There were more zero-days exploited in 2019 than any of the previous three years, according to FireEye Mandiant. A growing commercial market has made such tools much more widely available. NSO Group has been criticized in the past for selling zero-day exploits to authorized governments who may have launched targeted attacks against human rights activists and journalists. A wider range of threat actors are now gaining access to exploits for undocumented, unpatched bugs simply by buying them no deep security expertise required.
Source: https://threatpost.com/brisk-private-trade-zero-days/154502/