An attack that exploits a previously unknown software vulnerability for which no patch or fix exists yet — called "zero-day" because the vendor has had zero days to address the flaw since its discovery.
An attack that exploits a previously unknown software vulnerability for which no patch or fix exists yet — called "zero-day" because the vendor has had zero days to address the flaw since its discovery.
Think you've been targeted?
Paste the suspicious content here for an instant analysis.
No signup · 6 detection layers · Results in seconds · Cmd+Enter
Zero-day exploits represent the most dangerous class of cyber threats because there is no defense against them at the time of attack. The vulnerability is unknown to the software vendor and the security community, meaning no patch exists and traditional security tools cannot detect the attack.
The term "zero-day" refers to the number of days the vendor has known about the vulnerability. Once discovered and disclosed, the vendor has "zero days" to fix it before it can be exploited — though in practice, the exploit may have been used secretly for weeks, months, or even years before discovery.
Zero-day exploits are extremely valuable. On the legitimate market, companies like Zerodium pay up to $2.5 million for iOS zero-days. Nation-states are believed to stockpile zero-days for use in intelligence operations and cyber warfare.
The Pegasus spyware used multiple iOS zero-day exploits to silently infect iPhones with no user interaction required — not even clicking a link. It exploited zero-days in iMessage's handling of media files, allowing full device compromise through a single invisible message.