Update: Thanks to everyone for pointing out that I wrote 2011 in the heading, not 2021. Good thing I got the permalink right!

The US CISA published its annual report on Wednesday:

This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).

This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.

There’s nothing too surprising here if you’ve been following the industry’s adventures over the past twelve months, but it’s always appreciated getting a well-cited summary, and some context around which were most exploited. It’s interesting comparing these with what the popular tech press chose to cover, and how often.