The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities. Chinese state-sponsored cyberattackers are actively compromising U.S. targets using a raft of known security vulnerabilities with a Pulse VPN flaw claiming the dubious title of most-favored bug for these groups. The NSA also flagged several vulnerabilities in Citrix as being Chinese faves, including CVE-2019-19781, which was revealed last holiday season.
Source: https://threatpost.com/bug-nsa-china-backed-cyberattacks/160421/