A
Account Takeover (ATO) — When attackers steal or guess login credentials and impersonate a user.
Adversary‑in‑the‑Middle (AiTM) — Intercepting and altering communication between two parties.
B
Backups — Copies of data stored separately for recovery after an incident.
BEC (Business Email Compromise) — Impersonating executives or vendors to redirect payments.
BitB (Browser‑in‑the‑Browser) — A fake login window that looks identical to a real one.
Brute Force Attack — Trying many password combinations until one works.
C
Clickjacking — Tricking a user into clicking something different from what they see.
Credential Stuffing — Using stolen passwords from one site to break into another.
CVE — A standardized ID number for known software vulnerabilities.
Cyber Kill Chain — A model describing the stages of a cyberattack.
D
Data Encryption — Scrambling data so only authorized parties can read it.
Deepfake (Voice/Video) — AI‑generated impersonations used to deceive or manipulate.
DNS Spoofing — Redirecting users to fake websites by tampering with DNS.
E
EDR (Endpoint Detection & Response) — Security software that monitors devices for malicious behavior.
Email Spoofing — Sending emails that appear to come from someone else.
Encryption — See Data Encryption.
F
Firewall — A digital gatekeeper that controls what traffic is allowed in or out.
Formjacking — Injecting malicious code into web forms to steal data.
I
Identity Provider (IdP) — A system that manages user authentication.
IOC (Indicator of Compromise) — A clue that an attack has happened.
L
Lateral Movement — Attackers moving from one system to another inside a network.
Least Privilege — Giving users only the access they need — nothing more.
M
Man‑in‑the‑Middle Attack — Intercepting communication between two parties.
MFA (Multi‑Factor Authentication) — A login that requires more than just a password.
MITRE ATT&CK — A global framework that catalogs attacker behavior.
N
Network Segmentation — Dividing a network into smaller zones to limit attacker movement.
P
PAM (Privileged Access Management) — Tools and processes that control high‑level accounts.
Password Spraying — Trying common passwords across many accounts.
Patching — Updating software to fix vulnerabilities.
Phishing — A deceptive message designed to trick someone into clicking or revealing information.
Phishing‑as‑a‑Service — Criminals selling ready‑made phishing kits.
R
Ransomware — Malware that encrypts data and demands payment.
S
Segmentation — See Network Segmentation.
SIEM — A system that collects logs and alerts on suspicious activity.
Smishing — Phishing via SMS text message.
Social Engineering — Manipulating people into doing something harmful.
SPF/DKIM/DMARC — Email authentication tools that prevent spoofing.
Supply Chain Attack — Compromising a vendor to reach their customers.
Synthetic Identity Fraud — Creating a fake identity using real and fabricated information.
T
Third‑Party Risk — Risk introduced by vendors with access to your systems.
TTPs — The repeatable methods attackers use.
Typosquatting — Registering look‑alike domains to trick users.
V
Vishing — Phishing via voice call.
Vulnerability — A flaw in software or configuration that attackers can exploit.
Z
Zero‑Day — A vulnerability exploited before a patch exists.
Zero Trust — A security model that assumes no user or device is trustworthy by default.
