Zero-day vulnerabilities refer to security flaws or weaknesses in software or hardware that are unknown to the vendor or developers. The term "zero-day" indicates that the vulnerability is exploited or attacked on the same day it becomes known to the public or the vendor. These vulnerabilities are called zero-day because developers have zero days to fix or patch them before they are actively exploited.