A “zero day” is a loose term for a recently discovered vulnerability and often associated exploit that overturns the above model, i.e. where a vulnerability has been uncovered but rather than being reported to the vendor is being actively exploited (or attempting to be exploited) by malicious parties – before a patch is released and/or implemented – and often before a vendor or its customers are even aware that the vulnerability in question exists.