From phishing and brand impersonation to zero-day exploits and threat intelligence — every term your team needs to understand the threat landscape, explained in plain language.
An attack where a threat actor gains unauthorized access to a user's account — typically using stolen credentials from data breaches, phishing or credential stuffing. Once inside, attackers can steal data, make fraudulent transactions or use the account to launch further attacks.
A prolonged, targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period. APTs are typically state-sponsored or highly organized criminal groups targeting high-value organizations for espionage or data theft.
An evolution of the classic man-in-the-middle attack where the attacker intercepts communication between two parties — often used to bypass multi-factor authentication by relaying session tokens in real time.
Technologies, processes and policies designed to detect, prevent and respond to phishing attacks. Includes domain monitoring, email authentication (SPF, DKIM, DMARC), user training and real-time threat detection platforms like Notmining.
Software that automatically displays or downloads advertising material when a user is online. While often considered low-risk, adware can be bundled with spyware and used to collect user data without consent.
The total sum of different points (attack vectors) where an unauthorized user can try to enter or extract data from an environment. Includes digital assets, domains, social profiles, APIs, employee credentials and third-party integrations.
The specific path or method an attacker uses to gain unauthorized access to a system or network. Common vectors include phishing emails, malicious websites, unpatched software vulnerabilities and compromised credentials.
A social engineering attack that lures victims with something enticing — a free download, a USB drive left in a parking lot, or a fake prize — to trick them into installing malware or revealing credentials.
A network of internet-connected devices infected with malware and controlled remotely by an attacker (the "bot herder"). Botnets are used to launch DDoS attacks, send spam, distribute malware and conduct credential stuffing campaigns at scale.
The unauthorized use of a company's brand identity — including its name, logo, domain or visual style — to deceive customers, conduct fraud or damage the brand's reputation. Encompasses phishing, impersonation, counterfeit products and fake social accounts.
A trial-and-error method used to decode encrypted data, passwords or login credentials by systematically checking all possible combinations until the correct one is found. Automated tools can test millions of combinations per second.
A sophisticated scam targeting businesses that conduct wire transfers or handle sensitive data. Attackers impersonate executives, vendors or partners via email to trick employees into transferring funds or revealing confidential information. Often enabled by executive impersonation on social media.
A UI redress attack where a user is tricked into clicking on something different from what they perceive — typically by overlaying a transparent malicious element on top of a legitimate button or link. Can be used to steal credentials, enable webcams or trigger unauthorized actions.
An automated attack that uses large sets of stolen username/password pairs (from data breaches) to gain unauthorized access to user accounts. Effective because many users reuse passwords across multiple services.
The process of identifying fake or unauthorized versions of a brand's products, listings or storefronts across online marketplaces, social commerce platforms and app stores. Protects brand revenue and customer trust.
A web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Can be used to steal session cookies, redirect users to phishing pages or deface websites.
An attack that tricks an authenticated user into unknowingly submitting a malicious request. Exploits the trust a web application has in the user's browser to perform unauthorized actions on their behalf.
The unauthorized use of a victim's computing resources to mine cryptocurrency. Often delivered via malicious scripts injected into websites or through malware — the victim's device slows down while the attacker profits.
Evidence-based knowledge about existing or emerging threats, including context, mechanisms, indicators and actionable advice. Used by security teams to make informed decisions about defenses and incident response.
The part of the internet not indexed by standard search engines, accessible only via specialized software like Tor. Used by cybercriminals to buy and sell stolen data, credentials, malware and hacking services. Monitoring the dark web for brand-related data is a key component of threat intelligence.
A security incident in which sensitive, protected or confidential data is accessed, disclosed or stolen without authorization. Breaches can expose customer PII, credentials, financial data and intellectual property.
An attack that alters the visual appearance of a website — replacing legitimate content with attacker messaging, propaganda or offensive material. Often a symptom of a deeper compromise and causes immediate reputational damage.
An attack that overwhelms a system, server or network with traffic to make it unavailable to legitimate users. A Distributed DoS (DDoS) uses a botnet of thousands of compromised devices to amplify the attack.
The total collection of data and digital assets associated with a brand or individual online — including domains, social profiles, app store listings, mentions and any other publicly accessible information. Understanding your digital footprint is the first step in brand protection.
