Today WikiLeaks released documents it dubs "Year Zero" and "Vault 7".
For a quick summary, in what are hopefully layman's terms, here are the results:
The CIA discovers vulnerabilities in the software that comprises an OS; the most publicized have been the software that runs phones (Android and iPhone - iPhones in particular were targeted because of their popularity among political and business leaders), but also includes Windows, iOS, OSx, Linux, and even other Internet infrastructure such as servers and routers.
Instead of alerting the software developers to vulnerabilities in the OS like they claimed they would, the CIA hoarded years of software vulnerabilities in order to test out this new array of cyber-weaponry. In fact, WikiLeaks even produced an image suggesting that monetary transactions were made to "buy the vulnerabilities" in the form of bribing the OS manufacturers not to patch some - even sharing some of these exploits with