Cybersecurity Glossary 2026

Cyber threats are evolving fast in 2026. From AI-driven phishing to Zero Trust architecture, stay ahead of hackers with our definitive Cybersecurity Glossary. Don't let technical jargon leave you vulnerable

By Leonardo Roldão, App review
· Updated 43 days ago
Cybersecurity Glossary 2026

In a world where cyber threats evolve faster than ever, understanding the basics can be the difference between staying protected and becoming the next victim. In 2026, with the advancement of AI, zero-click attacks, sophisticated ransomware, and increasingly clever social engineering, knowledge is your best shield.

With that in mind, we have prepared the Cybersecurity Glossary 2026: a complete and updated guide to the key terms, concepts, and threats in the cybersecurity universe. Whether you are an everyday user looking to protect your personal data, an IT professional, or a business owner concerned about your company's security, this glossary was designed to be clear, practical, and straight to the point.

I invite you to continue reading and master the essential vocabulary to navigate the internet more safely. The more you understand, the less vulnerable you become.

A

  • Adware: Software that aggressively displays unwanted ads, often tracking your browsing habits.
  • Advanced Persistent Threat (APT): A prolonged, targeted attack in which an intruder infiltrates a network and remains undetected for an extended period to steal data.
  • Antivirus / Antimalware: Essential software that scans, detects, prevents, and removes malicious programs from your device.
  • Brute Force Attack: An automated attempt to crack a password by testing thousands of letter and number combinations per second until the correct one is found.
  • Two-Factor Authentication (2FA/MFA): An extra layer of security that requires a second verification step (such as an SMS code or authenticator app) in addition to your password to access an account.
    • How to enable 2FA and MFA to protect accounts

B

  • Backdoor: An undocumented and hidden method that allows an attacker to bypass normal authentication and gain remote access to a system.
  • Backup: A secure copy of your files (photos, documents, databases) stored in a safe location (cloud or external drive) for recovery in case of loss or attack.
  • Baiting: A type of social engineering where the attacker offers something enticing (such as a free download or a "lost" USB drive) to trick the victim into infecting their device.
  • Botnet: A network of thousands of infected computers or smart devices ("zombies") controlled by a hacker to carry out large-scale attacks.
  • Bug Bounty: Reward programs offered by tech companies that pay ethical hackers to find and report security vulnerabilities before malicious actors can exploit them.

C

  • Trojan (Trojan Horse): Malware disguised as a legitimate file or program that, when executed, opens backdoors in your system for attackers.
  • Cybercrime: Any illegal activity carried out - the internet or computers, such as banking fraud, identity theft, and piracy.
  • Tracking Cookie: Small files stored in your browser that follow your activity across the internet to build a profile about you, typically used for advertising (but may expose your privacy).
  • Encryption: The process of scrambling and encoding data so that only those with the correct "key" (password) can read it, protecting your messages and files.
  • Cryptojacking: When a malicious website or application hijacks your computer or phone's processing power to mine cryptocurrencies silently, slowing down your device.

D

  • Dark Web: The hidden part of the internet that is not indexed by standard search engines (like Google) and requires specialized browsers (such as Tor) to access. It is often associated with the trade of stolen data.
  • Data Breach: An incident in which confidential information (such as IDs, passwords, or emails) from a company is exposed to the public or stolen by hackers.
  • DDoS (Distributed Denial of Service): A large-scale attack that floods a website with massive amounts of fake traffic simultaneously to overwhelm and crash its servers.
  • Deep Web: The portion of the internet not indexed by search engines like Google, but not necessarily illegal, including email inboxes, banking portals, and corporate intranets.

    • Curious about entering the Deep Web? Read this before taking the risk

  • Decryption: The reverse process of encryption converting scrambled code back into readable text or files using the correct key.

E

  • End-to-End Encryption: A system where only the sender and the recipient can read the message (such as in WhatsApp). Not even the internet provider or the app company can access it.
  • Endpoint: Any device connected to a network, such as your smartphone, laptop, or tablet. These are the main "entry points" for cyberattacks.
  • Social Engineering: The art of psychologically manipulating people into revealing passwords, clicking malicious links, or transferring money.
  • Exploit: A piece of code or program specifically designed to take advantage of a known vulnerability in software.
  • Digital Extortion: A crime in which an attacker threatens to expose sensitive data, private photos, or destroy files unless a ransom is paid.

