Zero-day is an umbrella term that can refer to a zero-day vulnerability, a zero-day exploit, or a zero-day attack. Zero-day vulnerability means the developer has just noticed the vulnerability or the flaw. It is called zero-day because the developer had “zero days” to be able to patch it. Zero-day attacks are considered dangerous because the vulnerability is known by the attackers, which gives them more time to exploit the flaw until the developer can fix it.
The attacks targeting zero-day vulnerabilities are called zero-day attacks and they are very common among hacker communities. Most hackers are trying to find an unnoticed flaw or vulnerability in the new releases of major software releases. Although being ethically questionable, selling zero-day exploit information is mostly considered legal. Some security experts contact the developer for a reward when they discovered a zero-day vulnerability. There are also companies paying bounties to security researchers to acquire their zero-day research.
A zero-day patch refers to a patch that addresses a vulnerability that is disclosed on the same day the patch is released. One of the most famous zero-day attacks was Stuxnet, which was discovered in 2010. This worm affected manufacturing computers running programmable logic controller software.