“Seven of the nine zero-day exploits discovered by Huntley’s team last year were reportedly developed by commercial providers and sold to state-sponsored actors.”

Link.