In the old days, "zero-days" were associated with attacks against unknown vulnerabilities. Now, the term is much more often used to describe a vulnerability that is widely known and doesn't yet have a patch available. It is worth keeping this distinction in mind because the threat can be much different — in the first case, it is imminent, and in the second case it may be low (obviously, this varies significantly). In addition, the protection capabilities can be very different, with deterministic signatures vs. behavioral/heuristic analysis.
I have taken to calling the first case vulnerabilities "undercover vulnerabilities" since they are not well-known and being actively exploited – in my mind, the worst-case scenario for security professionals.