Zero-day
Definition
A zero-day is a vulnerability in software that is unknown to the vendor and for which no patch is yet available. Attackers can exploit this weakness before a fix has been released.
The term "zero-day" refers to the fact that developers have had zero days to fix the vulnerability. Zero-days are particularly dangerous because traditional patch-based defence does not work as long as no update is available.
Zero-days are traded on black markets and are used by advanced threat actors (APTs), nation-state actors and cybercriminals. Notable examples include the Stuxnet attack and the Log4Shell vulnerability.
Defence focuses on behaviour-based detection, network segmentation, least privilege and threat hunting that signals anomalous behaviour before an attack spreads.