows cybercriminals are finding \u00abimpossible\u00bb hiding spots within the internet\u2019s core infrastructure to bypass security, the DNS threat intelligence firm said. Elsewhere, threat actors are also abusing LNK shortcut files and WebDAV to download malicious files on targets\u2019 systems. \u00abBecause being able to remotely access things on the internet via File Explorer is a relatively unknown functionality to most people, WebDAV is an exploitable way to make people download files without going through a traditional web browser file download,\u00bb Cofense said<\/a>.\n <\/p>\n<\/div>\n<\/li>\n

  15. \n <\/p>\n
    \n Spoofed Email Chains Target LastPass Users<\/span><\/p>\n

    \n A new phishing campaign that commenced on March 1, 2026, is using lures related to unauthorized access to individuals\u2019 accounts to trick recipients into visiting fake LastPass login pages to take control of their accounts. The attack takes advantage of the fact that many email clients, especially mobile, show only the display name, hiding the real sender address unless users expand it. \u00abAttackers are forwarding fake email chains to make it appear as though another individual is trying to take unauthorized action on their LastPass account (i.e., export vault, full account recovery, new trusted device registered, etc.),\u00bb LastPass said<\/a>. \u00abAttackers use display name spoofing so that the name portion of the sender field is manipulated to impersonate LastPass, while the actual sending email address is unrelated.\u00bb\n <\/p>\n<\/div>\n<\/li>\n

  16. \n <\/p>\n
    \n Experts Warn Against Blind Trust in AI Coding Agents<\/span><\/p>\n

    \n With the emergence of tools like Claude Code Security, OX Security is urging users to resist the temptation to outsource judgment, architecture, and validation to a single artificial intelligence (AI) model. \u00abAI doesn\u2019t invent fundamentally new code patterns,\u00bb it said<\/a>. \u00abIt reproduces the most common ones it has seen before. That means it scales not only productivity, but also existing weaknesses in software engineering practice.\u00bb The cybersecurity company also warned that AI systems may be prone to false positives and may not reliably inform a user if an issue flagged in a single repository is actually exploitable in a complex and unique environment. A pipeline that relies on the same AI system for both writing and reviewing code is not ideal, it added.\n <\/p>\n<\/div>\n<\/li>\n

  17. \n <\/p>\n
    \n LLMs Enable Automated Internet Deanonymization<\/span><\/p>\n

    \n A team of academics from Anthropic, ETH Zurich, and MATS Research<\/a> has developed large language models (LLMs) that can deanonymize internet users based on past comments or other digital clues they leave behind. \u00abGiven two databases of pseudonymous individuals, each containing unstructured text written by or about that individual, we implement a scalable attack pipeline that uses LLMs to: (1) extract identity-relevant features, (2) search for candidate matches via semantic embeddings, and (3) reason over top candidates to verify matches and reduce false positives,\u00bb the researchers said<\/a>. The method works even if targets use different pseudonyms across multiple platforms. The researchers said using their LLMs outperforms classical research methods, where digital footprints are examined manually by a human operator. This, in turn, enables fully automated deanonymization attacks that can work on unstructured data at scale, while also reducing the cost and effort that goes into intelligence gathering. \u00abOur results show that the practical obscurity protecting pseudonymous users online no longer holds and that threat models for online privacy need to be reconsidered,\u00bb the researchers said. \u00abThe average online user has long operated under an implicit threat model where they have assumed pseudonymity provides adequate protection because targeted deanonymization would require extensive effort. LLMs invalidate this assumption.\u00bb\n <\/p>\n<\/div>\n<\/li>\n<\/ol>\n<\/section>\n<\/div>\n

    That wraps up this week\u2019s quick look at what has been happening across the cybersecurity landscape.<\/p>\n

    Each update on its own may seem small, but together they show how quickly things continue to change. New techniques appear, old tactics evolve, and security decisions from major companies can shift the wider ecosystem.<\/p>\n

    For security teams, researchers, and anyone who follows the threat landscape, keeping track of these signals helps make sense of the bigger picture.<\/p>\n

    Stay tuned for the next edition of the ThreatsDay Bulletin with more developments from the cyber world.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

    Some weeks in cybersecurity feel routine. This one doesn\u2019t. Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity, security teams shared new findings, and a few unexpected moves from major tech companies also drew attention. Together, these updates offer a useful snapshot of […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,5],"tags":[481,24,480,487,486,485,483,482,484],"class_list":["post-156","post","type-post","status-publish","format-standard","hentry","category-noticias","category-trending","tag-bot","tag-cyberdefensa-mx","tag-ddr5","tag-fine","tag-privacy","tag-reddit","tag-samsung","tag-scalping","tag-tracking"],"_links":{"self":[{"href":"https:\/\/cybercolombia.co\/index.php\/wp-json\/wp\/v2\/posts\/156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybercolombia.co\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybercolombia.co\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybercolombia.co\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybercolombia.co\/index.php\/wp-json\/wp\/v2\/comments?post=156"}],"version-history":[{"count":0,"href":"https:\/\/cybercolombia.co\/index.php\/wp-json\/wp\/v2\/posts\/156\/revisions"}],"wp:attachment":[{"href":"https:\/\/cybercolombia.co\/index.php\/wp-json\/wp\/v2\/media?parent=156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybercolombia.co\/index.php\/wp-json\/wp\/v2\/categories?post=156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybercolombia.co\/index.php\/wp-json\/wp\/v2\/tags?post=156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}