F

  • IP Spoofing: When an attacker manipulates the IP address of a computer to disguise their location and make the attack appear as if it is coming from a trusted source.
  • Firewall: A security "barrier" that monitors and filters incoming and outgoing internet traffic, blocking unauthorized access to your computer or network.
  • Digital Forensics: The investigation of cybercrimes, where experts collect and analyze digital evidence from computers and networks to determine how an attack occurred and who was responsible.
  • Click Fraud: The use of bots to repeatedly click on online ads, draining the advertiser’s budget or generating fraudulent revenue for website owners.
  • Identity Provider (IdP): A service that manages and verifies user identities online (e.g., "Sign in with Google" or "Sign in with Apple").

G

  • Security Gateway: The entry and exit point of a network (such as a home router), responsible for inspecting traffic going in and out.
  • Password Manager: A secure application that generates, stores, and autofills strong, unique passwords for each website you use.
  • Tech Support Scam: A fraud where criminals call or display pop-ups pretending to be from companies like Microsoft, Apple, or your bank, claiming a fake virus to charge for a "fix."
  • Gray Hat Hacker: A hacker who accesses systems without permission (like a criminal) but not to cause harm—often to report vulnerabilities, sometimes requesting payment.
  • Greylist: A temporary anti-spam method that rejects emails from unknown senders on the first attempt, only accepting them if the server retries sending.

    • Greylisting is the simple solution to complex spam attacks

H

  • Hacker: Originally a highly skilled technical expert. Today, the term is often divided into "White Hat" (ethical security professionals) and "Black Hat" (malicious attackers).
  • Hacktivism: The use of cyberattacks and system intrusions for political, social, or ideological causes (e.g., groups like Anonymous).
  • Hash: A mathematical function that converts any file or text into a fixed-length code, commonly used to verify data integrity.
  • Session Hijacking: When an attacker steals a browser session cookie and gains access to your account (such as banking or social media) without needing your password.
  • Honeypot: A decoy system or server set up by security professionals as a trap to attract attackers and study their behavior.

I

  • Digital Identity: The collection of data that represents you online, including logins, browsing history, photos, and social media profiles.
  • Security Incident: Any event that compromises the integrity, confidentiality, or availability of data in a system or organization.
  • SQL Injection: An attack where malicious database commands are inserted into website input fields to steal or manipulate stored data.
  • Data Integrity: The assurance that data has not been altered, corrupted, or deleted in an unauthorized way since its creation.
  • IP Address: A unique numerical identifier assigned to each device connected to the internet, allowing data to be routed correctly.

J

  • Clickjacking: An attack where invisible buttons or links are placed over a legitimate website, tricking users into clicking something harmful without realizing it (such as liking a page or downloading malware).
  • Jailbreak / Rooting: The process of removing built-in restrictions from an operating system (such as iOS or Android), allowing the installation of unofficial apps, but significantly increasing the risk of malware infections.
  • Window of Vulnerability: The time between when a software flaw is discovered and when a patch or fix is released by the vendor.
  • Jitter: The variation in the delay of data packet delivery over a network. High jitter can disrupt video calls and online gaming, and may be exploited in certain attacks.
  • Juice Jacking: An attack that occurs when a device is connected to public USB charging stations (such as in airports), where compromised cables or ports can steal data while charging.

    • Juice Jacking: how public chargers steal your data

K

  • Kali Linux: A well-known operating system widely used by security professionals (and hackers) that includes hundreds of tools for penetration testing.

    • Is Kali Linux essential in 2026? Understand why

  • Cryptographic Key: A secret code used by security algorithms to encrypt and decrypt data.
  • Keylogger: A type of spyware that secretly records everything you type on a keyboard, capturing passwords and private messages.
  • Key Space: The total number of possible keys or passwords in a system. The larger the key space (longer and more complex passwords), the harder it is to break.
  • Cryptosystems: A general term referring to systems, algorithms, and software responsible for securing communication through encryption.