The act of creating fake online identities — accounts, websites, profiles or apps — that mimic a legitimate brand, executive or individual to deceive customers, commit fraud or damage reputation.
An attack that redirects DNS queries to malicious servers, sending users to fake websites even when they type the correct URL. Used to intercept credentials, serve malware or conduct phishing at scale.
The creation of a domain name that closely resembles a legitimate brand's domain — using typos, added words, different TLDs or homograph characters — to deceive users into thinking they are visiting the real site.
The practice of registering domain names that are identical or confusingly similar to existing trademarks or brand names, with the intent to profit from the brand's goodwill or block the legitimate owner from using it.
Malware that is automatically downloaded and installed on a user's device simply by visiting a compromised or malicious website — without any user interaction or consent required.
An attack where an unauthorized party intercepts private communications — network traffic, phone calls or messages — to steal sensitive information. Also known as a passive attack or sniffing attack.
The forgery of an email header so that the message appears to come from a trusted sender — a known brand, colleague or institution. Used in phishing, BEC and spam campaigns to bypass suspicion.
A piece of software, data or sequence of commands that takes advantage of a vulnerability in a system to cause unintended behavior — typically to gain unauthorized access, escalate privileges or execute malicious code.
A toolkit sold or rented on criminal markets that automates the exploitation of vulnerabilities in browsers, plugins and operating systems. Visitors to compromised websites are silently scanned for vulnerabilities and infected if found.
A rogue mobile application that impersonates a legitimate brand's app to steal credentials, distribute malware or commit fraud. Fake apps appear on official and third-party app stores and are a major vector for brand impersonation.
A type of attack where malicious JavaScript code is injected into a website's payment or login forms to steal credit card numbers and other sensitive data as users submit it — without any visible sign of compromise.
A hacker who operates between ethical (white hat) and malicious (black hat) boundaries — often finding and exposing vulnerabilities without permission, but without malicious intent. May demand payment for disclosure.
An attack that exploits the visual similarity between characters from different scripts (e.g., Cyrillic "а" vs Latin "a") to register domain names that look identical to legitimate ones but resolve to malicious sites.
A decoy system or resource designed to attract attackers and study their methods. Honeypots provide valuable threat intelligence about attacker techniques, tools and targets without exposing real systems.
Forensic artifacts — IP addresses, domain names, file hashes, URLs — that indicate a system has been breached or is under attack. IoCs are shared between security teams to accelerate detection and response.
The fraudulent acquisition and use of a person's private identifying information — name, credentials, financial data — typically for financial gain. Digital identity theft often begins with phishing or data breaches.
Any attack where a threat actor pretends to be a trusted entity — a brand, executive, colleague or institution — to deceive victims into taking harmful actions such as transferring money, revealing credentials or clicking malicious links.
A security risk that originates from within the organization — a current or former employee, contractor or partner who misuses their access to harm the organization, whether intentionally or through negligence.
An attack that uses compromised public USB charging stations to install malware or steal data from devices while they charge. Travelers using public charging points in airports or hotels are common targets.
Software or hardware that records every keystroke made on a device — capturing passwords, credit card numbers, messages and other sensitive data without the user's knowledge. Often delivered via phishing or malicious downloads.
A domain name registered to closely resemble a legitimate brand's domain — using typosquatting, added words, hyphens or different TLDs — to deceive users into thinking they are visiting the real site. A primary vehicle for phishing attacks.
Techniques used by attackers to progressively move through a network after gaining initial access — escalating privileges and accessing additional systems to reach high-value targets like databases or domain controllers.
Any software intentionally designed to cause disruption, damage, unauthorized access or data theft. Includes viruses, worms, trojans, ransomware, spyware, adware and rootkits.
An attack where the attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly with each other. Used to steal credentials, session tokens and sensitive data.
The use of online advertising networks to distribute malware. Malicious ads can infect users simply by being displayed — without any click required — by exploiting browser or plugin vulnerabilities.
The continuous process of tracking mentions, uses and misuses of a brand's name, logo and identity across the internet — including domains, social media, marketplaces and the dark web — to detect threats and protect brand integrity.
