APT29 top five exploits:

-CVE-2018-13379 in FortiGate VPN
-CVE-2019-9670 in Zimbra
-CVE-2019-11510 in Pulse Secure VPN
-CVE-2019-19781 in Citrix ADC
-CVE-2020-4006 in VMware

Interesting, all are proprietary software from respected vendors, no FOSS on the list 🤔

https://therecord.media/cisa-fbi-nsa-reveal-five-enterprise-bugs-exploited-by-russias-apt29-group/