THE ThreatsDay Bulletin this week highlights a large-scale DDR5 bot operation that submitted more than 10 million web scraping requests to DRAM product pages, rapidly checking stock every 6.5 seconds with cache-busting parameters to beat detection and push profit-driven resales. It also notes a privacy enforcement action in the UK, with the ICO fining Reddit £14.47 million for handling children’s data and for failing to verify user ages; Reddit has said it will appeal the decision.
In other developments, Samsung agreed to stop collecting ACR data from Texans without explicit consent following a Texas attorney-general-led action, with disclosures and consent screens to be added for clearer user protections. The roundup also covers threats ranging from a Google Chrome release cycle change to a growing use of Telegram as a cybercrime coordination hub, and warnings about AI-enabled deanonymisation and other evolving techniques that could affect millions of users.
Taken together, the stories illustrate how swiftly the threat landscape is evolving, with major tech actions, policy changes, and new attack techniques converging across systems and devices.