Zero-Day

Vulnerabilities 🚨 • Threats ⚠️ • Security Operations 🛡️ • Sec+ Glossary 📖 • Difficulty: free

What is Zero-Day?

A zero-day is a software vulnerability that is unknown to the vendor or has no effective fix available at the time attackers begin exploiting it.

Examples

Attackers discover a flaw in a web browser before the vendor releases a patch and use it to infect users who visit a malicious site.
A threat actor exploits a newly found vulnerability in a VPN appliance while organizations are still unaware that the weakness exists.

Discover 🔎

Most security advice assumes defenders have at least some warning. Patch known flaws. Block known malware. Watch for known attacker behavior. A zero-day is dangerous because it removes much of that comfort. The weakness is new, unknown, or not yet fixed, so the usual defenses may not be ready.

That is why zero-days attract so much attention. They give attackers a chance to strike during the period when organizations are least prepared. If a flaw is being exploited before the vendor can fully respond, defenders may have little more than monitoring, containment, and temporary workarounds to rely on.

Remember: The "zero in zero-day refers to the idea that defenders have had zero days of warning or patching time before the threat becomes real.

Summary 📝

A zero-day is a vulnerability that attackers can exploit before defenders have had an effective chance to patch or prepare for it. Its danger comes from the timing gap between discovery, exploitation, and defensive readiness. Because that gap cannot always be avoided, organizations need layered controls, strong visibility, and fast response processes to reduce the impact.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.