Glossary

Cyber terms, in plain English

Run into a confusing word in the news? Look it up here. Start typing to filter the list.

Phishing

A scam where an attacker pretends to be someone you trust to trick you into clicking a link, opening a file, or giving up a password.

Related: social engineering, spear phishing

Ransomware

Malicious software that locks up your files (encrypts them) and demands payment to unlock them. Modern gangs also steal the data and threaten to leak it.

Related: malware, double extortion

Malware

Any software built to do harm — viruses, ransomware, spyware, and more. Short for "malicious software."

Data breach

An incident where private information is accessed or taken without permission, often then leaked or sold.

MFA / 2FA

Multi-factor (or two-factor) authentication. Logging in requires two things — your password plus a second proof, like a code or your fingerprint.

Related: passkey, authenticator app

Passkey

A modern replacement for passwords. You log in with your fingerprint, face, or PIN, and there's no password to steal or phish.

VPN

Virtual Private Network. An encrypted tunnel for your internet traffic, useful on untrusted public Wi-Fi. Not a magic privacy shield.

Credential stuffing

When attackers take passwords leaked from one site and try them on many others, betting that people reuse passwords.

Patch

A software update that fixes bugs — often security holes. Installing patches quickly closes doors before attackers use them.

Vulnerability

A weakness or flaw in software or a system that an attacker could exploit.

Related: zero-day, CVE, exploit

Zero-day

A vulnerability that's being exploited before the maker has a fix available — defenders have "zero days" of warning.

Exploit

A piece of code or technique that takes advantage of a vulnerability to break in or cause harm.

CVE

"Common Vulnerabilities and Exposures." A public ID number given to a specific known flaw, like CVE-2026-34908, so everyone can refer to the same bug.

Supply-chain attack

Breaking into a trusted vendor or tool to reach all the customers downstream that rely on it.

Social engineering

Manipulating a person (rather than a computer) into breaking security rules — through urgency, authority, or familiarity.

SIM-swapping

A fraud where a criminal takes over your phone number to intercept calls and text-message security codes.

Encryption

Scrambling data with math so only someone with the right key can read it. Powers the padlock in your browser and secure messaging apps.

End-to-end encryption

Encryption where only the sender and receiver can read the message — not even the service in the middle.

Firewall

A barrier that filters network traffic, blocking unwanted or dangerous connections to a device or network.

Spyware

Malware that secretly watches what you do — keystrokes, messages, location — and reports back to an attacker.

Brute force

An attack that simply tries enormous numbers of password guesses until one works. Long, unique passwords defeat it.

Threat model

A simple plan of what you're protecting, who might target it, and how much effort your defenses are worth.

Malvertising

Malicious code hidden inside online ads that can infect you even on legitimate websites. Ad/tracker blockers help.

Double extortion

A ransomware tactic: steal the data and encrypt it, then demand payment to both unlock files and not leak them.