For example, if each time I transfer from the exchange to a new address, in theory the exchange now has a list of various addresses which all belong to me, so I am still not anonymous.
You can't understand the difference if you think in terms of the exchange. You need to install a non-custodial wallet and start making transactions yourself, without the need of those intermediaries. Once you do, you'll see that every transaction you make is publicly available for anyone to see.
If you send money to a merchant, they now know your address. If you decide to deposit money to the same address again, then the merchant can know you just deposited money. More info can be leaked if we continue this further. For instance, you may decide to spend all of your money, from all of your addresses in one transaction. One can therefore conclude that all these addresses come from the same owner.
As far as I understand, the TLDR seems to be: If you use the same address and the wallet you use signs transactions using weak signatures [...]
Yes, there's a security issue when it comes to ECDSA signatures. One transaction contains several stuff, but what matters in this case is: A public key and a signature. The signature is consisted of two values, one called r and another called s. Mathematically speaking, one can work out your private key if they have two signatures which have been signed using the same private key and have the same r-value.
Also, if the software you're using doesn't create strong signatures, such as ones less than 256 bits, they can solve the hidden number problem and reach to your private key by having your weak signature and your public key. For example, a compromised software may generate insecure nonce values. [1]
Your wallet is supposed to create strong 256-bit signatures with random r-values in each transaction. It's taken for granted that it will. You should always ensure the authenticity of the wallet software you install by verifying the developers' signature.
I assume it is the child private key and not the extended private key?
Yes, what I've written above refers to child private keys. They're also called private keys, plainly. Extended private keys are used to derive them deterministically.
Another security fact is that one can work out all of your child private keys by knowing one of your child private keys and your master public key.
[1]
https://eprint.iacr.org/2019/023