The US government today released a list of the top 10 security vulnerabilities routinely exploited by foreign cyber actors between 2016 and 2019. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued the CVEs alert through the National Cyber Awareness System of the DHS to advise security professionals to prioritize patching these vulnerabilities to help reduce the risk of foreign threats.

While Microsoft remains at the top of the list for exploited security vulnerabilities, this list reminds us that common exploits, like the ones found in the OWASP Top 10, are still in the top 10 exploits targeted by cyber criminals. This list, along with the recent NIST update to the standard SP 800-53 to include application security (RASP) as a requirement, is a good reminder that there’s more need than ever to have application security as part of the security framework for web applications and application workloads.