Cybersecurity Glossary 2026

Cyber threats are evolving fast in 2026. From AI-driven phishing to Zero Trust architecture, stay ahead of hackers with our definitive Cybersecurity Glossary. Don't let technical jargon leave you vulnerable

By Leonardo Roldão, Aplicativo Review
· Updated today
Cybersecurity Glossary 2026
Cybersecurity Glossary 2026




A

  • Adware: Software that aggressively displays unwanted ads, often tracking your browsing habits.
  • Advanced Persistent Threat (APT): A prolonged, targeted attack in which an intruder infiltrates a network and remains undetected for an extended period to steal data.
  • Antivirus / Antimalware: Essential software that scans, detects, prevents, and removes malicious programs from your device.
  • Brute Force Attack: An automated attempt to crack a password by testing thousands of letter and number combinations per second until the correct one is found.
  • Two-Factor Authentication (2FA/MFA): An extra layer of security that requires a second verification step (such as an SMS code or authenticator app) in addition to your password to access an account.

B

  • Backdoor: An undocumented and hidden method that allows an attacker to bypass normal authentication and gain remote access to a system.
  • Backup: A secure copy of your files (photos, documents, databases) stored in a safe location (cloud or external drive) for recovery in case of loss or attack.
  • Baiting: A type of social engineering where the attacker offers something enticing (such as a free download or a "lost" USB drive) to trick the victim into infecting their device.
  • Botnet: A network of thousands of infected computers or smart devices ("zombies") controlled by a hacker to carry out large-scale attacks.
  • Bug Bounty: Reward programs offered by tech companies that pay ethical hackers to find and report security vulnerabilities before malicious actors can exploit them.


C

  • Trojan (Trojan Horse): Malware disguised as a legitimate file or program that, when executed, opens backdoors in your system for attackers.
  • Cybercrime: Any illegal activity carried out - the internet or computers, such as banking fraud, identity theft, and piracy.
  • Tracking Cookie: Small files stored in your browser that follow your activity across the internet to build a profile about you, typically used for advertising (but may expose your privacy).
  • Encryption: The process of scrambling and encoding data so that only those with the correct "key" (password) can read it, protecting your messages and files.
  • Cryptojacking: When a malicious website or application hijacks your computer or phone's processing power to mine cryptocurrencies silently, slowing down your device.

D

  • Dark Web: The hidden part of the internet that is not indexed by standard search engines (like Google) and requires specialized browsers (such as Tor) to access. It is often associated with the trade of stolen data.
  • Data Breach: An incident in which confidential information (such as IDs, passwords, or emails) from a company is exposed to the public or stolen by hackers.
  • DDoS (Distributed Denial of Service): A large-scale attack that floods a website with massive amounts of fake traffic simultaneously to overwhelm and crash its servers.
  • Deep Web: The portion of the internet not indexed by search engines like Google, but not necessarily illegal, including email inboxes, banking portals, and corporate intranets.
  • Decryption: The reverse process of encryption converting scrambled code back into readable text or files using the correct key.


E

  • End-to-End Encryption: A system where only the sender and the recipient can read the message (such as in WhatsApp). Not even the internet provider or the app company can access it.
  • Endpoint: Any device connected to a network, such as your smartphone, laptop, or tablet. These are the main "entry points" for cyberattacks.
  • Social Engineering: The art of psychologically manipulating people into revealing passwords, clicking malicious links, or transferring money.
  • Exploit: A piece of code or program specifically designed to take advantage of a known vulnerability in software.
  • Digital Extortion: A crime in which an attacker threatens to expose sensitive data, private photos, or destroy files unless a ransom is paid.

F

  • IP Spoofing: When an attacker manipulates the IP address of a computer to disguise their location and make the attack appear as if it is coming from a trusted source.
  • Firewall: A security "barrier" that monitors and filters incoming and outgoing internet traffic, blocking unauthorized access to your computer or network.
  • Digital Forensics: The investigation of cybercrimes, where experts collect and analyze digital evidence from computers and networks to determine how an attack occurred and who was responsible.
  • Click Fraud: The use of bots to repeatedly click on online ads, draining the advertiser’s budget or generating fraudulent revenue for website owners.
  • Identity Provider (IdP): A service that manages and verifies user identities online (e.g., "Sign in with Google" or "Sign in with Apple").


G

  • Security Gateway: The entry and exit point of a network (such as a home router), responsible for inspecting traffic going in and out.
  • Password Manager: A secure application that generates, stores, and autofills strong, unique passwords for each website you use.
  • Tech Support Scam: A fraud where criminals call or display pop-ups pretending to be from companies like Microsoft, Apple, or your bank, claiming a fake virus to charge for a "fix."
  • Gray Hat Hacker: A hacker who accesses systems without permission (like a criminal) but not to cause harm—often to report vulnerabilities, sometimes requesting payment.
  • Greylist: A temporary anti-spam method that rejects emails from unknown senders on the first attempt, only accepting them if the server retries sending.

