Zero-day vulnerabilities are known weaknesses in software or hardware for which no patch yet exists. Knowledge of these often depends on the hacker group. White-hat hackers inform the manufacturer after the discovery to develop a patch, while black-hat hackers keep the knowledge for malicious purposes.
Security researchers often discover such vulnerabilities first and inform the manufacturer before public disclosure to minimize the risk of further exploits. Nevertheless, the danger remains, as information about zero-day vulnerabilities is sold on the dark web. Manufacturers must act as soon as they learn of the vulnerability to close it.
Vulnerabilities are caused by unintentional software or hardware errors, are difficult to detect and can go unnoticed. Zero-day vulnerabilities are discovered by attackers before the manufacturer is aware of them, making successful attacks likely.