CISA’s exploited vulnerabilities report for 2021


Update: Thanks to everyone for pointing out that I wrote 2011 in the heading, not 2021. Good thing I got the permalink right!

The US CISA published its annual report on Wednesday:

This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).

This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.

There’s nothing too surprising here if you’ve been following the industry’s adventures over the past twelve months, but it’s always appreciated getting a well-cited summary, and some context around which were most exploited. It’s interesting comparing these with what the popular tech press chose to cover, and how often.

Author bio and support


Ruben Schade is a technical writer and infrastructure architect in Sydney, Australia who refers to himself in the third person. Hi!

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite bespoke cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or send a comment. Thanks ☺️.