Cybersecurity Glossary: 50 Essential Terms You Should Know

Introduction

The cybersecurity world is full of technical jargon: Phishing, Zero-Day, Ransomware... If you do not understand these terms, you cannot protect yourself or make sense of security news.

We compiled the 50 most important terms in cybersecurity with clear explanations. This glossary is your permanent reference — bookmark it and come back whenever you encounter an unfamiliar term.

Table of Contents

• Basic Terms
• Attack Terms
• Defense Terms
• Advanced Terms
• Summary Table

Basic Terms

1. Malware

Any software designed to damage your device or steal your data. Includes viruses, worms, trojans, and ransomware. Example: You download a file from a suspicious site and it installs a program that steals your passwords.

2. Phishing

An email or text message that appears to come from a trusted source (bank, company) but is fake, aiming to steal your data. Example: "Your account has been suspended — click here to reactivate" with a fake link.

3. Firewall

A system that monitors incoming and outgoing network traffic and blocks suspicious connections. It works like a security guard inspecting everyone who enters and exits.

4. VPN — Virtual Private Network

Technology that creates an encrypted tunnel between your device and the internet, protecting your data from spying and hiding your real location. Read more in What is a VPN.

5. Encryption

Converting data from readable text into unreadable code. Even if encrypted data is stolen, it cannot be read without the decryption key.

6. Authentication

The process of verifying a user's identity before granting access. Examples: password, fingerprint, OTP code.

7. Vulnerability

A weakness in a system or software that an attacker can exploit to breach it. Like an open door in a fortress wall.

8. Patch

An update that fixes a security vulnerability in software. That is why updating your devices immediately when a security patch is released is critical.

9. Antivirus

Software that detects and removes malware from your device. Like a doctor who examines and treats.

10. Backup

A copy of your data stored in a separate location. If you lose your original data (breach, failure), you restore it from the backup.

Attack Terms

11. DDoS — Distributed Denial of Service

Flooding a website or server with millions of fake requests until it stops working. Like 1,000 people trying to enter a single door at the same time.

12. SQL Injection

Inserting malicious database commands into website input fields (like login forms) to access stored data.

13. XSS — Cross-Site Scripting

Injecting malicious JavaScript code into a web page that executes in the victim's browser when they visit. Used to steal cookies.

14. Man-in-the-Middle (MitM)

The attacker positions themselves between two communicating parties and intercepts or modifies messages. Example: Someone eavesdropping on your connection over public Wi-Fi.

15. Ransomware

Malicious software that encrypts your files and demands payment (ransom) to decrypt them. Average ransom in 2026: $250,000 for businesses.

16. Brute Force

Trying all possible password combinations until finding the correct one. A 6-character password is cracked in minutes. A 12-character one needs thousands of years.

17. Keylogger

Malicious software that records every keystroke — passwords, messages, credit card details.

18. Spoofing

Forging the sender's identity (email, phone number, IP address) to appear as a trusted source.

19. Rootkit

Malicious software that hides deep within the operating system and gives the attacker full control while concealing its presence.

20. Zero-Day

Exploiting a security vulnerability the developer does not yet know about — meaning there is no patch. The most dangerous because there is no ready defense.

21. Trojan Horse

A program that appears useful (a game, a free app) but contains malicious code. Example: A "phone speed booster" app that actually steals your data.

22. Worm

Malicious software that spreads automatically across the network without user interaction — exploiting vulnerabilities to move from device to device.

23. Social Engineering

Deceiving humans (not machines) to obtain secret information. Read our comprehensive guide on Social Engineering.

24. Credential Stuffing

Using leaked username and password lists to try logging into other accounts. That is why you should never reuse the same password across sites.

25. Botnet

A network of malware-infected devices controlled remotely by a single attacker. Used for DDoS attacks and spam.

Defense Terms

26. 2FA — Two-Factor Authentication

Adding a second protection layer after your password: a code from an app, an SMS, or a security key. The most important step to protect your accounts. Read more in Strong Password Guide.

27. MFA — Multi-Factor Authentication

Like 2FA but with three or more layers: something you know (password) + something you have (phone) + something you are (fingerprint).

28. SSL/TLS — Security Protocol

Encrypts the connection between your browser and the website. Secure sites start with https:// (note the "s"). Always verify before entering sensitive data.

29. Zero Trust

A security philosophy: trust nothing by default — verify every user, device, and connection even if it is inside the network.

