What is a zero-day vulnerability?

A zero-day is a secret bug in software that bad people find and use before the makers even know it is there.

7 min read min de lecture

~$ man zero-day

What is a zero-day vulnerability?

Security gneurone encyclopedia
A zero-day is a secret bug in software that bad people find and use before the makers even know it is there.

definition

A zero-day vulnerability is a flaw in software, hardware, or firmware that the vendor has not yet discovered or fixed.

Attackers can build a zero-day exploit to take advantage of the flaw, often remaining undetected until the vendor releases a patch.

The term zero-day refers to the fact that zero days have passed since the vendor became aware of the issue.

Think of a zero-day like a hidden crack in your bike lock that only a thief knows about; you and the lock maker have no idea it exists, so the thief can steal your bike without forcing anything.

key takeaways

  • Zero-day vulnerabilities give attackers an advantage because no security updates or signatures exist yet.
  • They are frequently bought and sold on underground markets for large sums of money.
  • Security teams rely on behavior monitoring and threat intelligence to spot possible zero-day activity.
  • Vendors encourage responsible disclosure so flaws can be fixed without public exposure.
  • Regular updates and layered defenses reduce the window of opportunity once a patch is released.

the 2026 job market

By 2026 organizations will need more security researchers, penetration testers, and vulnerability analysts as attacks on cloud, AI, and connected devices grow; skills in exploit detection and rapid patching will be core requirements for defensive roles.

Cybersecurity Analyst · $78,000-$115,000 USD / $72,000-$108,000 CAD / £52,000-£78,000 GBPPenetration Tester · $92,000-$138,000 USD / $86,000-$129,000 CAD / £62,000-£94,000 GBPSecurity Engineer · $105,000-$155,000 USD / $98,000-$145,000 CAD / £72,000-£108,000 GBP

frequently asked questions

How are zero-day vulnerabilities usually found?

Researchers use fuzzing tools, code review, and reverse engineering to locate unknown flaws. Some are discovered by accident during normal testing or by attackers probing systems. Once found they may be kept private or sold before vendors learn of them.

What happens after a zero-day is made public?

Vendors rush to create and distribute a patch while attackers may already be using the exploit. Security teams monitor for signs of compromise and apply workarounds until the fix is ready. Public disclosure often triggers a race between patching and further attacks.

Can regular antivirus stop zero-day attacks?

Traditional signature-based antivirus usually cannot detect zero-days because no signature exists yet. Modern solutions use behavioral analysis and machine learning to catch suspicious activity instead. Even then layered defenses and user awareness remain essential.

Why do governments and companies buy zero-days?

They use them for offensive operations, research, or to test their own defenses before attackers do. Purchasing keeps the flaw secret longer than public disclosure would allow. Prices vary widely depending on the target software and reliability of the exploit.

courses to go further

Advanced Penetration Testing
45 lessonsAdvanced Penetration TestingEnroll →
$ cat ./full-guide.mdPenetration Testing Avancé en pratique : le code et les commandes qui comptent vraimentread the guide →

related terms

a pentestcybersecurityethical hackinga red teaman XSS vulnerability
< back to the encyclopedia

Auteur(s)

R

REHOUMA Haythem

Haythem Rehouma est un ingénieur et architecte IA et cloud, formateur et enseignant technique, avec un profil orienté IA médicale, AWS, MLOps, LLM/RAG et vision par ordinateur.