Zero-day attacks exploit unpatched vulnerabilities in software that are unknown to the developer or were already known, but the repair was delayed. Once the exploit runs, developing a patch can take hours or months.
One of the most well-known zero-day attacks was Log4j. The Log4j vulnerability affected everything from the cloud to developer tools and security devices.