each CVE received the same number of posts. 35. Summary This report e amines discussions regarding CVEs on 15 diâferent Dark Web forums in multiple languages between January 2020 and March 2021 to pinpoint the most popular ones that received the highest number of mentions and the wider distribution among Dark Web platforms. Our åfndings re ealed that there is no 100% correlation bet een the t o parameters, since the top åf e CVEs that recei ed the highest number of posts are not e actl the ones that ere mentioned on the highest number of Dark Web forums e amined. Ho e er, it is still enough to understand hich CVEs ere popular among threat actors on the Dark Web during the time e amined: CVE-2020-1472 (aka ZeroLogon) CVE-2020-0796 (aka SMBGhost) CVE-2019-19781 CVE-2017-0199 CVE-2017-11882 CVE-2019-0708 (aka BlueKeep) Most of the CVEs in this list were abused by nation-state groups and cybercriminals, such as ransom are gangs, during orld ide campaigns against diâferent sectors. Moreo er, our åfndings also sho ed that e en long time after rele ant updates ere released, CVEs are still popular on Dark Web platforms, such as CVE-2017-11882, which received the wider distribution (mentioned in 12 out of 15 forums examined). Also, the fact that they old CVEs are still abused by threat actors in the wild (the CVE-2012-0158 was exploited by threat actors during the COVID-19 outbreak in 2020) indicates that organizations are not patching their systems and are not maintaining a resilient security posture. 11 Vulnerability Threat Intelligence Report