Cyber terms, in plain English
Run into a confusing word in the news? Look it up here. Start typing to filter the list.
Phishing
A scam where an attacker pretends to be someone you trust to trick you into clicking a link, opening a file, or giving up a password.
Related: social engineering, spear phishing
Ransomware
Malicious software that locks up your files (encrypts them) and demands payment to unlock them. Modern gangs also steal the data and threaten to leak it.
Related: malware, double extortion
Malware
Any software built to do harm — viruses, ransomware, spyware, and more. Short for "malicious software."
Data breach
An incident where private information is accessed or taken without permission, often then leaked or sold.
MFA / 2FA
Multi-factor (or two-factor) authentication. Logging in requires two things — your password plus a second proof, like a code or your fingerprint.
Related: passkey, authenticator app
Passkey
A modern replacement for passwords. You log in with your fingerprint, face, or PIN, and there's no password to steal or phish.
VPN
Virtual Private Network. An encrypted tunnel for your internet traffic, useful on untrusted public Wi-Fi. Not a magic privacy shield.
Credential stuffing
When attackers take passwords leaked from one site and try them on many others, betting that people reuse passwords.
Patch
A software update that fixes bugs — often security holes. Installing patches quickly closes doors before attackers use them.
Vulnerability
A weakness or flaw in software or a system that an attacker could exploit.
Related: zero-day, CVE, exploit
Zero-day
A vulnerability that's being exploited before the maker has a fix available — defenders have "zero days" of warning.
Exploit
A piece of code or technique that takes advantage of a vulnerability to break in or cause harm.
CVE
"Common Vulnerabilities and Exposures." A public ID number given to a specific known flaw, like CVE-2026-34908, so everyone can refer to the same bug.
Supply-chain attack
Breaking into a trusted vendor or tool to reach all the customers downstream that rely on it.
Social engineering
Manipulating a person (rather than a computer) into breaking security rules — through urgency, authority, or familiarity.
SIM-swapping
A fraud where a criminal takes over your phone number to intercept calls and text-message security codes.
Encryption
Scrambling data with math so only someone with the right key can read it. Powers the padlock in your browser and secure messaging apps.
End-to-end encryption
Encryption where only the sender and receiver can read the message — not even the service in the middle.
Firewall
A barrier that filters network traffic, blocking unwanted or dangerous connections to a device or network.
Spyware
Malware that secretly watches what you do — keystrokes, messages, location — and reports back to an attacker.
Brute force
An attack that simply tries enormous numbers of password guesses until one works. Long, unique passwords defeat it.
Threat model
A simple plan of what you're protecting, who might target it, and how much effort your defenses are worth.
Malvertising
Malicious code hidden inside online ads that can infect you even on legitimate websites. Ad/tracker blockers help.
Double extortion
A ransomware tactic: steal the data and encrypt it, then demand payment to both unlock files and not leak them.