The word zero day gets thrown around in cybersecurity like confetti. Every other week there is a new headline. Fresh vulnerability disclosure and someone calls it a zero day. Log4Shell variant shows up in a different library and the tweets flood in saying zero day again. A CVE drops on a Tuesday and by Wednesday half the infosec timeline is calling it zero day. But the term has a precise meaning. And we have almost completely abandoned it. The original definition is specific. A zero day vulnerability is one that is unknown to the vendor and unknown to anyone capable of mitigating it. The zero means the vendor has had zero days to fix it because they do not even know it exists yet. An exploit that targets one of these is a zero day exploit. An actual attack in the wild is a zero day attack. Not close. Not new to you. Not something you personally just found out about. Unknown. To the vendor. To defenders. To everyone.…