A zero-day exploit refers to an undetected or unaddressed security vulnerability in hardware or software. In contrast, a zero-day event describes any cyber attack that uses the exploit before developers can patch up the vulnerability. The “zero-day” term comes from the fact that the people responsible for the software’s security had no time to fix the problem before it got exploited by cybercriminals.
In other words, the entity responsible for security only discovered the exploit after an event already happened. Thus, they had zero days to patch the issue before an event occurred. Sometimes, security professionals or even users uncover potential events before they occur. In the worst examples, these exploits and even events may remain undetected for weeks or months.