What defines a zero-day attack?

A zero-day attack is defined as the exploitation of an unknown deficiency in code. This means that the vulnerability has not yet been discovered or patched by the software vendor, which gives attackers the opportunity to exploit it without any immediate ability for users to defend against it. The term "zero-day" refers to the fact that the vulnerability is being exploited on the same day that it is discovered by the attacker, leaving no time for mitigation or for a security fix to be implemented.

In this context, it’s important to differentiate it from other scenarios. Attacks using outdated security measures or targeting outdated software versions relate to known vulnerabilities that may have security patches available. Similarly, utilizing previously known vulnerabilities involves exploiting flaws for which fixes exist and have been publicized. Therefore, what makes a zero-day attack particularly dangerous is the element of surprise and the lack of available protection, as there is no prior knowledge of the vulnerability for both users and the security community.