Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
320x100 Itcentric
LECS 970x120 1
What is a zero-day and the risk of targeted cyber attacks

What is a zero-day and the risk of targeted cyber attacks

Redazione RHC : 11 November 2025 21:08

Zero-day vulnerabilities are one of the greatest cybersecurity risks for organizations. These are unknown and unpatched vulnerabilities that attackers exploit to penetrate IT systems and compromise data security.

In this article, we’ll explore zero-day vulnerabilities, how they’re discovered, how hackers exploit them, their market, and best practices for preventing and mitigating these attacks.

Indice dei contenuti nascondi
1. What is a zero-day vulnerability?
2. How zero-day vulnerabilities are discovered
3. Types of zero-day vulnerability disclosure
4. Zeroday brokers and private bug bounty programs
5. The most famous attacks that exploited zero-day vulnerabilities
6. How to prevent and mitigate zero-day attacks

What is a zero-day vulnerability?

A zero-day vulnerability is a computer security vulnerability in software, an operating system, or an application that is unknown to the software manufacturer, users, and security experts. This means that developers have not yet had time to identify and fix the vulnerability, and therefore there is no patch or security update available to protect the software or hardware system.

Attackers can exploit a zero-day vulnerability to gain unauthorized access to a system, execute malicious code, install malware, steal information, or compromise data security. Because the vulnerability is unknown to the software manufacturer, attackers can use exploits undetected and without the software or operating system being able to defend themselves.

Zero-day vulnerabilities can be discovered by security researchers, ethical hackers, or cybercriminals and can be used to carry out highly targeted attacks against specific organizations or a broad audience of users. Because there is no immediate solution available to fix zero-day vulnerabilities, organizations face a potentially critical security threat.

How zero-day vulnerabilities are discovered

Zero-day vulnerabilities can be discovered in a variety of ways. In some cases, they are discovered accidentally or by chance by security experts or end users. However, most zero-day vulnerabilities are discovered through research techniques conducted by cybersecurity experts and independent researchers.

These experts use a combination of automated and manual techniques to analyze software and operating system code, attempting to identify security vulnerabilities. Security researchers can also use fuzzing techniques, which consist of generating random inputs for software and then analyzing their behavior to identify any errors or anomalous behavior.

Additionally, security researchers can utilize bug bounty programs, where software developers pay security experts to identify and report vulnerabilities in their products. Bug bounty programs can incentivize security experts to invest time and resources in finding zero-day vulnerabilities.

It’s important to note that cybercriminals can also use the same research techniques to identify zero-day vulnerabilities and exploit them for malicious purposes. Therefore, cybersecurity experts and independent researchers are required to uphold the principles of professional ethics and follow responsible disclosure procedures to ensure that discovered vulnerabilities are reported to software vendors and patched before they are exploited by attackers.

Types of zero-day vulnerability disclosure

Zero-day vulnerabilities can be disclosed to the community in various ways, each with its own advantages and disadvantages. Here are the main types of zero-day vulnerability disclosure:

  1. Responsible Disclosure: Responsible disclosure involves reporting the vulnerability to the software manufacturer or cloud service provider so that it can be fixed before attackers exploit it. This process is typically managed by security researchers, security experts, and information security professionals who work with the software manufacturer to fix the vulnerability. Responsible disclosure can take several months to complete, but it offers the advantage of allowing software vendors to fix the vulnerability before it can be exploited by attackers.
  2. Public Disclosure: Public disclosure involves disclosing a vulnerability to the public, without prior notification to the software manufacturer or cloud service provider. This process is commonly used by independent researchers, ethical hackers, and activists to raise awareness of security vulnerabilities. Public disclosure can lead to a vulnerability being fixed, but it can also cause significant damage, as attackers can exploit the vulnerability before it is fixed.
  3. Third-party disclosure: Third-party disclosure involves reporting the vulnerability to third-party organizations, such as governments or intelligence agencies. Third-party disclosure may result in the vulnerability being fixed, but it may also lead to its exploitation by third-party organizations, such as in espionage or cyberwarfare.
  4. Disclosure to private bug bounty programs : Disclosure to private bug bounty programs is a process that involves intermediaries, specific cybersecurity companies, or intelligence services. This process is often used by hackers or security researchers seeking to monetize vulnerabilities they have discovered without providing any information to the vendor of the product that discovered the security flaw. This type of disclosure can lead to the vulnerability being fixed, but it can also cause significant damage, as the buyer could use the vulnerability for malicious purposes, such as using it in espionage products that are then resold to governments or intelligence services (e.g., Pegasus, Karma, FinFisher, etc.).

