TOP 5 CVE BY NUMBER OF POSTS ON THE 15 DARK WEB FORUMS TOP CVE MENTIONED BY DIFFERENT HACKING COMMUNITIES Analysis process and findings 1,267 different CVEs were mentioned on 15 Dark Web forums in multiple languages between January 2020 and March 2021. 56.3% of these CVEs were disclosed in 2020, among which the CVE-2020-0796 (aka SMBGhost, CVSS:10) 2 received the highest number of posts (52 posts). This is also the highest number of posts by CVE in general during this period in these forums. Moreover, 17.3% of the 1,267 CVEs were disclosed in 2019, among which CVE-2019-19781, a flaw in Citrix Application Delivery Controller (ADC) and Gateway (CVSS:9.8) 3 , received 49 posts, which is the second highest number of posts. However, does it mean these two CVEs are the most popular among Dark Web forum members during this period? Below is a list of the “top five CVEs” by number of posts on the 15 Dark Web forums examined: Moreover, when examining the top mentioned CVEs by different hacking communities, we noticed that the results are different between Russian, Chinese and English- speaking forums. It is worth mentioning that more than a half of the 15 forums examined are Russian-speaking, while the rest are Chinese, English, Turkish and Spanish-speaking forums. The table summarizes the top mentioned CVEs by different hacking communities (it should be noted that on the Spanish-speaking forum examined, all CVEs received the same number of posts and therefore there is no top mentioned CVE in this source): CVE-2020-0796 (52 posts) CVE-2019-19781 (49 posts) CVE-2019-0708 (38 posts) CVE-2020-1472 (38 posts) CVE-2017-11882 (36 posts) Russian-speaking Forums Chinese-speaking forums English-speaking forums Turkish-speaking forum CVE-2019-19781 CVE-2020-0796 CVE-2020-0688, CVE-2019-19781 4 CVE-2019-6340 5 Language Top mentioned CVE https://nvd.nist.gov/vuln/detail/cve-2020-0796 https://nvd.nist.gov/vuln/detail/CVE-2019-19781 each CVE received the same number of posts. CVE-2020-0688 (CVSS:8.8)–a flaw in Microsoft Exchange: https://nvd.nist.gov/vuln/ detail/CVE-2020-0688 a flaw in Drupal (CVSS:8.1) - https://nvd.nist.gov/vuln/detail/CVE-2019-6340 2. 3. 4. 5. 4 Vulnerability Threat Intelligence Report