In addition to what others have said, there are a lot of hacking tools these days and vulnerabilities are generally published once found. Hackers can look at old vulnerabilities to get ideas for new ones. For example, a buffer overflow in one area of the code might imply there are similar vulnerabilities elsewhere. The tools, like fuzzing tools, make them easier to find.