L

  • LGPD (General Data Protection Law): Brazilian legislation that establishes strict rules on how companies collect, use, and protect users' personal data.
  • Malicious Link: A web address that, when clicked, redirects you to a phishing site or triggers the automatic download of malware.
  • Secure Lock Screen: The primary protection on your device (password, PIN, fingerprint, or facial recognition) that prevents unauthorized physical access.
  • Audit Log: An automatic record of system activity that tracks who accessed it, when, and what actions were performed—essential for security investigations.
  • Logic Bomb: Malicious code secretly inserted into software that activates only when specific conditions are met (such as a certain date or event).

M

  • MAC Address: A unique physical identifier assigned to a device’s network interface. Attackers may attempt to clone it to bypass network restrictions.
  • Malvertising: Malicious advertising where cybercriminals place infected ads on legitimate websites to spread malware.
  • Malware: An umbrella term for malicious software, including viruses, trojans, worms, ransomware, and spyware.
  • Man-in-the-Middle (MitM): An attack where a hacker secretly intercepts and possibly alters communication between two parties (such as you and your bank).
  • MFA (Multi-Factor Authentication): An advanced form of authentication requiring two or more verification factors (e.g., password, SMS code, biometrics) for enhanced security.

N

  • Denial of Service (DoS): An attack that overwhelms a system with excessive traffic, causing it to crash or become unavailable to legitimate users.
  • NFC (Near Field Communication): A short-range wireless technology used in contactless payments. If not properly secured, it can be exploited for unauthorized transactions.
  • Tor Exit Node: The final relay point in the Tor network before traffic reaches the public internet. It can be a vulnerable point where data may be monitored.
  • Non-Repudiation: A security principle that ensures a person cannot deny the authenticity of their actions, typically enforced through digital signatures.
  • Cloud Security: A set of policies, technologies, and controls designed to protect data, applications, and infrastructure hosted in cloud environments like Google Drive, AWS, and iCloud.

O

  • Obfuscation (Code Obfuscation): A technique used by malware creators to disguise code, making it harder for antivirus software to analyze and detect threats.
  • Open Source Intelligence (OSINT): The collection of publicly available information about individuals (from social media, public records, news, etc.) often used by attackers to craft targeted attacks.
  • Opt-in / Opt-out: User consent (or withdrawal of it) for websites to collect data or send communications. Understanding opt-in policies helps prevent your data from being shared with third parties.
  • Out-of-Band Authentication:A security process where identity verification occurs - a separate communication channel (e.g., logging in on a computer but approving access on a mobile device).
  • Overlay Attack: Common on Android devices, where a malicious app displays a fake interface over a legitimate one (such as a banking app), tricking users into entering sensitive data.

P

  • Security Patch: A critical update released by software vendors (such as Windows, Android, or apps) to fix newly discovered security vulnerabilities.
  • Payload: The harmful component of malware responsible for executing the actual damage, such as deleting files, stealing data, or locking systems.
  • Penetration Testing (Pentest): An authorized simulated attack where ethical hackers attempt to breach systems to identify vulnerabilities before malicious actors do.
  • Phishing: A type of scam delivered via email, SMS, or messaging apps, where attackers impersonate trusted organizations to steal sensitive information.
  • Proxy Server: An intermediary server that acts on your behalf on the internet, helping to hide your IP address and filter harmful content.

Q

  • Quantum Key Distribution (QKD): An advanced security technology that uses quantum physics to generate encryption keys that are theoretically impossible to intercept.
  • QR Code Phishing (Quishing): A modern scam where attackers use fake QR codes (placed in public areas like parking meters or menus) to redirect users to malicious websites.
  • Quarantine: An isolated storage area used by antivirus software to contain suspicious files, preventing them from executing or harming the system.
  • Downtime: The period during which a website or server is unavailable due to technical failures, overload, or cyberattacks.
  • Query String: The part of a URL that contains visible data parameters (e.g., site.com/page?user=leo). Attackers may manipulate it to access restricted areas of a website.

