Top Routinely Exploited Vulnerabilities

Home / Articles / External / Government

Source: DVIDS,
Source: DVIDS,

August 4, 2021 | Originally published by U.S. Cybersecurity and Infrastructure Security Agency on July 28, 2021

This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).

This advisory provides details on the top 30 vulnerabilities—primarily common vulnerabilities and exposures (CVEs)—routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.

Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide. However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system.

Click here for a PDF version of this report.

Focus Areas