> a RCE vulnerability is the type of thing that nation state actors in Russia and North Korea dream of

Does this mean other state actors are beyond needs of RCE vulns as their tools belt and North Korea and Russia lagging behind? Some other interpretation from security-involved practitioners here - like, I don't know - we already have Pegasus, phew on OpenCode RCE?