These Are the Most Exploited Flaws by Chinese Hackers According to the NSA

Written by Bill Toulas
Last updated September 23, 2021

The NSA (National Security Agency) has compiled a list with the top 25 most exploited vulnerabilities by Chinese state-supported hackers and released the relevant cybersecurity advisory to help agencies, companies, organizations, and web admins apply the corresponding mitigations.

Oliver Tavakoli, CTO at Vectra, has shared the following comment with us on NSA’s list:

The breadth of products covered by this list of CVEs would indicate that the NSA has curated this list through the observation of many attacks undertaken by these actors. The exploits themselves also cover a broad range of steps in the cyberattack lifecycle, indicating that many of the attacks in which these exploits were observed were already pretty deep into the attack progression – and many were likely found only after-the-fact through deep forensic efforts rather than having been identified while the attacks were active.

Related: The US Postal Service Was Using Deprecated Software for Years

Knowing what’s targeted is always valuable info, but in general, we can say that keeping your software up to date by applying all of the available patches and updates as soon as they become available is key.

The software vendors have fixed all of the above vulnerabilities - and in some cases, they were fixed since over a year ago. Thus, seeing them in lists like this indicates a lack of proper system maintenance practices and general negligence.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: