In the last, what?, ten years all of the exploits have been found by professional security researchers, spy organizations (Stuxnet), and other exploits were done by very serious experts who REALLY knew their shit.
Actually, what you are seeing is criminals taking over the exploitation of exploits, before it was hackers having fun and sending "it's my birthday" messages around, now it's serious criminals using exploits to steal serious money. These people don't advertize their finds, they use them to the fullest extent possible. When PHD's find an exploit you can be sure 90% of the time it's already known to criminals who have used it for a while.
If you wonder at the accuracy of that, just look around at how many viruses are out there and start counting the news reports for companies compromised.