Zero-Day Vulnerability

Zero-Day Vulnerability image
A “zero-day vulnerability” is an unknown or undiscovered security vulnerability that threat actors/attackers discover before the software provider does and is used to target the software, hardware or firmware with malicious code. The term "Zero-Day" is used when security teams are unaware of their software vulnerability and they’ve had “0” days to work on a security patch or an update to fix the issue. This means vulnerabilities can lay undetected for days, months or years until someone (usually a malicious actor) finds it. A zero-day vulnerability is a potential chink in your armor that exists up until it’s patched or removed, meaning for the entire time it takes to develop, test, and deploy a fix the company and those that use it’s products/services are vulnerable to attack.
A security flaw in software, hardware, or firmware that is unknown to the vendor and therefore has no official patch or fix. The vulnerability may have existed for a long time before discovery.

Zero day refers to the vendor's awareness, not the flaw's age.

A researcher discovers an undocumented memory corruption bug in a popular browser. Since the vendor doesn't know about it yet, it's a zero-day vulnerability.
Explore MoT
QA Leadership Summit - The AI-Native Edge: Leading the Future of QA image
QALS Summer 2026: a leadership summit to move beyond AI testing pilots and build production-ready, AI-first QA organizations - powered by the BrowserStack AI Test Platform and 25+ connected AI agents
MoT Software Testing Essentials Certificate image
Boost your career in software testing with the MoT Software Testing Essentials Certificate. Learn essential skills, from basic testing techniques to advanced risk analysis, crafted by industry experts.
This Week in Quality image
Debrief the week in Quality via a community radio show hosted by Simon Tomes and members of the community
Subscribe to our newsletter