NOBUS, short for "NObody But US", are security vulnerabilities which the United States National Security Agency (NSA) believes that only it can exploit. As such, NSA sometimes chooses to leave such vulnerabilities open if NSA finds them, in order to exploit them against NSA's targets. NSA has a dual mission of both attacking foreign systems and defending U.S. systems, so keeping significant vulnerabilities which affect U.S. systems secret is a conflict of interest.
The researchers who wrote the paper on 1024 bit prime reuse Diffie–Hellman key exchange speculates that NSA ave used on the order of hundreds of millions of dollars in computing power to break large amounts of encrypted traffic. This vulnerability also affect U.S. traffic, so this would be a good example of Hayden's "four acres of Cray computers" definition of NOBUS.
As stated by the Washington Post, the NSA is believed to sometimes buy knowledge about security vulnerabilities on the gray market, from for example Vupen, in order to use them offensively. Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the ACLU's Speech, Privacy and Technology Project, has pointed out that these exploits are not NOBUS, in that anybody else can discover them at any time.
Parts of NSA's toolkit of exploits are believed to have somehow leaked or been hacked in 2013, and then published in 2016 (Snowden speculates that the hacking and leaking party was the Russians). Among the exploits revealed was e.g. a zero day exploit allowing remote code execution on some Cisco equipment. Cisco is a US company, and the vulnerable Cisco equipment was presumably used by US government institutions and US companies, however the NSA had apparently not notified Cisco of this vulnerability. NSA's lack of disclosure to Cisco was presumable because of the NOBUS policy, with NSA assuming that only it knew about the exploit.
In regards to asymmetric backdoors, NOBUS follows in the footsteps of kleptography that dates back to the mid 1990s. A case in point is the kleptographic backdoor which NSA is widely believed to have designed into the Dual_EC_DRBG standard, since finding the private key to that backdoor is a cryptographically hard problem (following the definition of a kleptographic attack). Though there is at least one example, ScreenOS, where the cryptovirology backdoor in Dual_EC_DRBG was hijacked by adversaries, possibly using it to attack the American people.