30. IDS/IPS — Intrusion Detection and Prevention Systems

IDS detects attacks and alerts you. IPS detects them and blocks them automatically. Like a security camera (IDS) vs. a security guard (IPS).

31. SIEM — Security Information and Event Management

A system that collects security logs from all your sources (firewall, servers, devices) and analyzes them to detect threats.

32. Password Manager

An application that stores all your complex passwords in an encrypted vault. You only need to remember one password (the master password).

33. Sandbox

A safe virtual environment for running suspicious programs without affecting your real system. Like an isolated testing room.

34. WAF — Web Application Firewall

Protects websites from attacks like SQL Injection and XSS by filtering suspicious requests.

35. EDR — Endpoint Detection and Response

An advanced protection system for computers and phones — monitors suspicious behavior and responds automatically.

Advanced Terms

36. Penetration Testing

Simulating a real attack on your system with your permission to discover vulnerabilities before attackers do. Performed by certified specialists.

37. SOC — Security Operations Center

A team that monitors an organization's systems 24/7 to detect threats and respond to them.

38. Red Team

A team that attacks an organization's systems (with permission) to test its defenses. Simulates real attacker tactics.

39. Blue Team

A team that defends an organization's systems against attacks. Works to detect breaches and respond to them.

40. Purple Team

Combining Red Team and Blue Team into a single team that attacks and defends collaboratively to improve overall security.

41. Threat Intelligence

Gathering and analyzing information about potential threats and attackers to take proactive measures.

42. Incident Response

An organized plan for handling breaches: detect, contain, eradicate, recover, analyze, improve.

43. Digital Forensics

Scientific investigation of security incidents to determine: What happened? How? Who is responsible? What data was affected?

44. CVE — Common Vulnerabilities and Exposures

A global database that assigns each discovered vulnerability a unique identifier (like CVE-2026-12345) for tracking.

45. OWASP — Open Web Application Security Project

An open organization that publishes lists of the top 10 vulnerabilities in web applications. Essential reference for every developer.

46. Bug Bounty

Programs offered by companies (Google, Apple, Samsung) that pay rewards to anyone who discovers security vulnerabilities in their products. Rewards can reach $250,000 and more.

47. Cryptography

The mathematical foundation for securing communications and data. Includes symmetric encryption (AES), asymmetric encryption (RSA), and hash functions (SHA).

48. API Security

Protecting APIs that connect applications to each other. API attacks increased 400% in 2025-2026.

49. Supply Chain Attack

Breaching a software vendor and using their updates to spread malware to their customers. Famous example: the SolarWinds attack.

50. Quantum-Safe Cryptography

New encryption algorithms designed to remain secure even when quantum computers capable of breaking current encryption emerge.

Summary Table: Key Terms

Real Attacks: Lessons from the Field

SolarWinds 2020 — Supply Chain Attack

In December 2020, it was discovered that attackers (believed to be linked to Russia) compromised SolarWinds and planted malware in an Orion software update. More than 18,000 organizations downloaded the infected update, including the U.S. Treasury Department, Microsoft, and Intel. The breach continued for 9 months before discovery.

Practical Tools: Try It Yourself

Use this command to scan your network and discover connected devices:

# Scan the local network using nmap to discover connected devices
# Install nmap first: sudo apt install nmap (Linux) or brew install nmap (macOS)

# Quick scan for devices on your local network
nmap -sn 192.168.1.0/24

# Scan open ports on a specific device
nmap -sV 192.168.1.1

# Scan for known security vulnerabilities
nmap --script vuln 192.168.1.1

Warning: Use these tools on your own network only. Scanning others' networks without permission is illegal.

How to Protect Yourself

Now that you know the terms, here are 7 practical steps for protection:

1. Enable two-factor authentication (2FA) on all important accounts — email, bank, and social media
2. Use a password manager like Bitwarden — a unique password for every account
3. Update your devices immediately when security patches are released — never delay
4. Do not click suspicious links — verify the sender's address before taking action
5. Use a VPN when connecting to public Wi-Fi networks
6. Keep encrypted backups of your important data (3-2-1 rule)
7. Follow security news — awareness is your first line of defense

For more details on each step, read Cybersecurity Best Practices.

Conclusion

50 terms — but you do not need to memorize them all today. Start with the basics (1-10) and go deeper gradually.

The more you understand these terms, the better you can protect yourself, follow security news, and make smart decisions.

Next step: Apply what you learned by reading Cybersecurity Fundamentals and learn how to protect yourself in practice.