H

  • Hacker: Originally a highly skilled technical expert. Today, the term is often divided into "White Hat" (ethical security professionals) and "Black Hat" (malicious attackers).
  • Hacktivism: The use of cyberattacks and system intrusions for political, social, or ideological causes (e.g., groups like Anonymous).
  • Hash: A mathematical function that converts any file or text into a fixed-length code, commonly used to verify data integrity.
  • Session Hijacking: When an attacker steals a browser session cookie and gains access to your account (such as banking or social media) without needing your password.
  • Honeypot: A decoy system or server set up by security professionals as a trap to attract attackers and study their behavior.

I

  • Digital Identity: The collection of data that represents you online, including logins, browsing history, photos, and social media profiles.
  • Security Incident: Any event that compromises the integrity, confidentiality, or availability of data in a system or organization.
  • SQL Injection: An attack where malicious database commands are inserted into website input fields to steal or manipulate stored data.
  • Data Integrity: The assurance that data has not been altered, corrupted, or deleted in an unauthorized way since its creation.
  • IP Address: A unique numerical identifier assigned to each device connected to the internet, allowing data to be routed correctly.

J

  • Clickjacking: An attack where invisible buttons or links are placed over a legitimate website, tricking users into clicking something harmful without realizing it (such as liking a page or downloading malware).
  • Jailbreak / Rooting: The process of removing built-in restrictions from an operating system (such as iOS or Android), allowing the installation of unofficial apps, but significantly increasing the risk of malware infections.
  • Window of Vulnerability: The time between when a software flaw is discovered and when a patch or fix is released by the vendor.
  • Jitter: The variation in the delay of data packet delivery over a network. High jitter can disrupt video calls and online gaming, and may be exploited in certain attacks.
  • Juice Jacking: An attack that occurs when a device is connected to public USB charging stations (such as in airports), where compromised cables or ports can steal data while charging.

K

  • Kali Linux: A well-known operating system widely used by security professionals (and hackers) that includes hundreds of tools for penetration testing.
  • Cryptographic Key: A secret code used by security algorithms to encrypt and decrypt data.
  • Keylogger: A type of spyware that secretly records everything you type on a keyboard, capturing passwords and private messages.
  • Key Space: The total number of possible keys or passwords in a system. The larger the key space (longer and more complex passwords), the harder it is to break.
  • Cryptosystems: A general term referring to systems, algorithms, and software responsible for securing communication through encryption.

L

  • LGPD (General Data Protection Law): Brazilian legislation that establishes strict rules on how companies collect, use, and protect users' personal data.
  • Malicious Link: A web address that, when clicked, redirects you to a phishing site or triggers the automatic download of malware.
  • Secure Lock Screen: The primary protection on your device (password, PIN, fingerprint, or facial recognition) that prevents unauthorized physical access.
  • Audit Log: An automatic record of system activity that tracks who accessed it, when, and what actions were performed—essential for security investigations.
  • Logic Bomb: Malicious code secretly inserted into software that activates only when specific conditions are met (such as a certain date or event).

M

  • MAC Address: A unique physical identifier assigned to a device’s network interface. Attackers may attempt to clone it to bypass network restrictions.
  • Malvertising: Malicious advertising where cybercriminals place infected ads on legitimate websites to spread malware.
  • Malware: An umbrella term for malicious software, including viruses, trojans, worms, ransomware, and spyware.
  • Man-in-the-Middle (MitM): An attack where a hacker secretly intercepts and possibly alters communication between two parties (such as you and your bank).
  • MFA (Multi-Factor Authentication): An advanced form of authentication requiring two or more verification factors (e.g., password, SMS code, biometrics) for enhanced security.

N

  • Denial of Service (DoS): An attack that overwhelms a system with excessive traffic, causing it to crash or become unavailable to legitimate users.
  • NFC (Near Field Communication): A short-range wireless technology used in contactless payments. If not properly secured, it can be exploited for unauthorized transactions.
  • Tor Exit Node: The final relay point in the Tor network before traffic reaches the public internet. It can be a vulnerable point where data may be monitored.
  • Non-Repudiation: A security principle that ensures a person cannot deny the authenticity of their actions, typically enforced through digital signatures.
  • Cloud Security: A set of policies, technologies, and controls designed to protect data, applications, and infrastructure hosted in cloud environments like Google Drive, AWS, and iCloud.
Blog > Cybersecurity > Cloud Security
Published on: Cloud Security
Leonardo Roldão
Leonardo Roldão
Senior Software Developer and Founder of App Review. Specialist in PHP infrastructure and Cloud Defense, providing technical analysis & strategic insights for the global market.
Full Profile >
related subjects