R

  • Rainbow Table: A massive database table used by hackers containing millions of precomputed password hashes, allowing them to crack passwords in seconds.
  • Ransomware: A type of malware that encrypts your files and demands payment (often in cryptocurrency) in exchange for the decryption key.
  • Web Tracking: The practice of monitoring users' online activity across websites to build detailed profiles of their behavior and interests.
  • Rogue Wi-Fi: Fake public Wi-Fi networks created by attackers (e.g., "Free Airport Wi-Fi") to intercept and steal user data.
  • Rootkit: A highly stealthy type of malware that embeds itself deep within the operating system, making it extremely difficult to detect and remove.

S

  • Smishing: A form of phishing carried out via SMS messages (e.g., "Your account has been blocked, click here").
  • Sniffing: The use of software tools to secretly intercept and analyze data traveling over an unsecured network, potentially capturing sensitive information.
  • Spam: Unsolicited bulk messages, often containing malicious links or fraudulent content.
  • Spear Phishing: A highly targeted phishing attack where attackers use personal information to craft convincing messages tailored to the victim.
  • Spoofing: The technique of falsifying the origin of a communication, making it appear as though it comes from a trusted source.

T

  • TLS/SSL: Security protocols that encrypt communication between a user and a website, often indicated by a padlock icon in the browser.
  • Security Token: A physical device or mobile app that generates time-based codes used to verify identity during logins or transactions.
  • Traffic Analysis: The process of monitoring data flow in and out of a network to detect unusual patterns that may indicate a cyberattack.
  • Banking Trojan: A specialized type of trojan designed to steal financial information by targeting online banking sessions.
  • Typosquatting: A scam where attackers register domains with misspelled versions of popular websites to trick users into visiting malicious pages.

U

  • U2F (Universal 2nd Factor): A highly secure authentication standard that uses a physical hardware key (like a USB device) as a second factor for account access.
  • Security Update: The process of installing the latest updates for operating systems or apps to fix vulnerabilities and improve security.
  • Malicious URL: A web address crafted to appear legitimate but designed to install malware or steal data when accessed.
  • USB Drop Attack: A physical attack method where infected USB drives are intentionally left in public places to trick users into plugging them into their devices.
  • User Access Control: System rules that restrict user permissions, preventing unauthorized actions and reducing the risk of system compromise.

V

  • Data Leak: The large-scale exposure of databases containing personal information of thousands or millions of users, either accidentally or through a cyberattack.
  • Virus: Malicious code that attaches itself to a legitimate file and requires user execution (such as double-clicking) to infect the system and spread to other files.
  • Vishing (Voice Phishing): Social engineering scams carried out via phone calls or voice messages, often impersonating bank representatives or trusted entities.

    • Vishing: phone scams that steal data

  • VPN (Virtual Private Network): An application that creates a secure, encrypted tunnel for your internet connection, essential for safely using public Wi-Fi networks.
  • Vulnerability: Any flaw, misconfiguration, or weakness in a system, application, or user behavior that can be exploited by attackers.

W

  • WAF (Web Application Firewall): A security layer designed to protect websites by filtering and blocking malicious traffic before it reaches the server.
  • Web Crawler: Bots used by search engines like Google to index websites, but also used maliciously to scan for vulnerabilities across multiple sites.
  • Whaling: A highly targeted phishing attack aimed at executives such as CEOs or directors, often to steal sensitive corporate data.
  • Whitelist: A strict security approach where only pre-approved applications or entities are allowed to run or access a system.
  • Worm: A self-replicating type of malware that spreads automatically across networks without requiring user interaction.

X

  • X.509 Certificates: The standard format used for digital certificates, verifying the authenticity of websites and secure servers.
  • X-Frame-Options: A web security feature that prevents a webpage from being embedded inside another site, protecting against clickjacking attacks.
  • XDR (Extended Detection and Response): An advanced security platform that integrates data from endpoints, networks, and servers to detect and respond to threats using automation and AI.
  • XML External Entity (XXE): A type of attack that exploits XML parsing in web applications to access internal files or sensitive system data.
  • XSS (Cross-Site Scripting): A vulnerability that allows attackers to inject malicious scripts into legitimate websites, affecting users who visit those pages.

