Which type of attack is specific to security vulnerabilities that are unknown at the time of software release?

A zero-day attack refers to cyber-attacks that exploit vulnerabilities in software that are not yet known to the software vendor or the public. Because these vulnerabilities are undiscovered at the time of software release, they do not have established patches or defenses available at that moment. This makes such attacks particularly potent, as there is no immediate remedy to mitigate the risk, allowing attackers to take advantage of the security gap until the flaw is addressed.

The other options pertain to different aspects of cybersecurity: penetration testing is a proactive approach to identify security weaknesses in a system; denial of service is an attack intended to make a service unavailable by overwhelming it with traffic; and SQL injection involves a specific technique used to manipulate databases through malicious input in SQL statements. These concepts do not relate to the idea of exploiting unknown vulnerabilities like a zero-day attack does.