A previously unknown software flaw discovered by attackers before the vendor is aware, leaving systems exposed until a patch is developed and deployed.