Zero-day vulnerabilities, in the realm of cybersecurity, refer to software or hardware vulnerabilities that are unknown to the vendor or developer and have not been patched or mitigated yet.
These vulnerabilities are called “zero-day” because they exist from the moment the software is released or deployed, and the vendor has had zero days to fix them. They pose a significant threat because cyber criminals can exploit these weaknesses before the vendor becomes aware of them and has a chance to release a security patch.
Typically, zero-day vulnerabilities are highly sought after in the cyber criminal underground and can be sold for substantial sums of money. Organizations and security professionals need to employ advanced threat detection and prevention techniques to defend against attacks leveraging these vulnerabilities, as there are no official patches available.
Mandiant now part of Google Cloud reported 55 zero day vulnerabilities were exploited in 2022. Ref: https://www.mandiant.com/resources/blog/zero-days-exploited-2022
A full list of 52 zero day vulnerabilities can be found at https://www.zero-day.cz/database/?set_filter=Y&arrFilter_pf%5BYEAR_FROM%5D=2022&arrFilter_pf%5BYEAR_TO%5D=2022&arrFilter_pf%5BSEARCH%5D=