In short, zero-day vulnerabilities can be disclosed in several ways. Responsible disclosure is generally considered the best option, as it allows the software vendor to patch the vulnerability before it can be exploited by attackers and allows the computing community to update systems before they are exploited.

However, there are cases where public or third-party disclosure may be justified, such as when the software manufacturer fails to act promptly to fix the vulnerability, perhaps after months and months of reminders to fix the previously reported security bug.

Zeroday brokers and private bug bounty programs

The resale of zero-day vulnerabilities to zero-day brokers is a phenomenon that has developed in recent years and has raised several cybersecurity concerns. A zero-day broker is an intermediary who purchases zero-day vulnerabilities from security researchers (bug hunters) or other vendors and resells them to clients, such as governments, intelligence services, and cybersecurity companies.

Buying and selling zero-day vulnerabilities has become a highly lucrative market, as these vulnerabilities can be used to attack computer systems and compromise data security.

One of the most well-known cases of zero-day vulnerabilities is the Pegasus surveillance software, developed by the Israeli company NSO Group. Pegasus has been used by several governments to spy on journalists, activists, and other sensitive targets. The software uses a combination of social engineering techniques and zero-day vulnerabilities to gain access to users’ devices and collect sensitive information. The vulnerabilities used by Pegasus were purchased from zero-day brokers and were not disclosed to the public or to software vendors.

The use of zero-day vulnerabilities in intelligence systems like Pegasus has raised several concerns about cybersecurity and user privacy. Zero-day vulnerabilities can be used to attack devices without users’ knowledge and without software vendors being able to patch them. This means users can be spied on or their sensitive information stolen without them having any defense.

The most famous attacks that exploited zero-day vulnerabilities

Over the years, there have been several high-profile attacks that exploited zero-day vulnerabilities to compromise the cybersecurity of organizations and individuals. Here are some examples of well-known zero-day attacks:

  1. Stuxnet : Stuxnet was a highly sophisticated cyberattack that targeted Iran’s nuclear program in 2010. The attack, developed by the United States and Israel, exploited four zero-day vulnerabilities to infect computer systems at the Natanz nuclear facility. The attack caused several centrifuges to malfunction, setting Iran’s nuclear program back by several years.
  2. WannaCry : WannaCry was a global ransomware attack that affected organizations around the world in 2017. The attack exploited a zero-day vulnerability in Windows to infect users’ computer systems. Once infected, the ransomware encrypted users’ files and demanded a payment in bitcoin to decrypt them.
  3. Pegasus : As we’ve seen previously , Pegasus was surveillance software developed by the Israeli company NSO Group. The software exploited several zero-day vulnerabilities to gain access to users’ devices and collect sensitive information. Pegasus was used by several governments to spy on journalists, activists, and other sensitive targets.
  4. Hacking Team: Hacking Team was an Italian cybersecurity company that was hacked in 2015. The attack revealed that the company had sold zero-day vulnerabilities to governments and organizations for surveillance purposes. The attack raised several concerns about cybersecurity and user privacy.

There have been several high-profile attacks that exploited zero-day vulnerabilities to compromise cybersecurity, but preventing and mitigating zero-day attacks is very difficult and requires a combination of technical security solutions and good corporate security practices.

How to prevent and mitigate zero-day attacks

Preventing zero-day attacks requires a combination of technical security solutions and good business practices. Here are some best practices for preventing and mitigating zero-day attacks:

  1. Update your software regularly: Software manufacturers regularly release security updates to fix known vulnerabilities. Make sure you regularly update the software on your computer and all other devices you use.
  2. Use advanced security solutions: Security solutions such as antivirus, firewalls, and advanced threat detection solutions can help detect and prevent zero-day attacks. Make sure you use up-to-date security solutions and configure them correctly to ensure the best possible protection.
  3. User education: Zero-day attacks often exploit human vulnerabilities, such as clicking a phishing link or downloading a malicious file. Be sure to educate users about security risks and provide cybersecurity training to reduce the risk of attacks.
  4. Continuously monitor systems: Continuously monitoring systems can help detect zero-day attacks before they cause significant damage. Ensure you monitor systems in real time and have a rapid response if an attack is detected.
  5. Collaboration with security experts: Collaboration with external security experts can help organizations identify and mitigate zero-day vulnerabilities. Be sure to work with trusted security experts and implement their recommendations to improve data security.
  6. In conclusion, zero-day vulnerabilities pose a significant threat to organizations’ cybersecurity. However, implementing advanced technical security solutions and good business practices can help prevent and mitigate zero-day attacks. Be sure to be aware of security risks and adopt best practices to protect your systems and information.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli