Zero-Day Exploit

A zero-day exploit weaponizes a zero-day vulnerability before defenders have any official mitigation. Because there is no patch, no signature, and often no public detail, even well-instrumented organisations may be blind to it. Zero-day exploits are heavily traded — by state-sponsored actors, by brokers (Zerodium, Crowdfense), and increasingly via mercenary spyware vendors — and command prices into the millions for full chains against modern smartphones or browsers. Detection relies on behavioural analytics (EDR/XDR), exploit-mitigations (CET, ARM PAC, sandboxing), application allow-listing, and aggressive least-privilege so a successful exploit yields limited capability.