Zero-Day Vulnerability
A software flaw that is unknown to the vendor. Attackers exploit it before a patch is available (0 days to fix it).
Risk Level: Critical. Traditional antivirus often misses these because there is no known signature.
Supply Chain Attacks
Attacking a trusted third-party vendor or software library to compromise the final target.
Example: SolarWinds Orion attack, where malicious code was injected into a legitimate software update.
Common Vulnerability Types
Misconfigurations
Systems that are not securely configured. Examples include default passwords left unchanged, open cloud storage buckets (S3), or unnecessary services running.
Unpatched / Legacy Systems
Running outdated software (e.g., Windows 7) or failing to apply security updates. Known vulnerabilities in these systems are easy targets for automated scanners.
Weak Encryption
Using deprecated algorithms (like DES, WEP, or MD5) that can be easily cracked. Always use modern standards like AES-256 and TLS 1.3.
Improper Input Handling
Failing to validate user input, leading to attacks like SQL Injection (SQLi) or Cross-Site Scripting (XSS).