KavLabs

Notes from exploratory minds, for curious minds

Parham·Parham·Zal·Zal·

· · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · ·

Blog Categories Advanced Search changelog

2026 KavLabs — all rights reserved

made with love by Parham and Zal

Feb 23, 2026Attack TypesAdvancedLanguage: English

Zero-Day Vulnerability(Zero-Day)

AdvancedPersian version

A security vulnerability that hasn't been discovered or fixed by the vendor yet and attackers can exploit it.

vulnerabilityunknownpatchexploit

What is Zero-Day Vulnerability?

In one sentence: When there's a security bug that the vendor doesn't know about, but hackers know and use it!

Imagine you made a lock. You think it's secure. But a way was found to open it without key. You don't know, but hackers know! Until you find out and give Patch, hackers easily get in. The day you find out is called "day zero" — because from that day you must rush to give Patch!

Zero-Day Cycle:

Bug is discovered (by hacker or researcher)
Hacker makes Exploit
Attack starts
Vendor finds out (day zero)
Patch is published
Users update

Between step 3 to 6, everyone is at risk!

Zero-Day Examples:

Stuxnet (2010): Used multiple Zero-Days to attack Iranian nuclear facilities.

Log4Shell (2021): First hackers used it, then it was discovered.

Why is it important for security?

Because Zero-Day can't be defended against! There's no Patch yet. You can only reduce risk with other defense layers (like WAF, Segmentation).

Sources & References

www.cloudflare.com/learning/security/what-is-a-zero-day-attack
www.fortinet.com/resources/cyberglossary/zero-day

Related Concepts

Exploit

A piece of code or technique that takes advantage of a vulnerability to cause unintended behavior, like gaining unauthorized access or stealing data.