Zero-day (0-day) exploit / attack
A software-vulnerability unknown to the outside world including the vendor, or known but not yet patched. After the vulnerability has become known, it still takes quite some time until most computers are safe because not everyone installs new updates/patches regularly. The term "zero-day" applies to the fact that, when the exploit is discovered by the vendor or security-personnel, there are 0 days to develop a patch, because the attack is already in the wild.
Once a zero-day exploit becomes known, several institutes immediately update their websites to bring out a warning, like CISA and the NVD.
To stay alert of new vulnerabilities it is recommended to subscribe for one or more mailing lists, the Seclist offers a wide variety of these.
