Mandiant’s 2022 zero-day review tracked 55 vulnerabilities exploited before public patches, a decline from 2021 but still far above 2020 levels. The DPRK-relevant finding in the provided excerpt is narrow: Mandiant identified two zero-day vulnerabilities exploited by suspected North Korean actors, while Chinese state-sponsored groups accounted for the largest share of attributed espionage zero-day exploitation. The report also notes that financially motivated actors exploited four zero-days, mostly linked to ransomware operations, and that Microsoft, Google, and Apple products dominated the affected vendor set. Because the excerpt does not name the North Korean vulnerabilities, tooling, victims, or campaigns, this summary does not infer additional Lazarus or DPRK details.