Breaches Hit CBO, WaPo, Samsung via Flaws (38 chars)

Recent security confirmations reveal high-profile compromises across governmental agencies, media outlets, and major mobile platforms, underscoring the exploitation of critical vulnerabilities. The U.S. Congressional Budget Office (CBO) confirmed a security incident following reports by The Washington Post, with officials fearing access to internal emails and chat logs 2. Security researcher Kevin Beaumont suggested the intrusion exploited an unpatched Cisco ASA firewall, which had not been updated following the October 1 federal government shutdown 2. Building on this, The Washington Post confirmed its own data breach stemming from exploitation of Oracle’s E-Business Suite platform by the Clop ransomware gang, which targeted over 100 companies, resulting in one executive facing a $50 million ransom demand 3.

In contrast to these network infrastructure attacks, sophisticated threats targeted consumer endpoints. Android spyware named “Landfall” exploited an unknown zero-day vulnerability (CVE-2025-21042) in Samsung Galaxy phones (S22-S24 models) running Android 13 through 15 1. This surveillance campaign, linked to the vendor Stealth Falcon by Unit 42, allowed access to photos and call logs before Samsung issued a patch in April 2025 1. The confluence of exploiting unmaintained infrastructure like Cisco ASA 2 and leveraging unknown zero-days against consumer hardware 1 confirms a complex threat landscape where threat actors successfully leverage both software flaws and unmaintained systems for espionage and extortion.