A zero-day exploit is a cyber-attack that occurs on the same day a weakness is discovered in software. It is exploited before a fix becomes available from its creator.
Zero-day vulnerabilities present serious security risks, leaving you susceptible to zero-day attacks, which can result in potential damage to your computer or personal data.

The very nature of zero-day exploits is that your virus scanner would show that you were clean both before and after being infected. It’s not until your anti-virus software provider updates their virus databases and you take that update that your scanner knows what to look for. Antimalware software, intrusion detection systems (IDS) and intrusion prevention systems (IPS) are often hopeless because no attack signature yet exists.
// To keep your devices safe from 0-day attacks, it is smart to immediately install new software updates when they become available from the manufacturer to help reduce the risk of malware infection. Software updates allow you to install necessary revisions to the software or operating system. These might include adding new features, removing outdated features, updating drivers, delivering bug fixes, and most importantly, fixing security holes that have been discovered. //

The attackers can range from a tech-savvy teenager to a highly organized group that taps into huge server farms.
When a user notices that there is a security risk in a program, they can report it to the software company, so that they can develop a security patch to fix the flaw. Usually, the software developers are quick to release a patch that improves program protection, however, sometimes hackers hear about the flaw first and are quick to exploit it.

Famous 0 day exploits and their damage
A vulnerable network is always at the risk of being attacked. Even big organizations could turn into their target. Recent zero-day attacks prove Microsoft to be a favorite target for hackers as it has faced zero-day attacks many times. In 2017 and 2018, Microsoft detected vulnerability in the EternalBlue system, they released emergency security patches to block the flaw. In 2016, Adobe reader was also under attack (CVE-2016-1019). They detected the fault, which was undiscovered until then. When it comes to an extreme zero-day worm, Stuxnet has been the severest. It targeted the supervisory control and acquisition system through the Windows operating system.
Stuxnet is an extremely sophisticated computer worm that exploits multiple previously unknown Windows zero-day vulnerabilities to infect computers and spread. Its purpose was not just to infect PCs but to cause real-world physical effects. Specifically, it targets centrifuges used to produce the enriched uranium that powers nuclear weapons and reactors.

Defending against zero-day attacks,
• Keep software and security patches up to date by downloading the latest software releases and updates. Installing security patches fixes bugs that the previous version may have missed.
• Establish safe and effective personal online security habits.
• Configure security settings for your operating system, internet browser, and security software.
• Install proactive and comprehensive security software to help block known and unknown threats to vulnerabilities.