Y

  • Y2K (Millennium Bug): A historical software issue where older systems failed to handle dates beyond 1999, highlighting the real-world impact of coding flaws.
  • YARA Rules: A tool used by cybersecurity researchers to identify and classify malware families based on code patterns.
  • Yellow Team: In security testing, the group of developers focused on building secure applications from the ground up.
  • Yielding to Ransomware: The controversial act of paying a ransom after a ransomware attack, which does not guarantee data recovery.
  • YubiKey: A popular hardware security key used as a strong form of two-factor authentication (2FA) for protecting online accounts.

Z

  • Zero-Click Attack: A highly dangerous attack where malware infects a device without any user interaction, often exploiting messaging apps.
  • Zero-Day Vulnerability: A critical security flaw unknown to the software vendor, leaving systems exposed without a patch.
  • Zero Trust: A modern security model based on the principle "never trust, always verify," requiring continuous authentication and validation.
  • ZIP Bomb: A malicious compressed file that expands into massive amounts of data when decompressed, overwhelming system resources.
  • Zombie Computer: A device infected and controlled remotely as part of a botnet, used to carry out attacks without the owner's knowledge.

The Cybersecurity Glossary 2026 is more than just a list of technical terms, it is a tool for empowerment. In an era where a single click or a missed update can cost you data, money, or even your reputation, understanding these concepts keeps you one step ahead of cybercriminals.

Cybersecurity is no longer just a topic for specialists. It is everyone’s responsibility. Adopt best practices, stay up to date, and turn knowledge into a habit.

People also ask

What are the most essential cybersecurity terms to know in 2026?
In 2026, the most critical terms include Zero Trust Architecture, AI-driven Phishing, Quantum-resistant Encryption, and Digital Hygiene. Understanding these concepts helps individuals and companies navigate a landscape where threats are increasingly automated and sophisticated.
Why is a cybersecurity glossary important for non-technical employees?
A glossary breaks down complex jargon into actionable knowledge. Since most security breaches occur due to human error, empowering non-technical staff to understand terms like "Social Engineering" or "MFA" reduces the risk of successful attacks.
How does "Zero Trust" security work in simple terms?
"Zero Trust" is a security model based on the principle of "never trust, always verify." It assumes that threats could be inside the network, so every user and device must be authenticated and authorized continuously, regardless of their location.
What is the difference between phishing, vishing, and smishing?
These are all forms of social engineering: Phishing occurs via email, Vishing happens through voice calls or VoIP, and Smishing is conducted via SMS or text messages. All three aim to trick users into revealing sensitive information.
What are the emerging cyber threats to watch out for in 2026?
Key threats include Deepfake attacks used for fraud, automated ransomware that spreads faster than ever, and Supply Chain attacks that target software providers to gain access to their customers' data.
How can I protect my personal data from AI-driven cyberattacks?
To counter AI attacks, use advanced security tools that also utilize AI for detection. Additionally, practice strict digital hygiene: use unique, complex passwords managed by a vault, enable hardware-based security keys, and be skeptical of any unsolicited digital communication.
What is Multi-Factor Authentication (MFA) and why is it mandatory now?
MFA requires two or more pieces of evidence to verify your identity (e.g., a password plus a fingerprint or a code from an app). It is mandatory because passwords alone are easily stolen or guessed by modern hacking tools.
What should I do immediately if I click on a suspicious link?
Immediately disconnect your device from the internet (Wi-Fi or Ethernet) to stop data exfiltration. Scan your system with updated antivirus software, change your passwords from a different, secure device, and notify your IT department or security provider.
How does Ransomware-as-a-Service (RaaS) impact small businesses?
RaaS allows low-skilled criminals to "rent" sophisticated malware to launch attacks. This has led to a massive increase in attacks on small businesses, which often have weaker security defenses but hold valuable data.
Why is cybersecurity considered a collective responsibility in the workplace?
Because a network is only as strong as its weakest link. A single employee clicking a malicious link can compromise the entire organization. When everyone adopts safe habits, the overall "attack surface" of the company is significantly reduced.
Blog > Cybersecurity > Cloud Security
Published on: Cloud Security
Leonardo Roldão
Leonardo Roldão
Senior Full-Stack Developer with 20+ years of experience.
Full Profile >
related subjects