For now, I am refusing to use the term “less-than-zero-day” for a vulnerability that is unknown but actively exploited. Zero-day then refers to an exploit in the wild that is not patched yet, but is known (the time between notification of vendor and vendor-issued patch). I see no use in this cutesy term…just call anything before a patch or vendor-issued workarounds a 0day for all our sakes…