APT29 top five exploits:
-CVE-2018-13379 in FortiGate VPN
-CVE-2019-9670 in Zimbra
-CVE-2019-11510 in Pulse Secure VPN
-CVE-2019-19781 in Citrix ADC
-CVE-2020-4006 in VMware
Interesting, all are proprietary software from respected vendors, no FOSS on the list π€
https://therecord.media/cisa-fbi-nsa-reveal-five-enterprise-bugs-exploited-by-russias-apt29-group/