Which type of exploits target unknown vulnerabilities in software?

Zero-day exploits specifically target unknown vulnerabilities in software that are not yet known to the vendor or have not been patched. The term "zero-day" refers to the fact that the vulnerability is exploited before the developer has had a chance to address it, meaning there are "zero days" of protection against that exploit. Attackers can use these vulnerabilities to compromise systems, steal data, or conduct unauthorized activities until a patch or fix is released.

In contrast, Trojan exploits do not focus on vulnerabilities; instead, they refer to malicious software disguised as legitimate applications. Phishing exploits aim to deceive users into providing sensitive information rather than targeting software vulnerabilities. Denial-of-service exploits are oriented towards making a service unavailable rather than exploiting software weaknesses. Thus, zero-day exploits are distinct in that they are specifically aimed at unpatched vulnerabilities, making them a significant concern for cybersecurity professionals.