 I'm Tom Merritt from Daily Tech News Show. Here are the top five security vulnerabilities of 2022. One of the biggest security problems out there are known security vulnerabilities that have been patched. These are problems that have a fix, but for whatever reason, they aren't getting fixed everywhere, so criminals just keep exploiting them. The security agencies of Australia, Canada, New Zealand, the United Kingdom, and the United States, aka the Five Eyes, not the Five Guys, that's Burgers. These guys don't do Burgers. Well, if they do Burgers, I don't know about it. They do security. Anyway, the Five Eyes issued a list of the most exploited security flaws of 2022. So the list is meant as a nudge to these organizations to address these flaws. Here are the top five security vulnerabilities of 2022. Number five, let's use the catchy CVE names, shall we? This one's called CVE 2021 44228, but you can call it Log4Shell, a rather notorious bug in Apache's Log4J logging module. One of the few vulnerabilities to score a perfect 10 out of 10 on critical risk from NIST. This one has been mitigated, patched, and repatched. The last patch came from Oracle in January 2022. There's almost no way your CISO hasn't heard of this. Coming in at number four, CVE 2021 26084, the Atlassian Confluence Bug. This is not a Star Trek disease. It's a computer vulnerability. This one affects organizations running the Confluence Server and Data Center. It was patched in July 2021. Up to number three, the old favorite, CVE 2021 40539, a REST API authentication bypass in Zoho's password management solution. Do you use Zoho services? You should patch this if you haven't already. It was patched in September 2021. Sliding into number two, we're going to group together three Microsoft Exchange proxy shell vulnerabilities. They're all from 2021. 34473 is a remote code execution flaw. That one was patched in July 2021. 31207 is a security bypass flaw. That one was patched in May of 2021. And 34523 is a privilege elevation bug. That one was patched in July 2021. Point being, they're all patched. At number one, CVE 2018 13379, Fortinet's SSL VPN credential exposure flaw. This one was fixed in 2019. And yet, three years later, still top in the list. The point here is that these were all patched in 2021 or before and yet continued to be exploited throughout 2022 in large enough numbers to make the top list of exploited vulnerabilities from five of the biggest intelligence agencies on the planet. So as my friend Bart Bouchard says, patchy patch patch. And if you want more great tech news and info, subscribe to our channel, youtube.com slash daily tech news show. We have a podcast. Do you like the podcast in your ears? Go to daily tech news show dot com. And if you get some value out of this, maybe give a little value back at our Patreon, patreon.com slash DTNS. We'll see you there.