An attacker is exploiting a vulnerability that does not have a patch available. What is this type of vulnerability called?

The term that describes a vulnerability that is being exploited without an available patch is known as a zero-day vulnerability. This type of vulnerability is particularly concerning in cybersecurity because it means that attackers are taking advantage of a flaw that developers or security teams are not yet aware of or have not had the opportunity to fix. The name "zero-day" refers to the number of days that the software vendor has been aware of the vulnerability—zero days, meaning it is newly discovered and unaddressed.

Understanding zero-day vulnerabilities is critical for securing systems, as these can be exploited in the wild, affecting organizations before defenses can be established. This highlights the importance of timely updates and patch management, as well as proactive security measures such as intrusion detection and threat monitoring to identify and mitigate potential attacks associated with such vulnerabilities swiftly.