You will see articles in the press about new zero-day exploits that are a type of cyber threat. The term zero-day exploit is not telling us what type of threat it is but how long known and defenses available for it.
In the cybersecurity world there are new vulnerabilities continuously being discover in all types of software. As they are publicized, often the publishers of the software have already known about the threat and published patches for it or know that a patch that they already have out there will fix this vulnerability.
However, zero-day exploits are a stronger threat. A zero-day exploit is a vulnerability that was just discovered (or became known outside a group of hackers) and with it there has been no patch made to correct it yet. This means it is available now that it has been released for ever other threat agent to take advantage of on any computer running that version of that software.
Software organizations will immediately start working on a patch to stop the vulnerability and depending on the level of threat it is. Sometimes these are very severe threats. You will see stories on the bigger ones in the popular press.
It is called a zero-day threat/exploit as it has been essentially zero days since discovered which means zero days that they have had to develop a patch. Now actually it will stay a zero-day exploit for a number of days until a patch is developed.
Remember as they develop a patch, it is not just developing a patch for this specific threat, but the patch must be tested quickly to make sure that the patch does not cause other vulnerabilities and that is not easy to test quickly in complex large programs like Windows that has millions and millions of lines of code that are all interdependent. The second part of testing is to make sure that it does not cause the software to not work correctly.
There are lots of zero-day threat/exploits and your security software will often tell you about them also. However, the biggest thing to know is when patches come out for zero-day threats it is important to install them on your machine as threat agents will be using those vulnerabilities extensively then as it is a known open door into lots of people’s systems.