Zero-Day

A zero-day vulnerability is a security flaw that is unknown to the vendor or has no available patch, giving defenders "zero days" to prepare. Zero-days are highly valuable on the exploit market and are used by nation-state actors, sophisticated criminal groups, and researchers. Once a zero-day is discovered and weaponized before disclosure, it is called a zero-day exploit. Defenders rely on compensating controls, behavioral detection, and exploit mitigations when patches are unavailable.

Why it matters for your website

• 1Helps identify vulnerabilities before attackers do
• 2Required by PCI-DSS, SOC 2, and most enterprise security programs
• 3Regular testing reduces mean time to detect (MTTD) breaches