Originally reported by BleepingComputer, Malwarebytes Labs
TL;DR
Samsung agrees to stop collecting Texas residents' viewing data without consent following state settlement. Meanwhile, threat actors deploy sophisticated phishing campaigns disguised as purchase order PDFs to harvest credentials.
The phishing campaign represents an active threat to organizations through social engineering tactics, while the Samsung privacy settlement addresses ongoing data collection concerns affecting millions of users.
This week brought significant developments in privacy enforcement and threat actor tactics, highlighting the dual challenges of corporate data collection practices and sophisticated social engineering campaigns.
Samsung reached a settlement agreement with the State of Texas over allegations of unlawful collection of content-viewing information through its smart TV platform. The agreement requires Samsung to stop collecting Texans' viewing data without express consent, marking a significant privacy enforcement action at the state level.
The case underscores growing regulatory scrutiny of connected device data collection practices, particularly in jurisdictions with strengthened privacy laws. Smart TV manufacturers have faced increasing pressure over automatic content recognition (ACR) technology that tracks viewing habits for advertising purposes.
For security teams managing IoT device policies, this settlement reinforces the importance of understanding data flows from connected devices within corporate networks and ensuring compliance with applicable privacy regulations.
Malwarebytes researchers identified a sophisticated phishing campaign using fake purchase order attachments to harvest login credentials. The attack vector leverages business document expectations to bypass user suspicion, presenting what appears to be a standard PDF attachment that instead redirects to credential harvesting pages.
This technique exploits the routine nature of purchase order processing in business environments, where employees regularly receive and open similar documents. The campaign demonstrates threat actors' continued evolution in social engineering tactics, moving beyond generic phishing attempts to context-specific business process exploitation.
Security teams should reinforce email security training around business document verification and implement additional controls for attachment handling, particularly for finance and procurement-related communications.
Malwarebytes Labs released their weekly security roundup covering threat intelligence developments from February 23 through March 1, 2026. The digest format provides security practitioners with consolidated awareness of emerging threats and ongoing campaigns.
Regular threat intelligence consumption remains critical for maintaining situational awareness of the evolving threat landscape. Weekly digests from established research organizations offer efficient methods for security teams to stay informed about trends that may impact their environments.
Originally reported by BleepingComputer, Malwarebytes Labs