Glossary
Zero-Day Vulnerability
A zero-day is a secret security hole in software that nobody knows about except hackers. It's like finding out your front door lock can be opened with a credit card, but nobody - including the lock company - knows about it yet. Until it's discovered and fixed, anyone who knows the trick can get in.
What is Zero-Day Vulnerability?
A zero-day vulnerability is a software security flaw that is unknown to the vendor and has no patch available. The term "zero-day" means defenders have had zero days to fix it. These vulnerabilities are extremely valuable to attackers because they can be exploited before anyone can defend against them.
Why Should You Care?
While zero-days sound scary, they're actually rare and expensive - criminals prefer cheaper methods first. What matters more for small businesses is that KNOWN vulnerabilities go unpatched. The vast majority of breaches exploit bugs that have had patches available for months or years. Keeping software updated protects you from most threats.
Is your business exposed?
Real-World Example
In 2024, attackers discovered a zero-day in a popular firewall product. Before the vendor could release a patch, thousands of organizations were compromised. However, the attackers also exploited many OTHER vulnerabilities in the same campaign that had been patchable for months - those victims could have avoided the breach entirely by keeping their systems updated.
How to Protect Against Zero-Day Vulnerability
- 1.
Keep all software updated - this stops most attacks (not just zero-days)
- 2.
Enable automatic updates where possible
- 3.
Follow security news for your critical software vendors
- 4.
Have a plan to quickly apply emergency patches
- 5.
Use endpoint protection that can detect suspicious behavior
CrowdStrike or SentinelOne
- 6.
Practice defense in depth - don't rely on any single security control
Related Terms
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required