Cybersecurity Glossary: 80+ Security Terms Defined for 2026
Comprehensive glossary of cybersecurity and information security terms. From APT to zero-day, every term explained.
A — APT to Authentication
APT (Advanced Persistent Threat): A prolonged, targeted cyberattack where an intruder gains access to a network and remains undetected for an extended period. APTs typically target governments, defense contractors, and critical infrastructure. Nation-state actors are the primary source of APTs. Attack Surface: The total number of points where an unauthorized user can try to enter or extract data from a system. Reducing attack surface is a core security principle — fewer exposed services and endpoints mean fewer potential vulnerabilities. Authentication: The process of verifying a user's identity. Methods include passwords, multi-factor authentication (MFA), biometrics (fingerprint, face), hardware tokens (YubiKey), and passkeys. In 2026, passwordless authentication via passkeys is becoming the standard.
B — Botnet to Bug Bounty
Botnet: A network of compromised computers (bots) controlled by an attacker. Botnets are used for DDoS attacks, spam, cryptocurrency mining, and credential stuffing. Major botnets can include millions of infected devices. Brute Force Attack: An attack method that tries every possible combination to guess passwords or encryption keys. Protection includes rate limiting, account lockouts, and strong password requirements. Modern GPUs can attempt billions of password hashes per second. Bug Bounty: A program where organizations pay security researchers for discovering and responsibly disclosing vulnerabilities. Major programs include HackerOne, Bugcrowd, and company-specific programs from Google, Apple, and Microsoft. Bounties range from $100 for minor bugs to $1M+ for critical zero-days.
C — CISO to CVE
CISO (Chief Information Security Officer): The senior executive responsible for an organization's information security strategy, policies, and operations. CISOs report to the CEO or board and manage security teams, budgets, and incident response. CIA Triad: The three fundamental security principles: Confidentiality (data is only accessible to authorized parties), Integrity (data is accurate and unmodified), Availability (systems are accessible when needed). Every security control maps to one or more of these principles. CVE (Common Vulnerabilities and Exposures): A standardized system for identifying and cataloging security vulnerabilities. Each CVE gets a unique ID (e.g., CVE-2024-3094) and severity score. CVSS (Common Vulnerability Scoring System) rates severity from 0-10.
D — DDoS to DNS
DDoS (Distributed Denial of Service): An attack that overwhelms a target with traffic from many sources, making it unavailable to legitimate users. DDoS attacks can exceed 1 Tbps. Mitigation services include Cloudflare, Akamai, and AWS Shield. Data Breach: An incident where sensitive data is accessed or stolen by unauthorized parties. Major breaches affect millions of records. Costs average $4.5M per incident including detection, response, notification, and legal fees. DNS (Domain Name System): The internet's phone book, translating domain names to IP addresses. DNS attacks include spoofing (redirecting traffic), tunneling (exfiltrating data via DNS queries), and hijacking (taking control of domain records). DNSSEC adds cryptographic signatures to prevent spoofing.
E — Encryption to Exploit
Encryption: The process of converting data into an unreadable format that can only be decoded with the correct key. Symmetric encryption (AES-256) uses one key for both encryption and decryption. Asymmetric encryption (RSA, ECC) uses public/private key pairs. End-to-end encryption ensures only communicating parties can read messages. Endpoint Detection and Response (EDR): Security software that monitors endpoints (laptops, servers, phones) for threats. EDR provides real-time detection, investigation, and automated response. Leading vendors include CrowdStrike, SentinelOne, and Microsoft Defender. Exploit: Code or technique that takes advantage of a vulnerability to compromise a system. Exploit kits package multiple exploits for automated attacks. Zero-day exploits target previously unknown vulnerabilities.
F-I — Firewall to Incident Response
Firewall: A security device that monitors and controls network traffic based on rules. Next-generation firewalls (NGFW) add deep packet inspection, application awareness, and intrusion prevention. Cloud firewalls (AWS Security Groups, Cloudflare WAF) protect cloud-hosted applications. Identity and Access Management (IAM): Systems and policies for managing digital identities and controlling access to resources. IAM includes user provisioning, role-based access control (RBAC), single sign-on (SSO), and privileged access management (PAM). Incident Response: The organized approach to detecting, containing, and recovering from security incidents. IR plans define roles, procedures, and communication protocols. The NIST framework has four phases: Preparation, Detection & Analysis, Containment & Eradication, Post-Incident Activity.
M-P — Malware to Phishing
Malware: Malicious software designed to damage, disrupt, or gain unauthorized access to systems. Types include viruses (self-replicating), worms (network-spreading), trojans (disguised as legitimate software), ransomware (encrypts files for payment), spyware (monitors activity), and rootkits (hides malicious processes). Penetration Testing: Authorized simulated attacks to evaluate security. Pentesters use the same techniques as attackers to find vulnerabilities before malicious actors do. Methodologies include OWASP, PTES, and NIST. Phishing: Social engineering attacks that trick users into revealing credentials or installing malware. Spear phishing targets specific individuals. Whaling targets executives. In 2026, AI-generated phishing is increasingly sophisticated, using personalized content that mimics legitimate communications.
R-S — Ransomware to SIEM
Ransomware: Malware that encrypts victim files and demands payment for the decryption key. Modern ransomware uses double extortion (encrypt + threaten to leak data). Average ransom payments exceeded $500K in 2025. SIEM (Security Information and Event Management): A platform that collects, correlates, and analyzes security logs from across an organization's infrastructure. SIEMs detect threats by identifying patterns across millions of events. Leading platforms include Splunk, Microsoft Sentinel, and Google Chronicle. SOC (Security Operations Center): A centralized team that monitors and responds to security threats 24/7. SOCs use SIEMs, EDR, and threat intelligence to detect and respond to incidents. Supply Chain Attack: Compromising a software vendor or dependency to attack their downstream users. The SolarWinds attack (2020) and xz utils backdoor (2024) are prominent examples.
T-Z — Threat Intel to Zero-Day
Threat Intelligence: Information about current and emerging cyber threats used to inform security decisions. Sources include government advisories (CISA), commercial feeds (Recorded Future, Mandiant), open-source feeds (AlienVault OTX), and information sharing communities (ISACs). VPN (Virtual Private Network): An encrypted tunnel between a device and a network, protecting traffic from interception. Enterprise VPNs provide remote access to corporate resources. Consumer VPNs provide privacy by masking IP addresses. Vulnerability: A weakness in software, hardware, or processes that could be exploited. Vulnerability management includes scanning (Nessus, Qualys), patching, and configuration hardening. Zero-Day: A vulnerability that is unknown to the vendor and has no patch available. Zero-day exploits are the most dangerous because there are no defenses. The zero-day market values critical exploits at $500K-$2.5M.