When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

The good news is that these threats are relatively easy to spot and counter.

That’s not so true for zero-day vulnerabilities.

A hacker�s hand in a black leather glove holding an access key and emerging through a laptop screen

They’re a class of hacking attacks that are completely unknown at the point they’re deployed.

What are zero-day vulnerabilities?

By definition, it’s impossible to know how many zero-day vulnerabilities there are in a system.

Malware

These vulnerabilities can be used by a malicious actor to cause the system to do something unintentional.

There are a few other terms that experts use when they’re discussing zero-days.

The actual code that a hacker uses to take advantage of the vulnerability is called a zero-day exploit.

How do zero-day vulnerabilities work?

There isnt really a uniform punch in of zero-day vulnerability.

Each one comes from an unintended consequence of how a piece of technology is built.

However, hackers are constantly on the lookout for vulnerabilities too.

Therefore, not all hackers go looking for zero-days to use them.

Instead, they’ll trade them for money or other services in return for zero-days.

The reason they’re treated like commodities is because they’re somewhat perishable.

Of course, a vulnerability on its own isn’t a whole attack chain.

Part of the problem here is how the economics pan out.

Why are zero-day vulnerabilities so dangerous?

Zero-days are dangerous because it’s hard to protect against them.

They completely subvert the security model you’ve built because one of your assumptions is now flawed.

Your firewalls and cloud storage services might be bulletproof, but are your IoT devices?

This is also why zero-days are worth so much.

However, some serious cyber-criminals will use zero-days to carry out long-term surveillance on companies and state infrastructure.

As a result, most high-end service providers now offer bug bounties for finding zeroday vulnerabilities in their software.

What can you do about zero-day vulnerabilities?

Here are the best ways to deal with zero-day vulnerabilities: