"These organizations with ties to offensive hacking activities would be negligent if they did not utilize their access to CNVD vulnerability reports to equip their operators. The observable increase in the number of zero-days used by PRC hacking teams, as indicated by the 2022 Microsoft “Digital Defense Report,” suggests that these organizations’ access is resulting in vulnerabilities being used by offensive teams."