Zero-Day
A vulnerability that is unknown to the software vendor and has no available patch.
Full Definition
A zero-day (or 0-day) vulnerability is a software security flaw that is unknown to the vendor or developer and therefore has no available patch or fix. The term "zero-day" refers to the fact that developers have had zero days to address the issue. Zero-day exploits that leverage these vulnerabilities are highly valuable and dangerous.\n\nZero-days are prized by nation-state intelligence agencies, elite cybercriminal groups, and security researchers. A single zero-day in a widely used platform can command multi-million dollar prices in the exploit market. They are used in highly targeted attacks where traditional defenses offer no protection, as there are no patches to apply and often no signatures to detect.\n\nWhile organizations cannot patch unknown vulnerabilities, defensive strategies include defense-in-depth, behavioral monitoring for anomalous activity, network segmentation, and rapid patch deployment once a vulnerability becomes known. Threat intelligence monitoring for early disclosures and exploitation reports is critical for rapid response.
Related Terms
Exploit
Code or a technique that takes advantage of a software vulnerability to cause unintended behavior.
VulnerabilitiesVulnerability
A weakness in software, hardware, or a process that can be exploited by a threat actor.
VulnerabilitiesAdvanced Persistent Threat (APT)
A prolonged, targeted cyberattack by a sophisticated, often state-sponsored threat actor.
Threat ActorsThreat Actor
Any individual or group that carries out or has the intent to carry out malicious cyber activities.
Threat ActorsMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.