A security mechanism requiring users to provide two or more verification factors to gain access — typically something they know (password), something they have (phone/token) and something they are (biometric). Significantly reduces the risk of account takeover.
Unauthorized access to a computer network, typically with the intent to steal data, disrupt services or establish a persistent foothold for future attacks.
Intelligence gathered from publicly available sources — websites, social media, domain registries, public records and forums. Used by both security teams and attackers to gather information about targets. A core component of brand exposure assessment.
An attack that tries a small number of commonly used passwords against a large number of accounts — avoiding account lockouts that would trigger from repeated failed attempts on a single account.
An attack that redirects users from legitimate websites to fraudulent ones by corrupting DNS settings or the host file on a victim's device — without requiring the user to click a malicious link.
A social engineering attack that uses deceptive emails, messages or websites impersonating trusted entities to trick victims into revealing credentials, financial data or installing malware. The most common form of cyberattack globally.
A pre-packaged set of tools — cloned website files, scripts and configuration — that allows even low-skill attackers to quickly deploy convincing phishing sites. Kits are sold on criminal markets and can be deployed in minutes.
A social engineering technique where an attacker fabricates a scenario (pretext) to manipulate a victim into providing information or taking an action — such as impersonating IT support, a bank or a government official.
The act of exploiting a vulnerability or misconfiguration to gain higher-level permissions than originally granted — moving from a standard user account to administrator or root access.
Any data that could potentially identify a specific individual — name, email address, phone number, national ID, IP address or biometric data. PII is heavily regulated under GDPR, CCPA and other privacy laws.
A phishing attack that uses malicious QR codes to redirect victims to fraudulent websites. Because QR codes obscure the destination URL, they bypass many email security filters and are increasingly used in targeted attacks.
Malware that encrypts a victim's files or locks their system, demanding payment (ransom) for the decryption key. Modern ransomware groups also exfiltrate data and threaten to publish it — a tactic known as double extortion.
A coordinated effort to damage a brand's public image — through fake negative reviews, coordinated social media campaigns, false claims or disinformation. Can be competitor-driven, extortion-motivated or ideologically motivated.
A collection of malicious software tools that enable unauthorized access to a computer while actively hiding its presence. Rootkits operate at the deepest levels of the operating system, making them extremely difficult to detect and remove.
Malicious software that uses fear tactics — fake virus alerts, system warnings or legal threats — to trick users into purchasing fake security software or revealing payment information.
A platform that aggregates and analyzes security event data from across an organization's infrastructure in real time — enabling threat detection, incident response and compliance reporting from a centralized dashboard.
A phishing attack delivered via SMS text messages — typically impersonating banks, delivery services or government agencies to trick recipients into clicking malicious links or calling fraudulent numbers.
The psychological manipulation of people into performing actions or divulging confidential information. The human element behind most cyberattacks — exploiting trust, authority, urgency or fear rather than technical vulnerabilities.
A centralized team responsible for monitoring, detecting, analyzing and responding to cybersecurity incidents. SOC analysts use SIEM platforms, threat intelligence feeds and automated tools to maintain continuous security visibility.
A highly targeted phishing attack directed at a specific individual or organization — using personalized information gathered from OSINT to make the deception more convincing. Far more effective than generic phishing campaigns.
Software that secretly monitors and collects user activity — browsing history, keystrokes, screenshots, credentials — and transmits it to a third party without the user's knowledge or consent.
An attack that inserts malicious SQL code into a web application's input fields to manipulate the backend database — enabling attackers to read, modify or delete data, bypass authentication or execute administrative operations.
An attack that targets a less-secure element in the supply chain — a software vendor, third-party library or service provider — to compromise the downstream customers who use that component. The SolarWinds attack is a prominent example.
A physical social engineering attack where an unauthorized person gains access to a restricted area by following closely behind an authorized person — exploiting politeness or inattention rather than technical vulnerabilities.
Any individual, group or organization that poses a cybersecurity threat. Categories include nation-state actors, organized criminal groups, hacktivists, insider threats and opportunistic attackers.
The proactive, human-led process of searching through networks and systems to detect advanced threats that evade automated security tools. Threat hunters use hypotheses, intelligence and behavioral analysis to find hidden attackers.
Malware disguised as legitimate software that tricks users into installing it. Once active, trojans can create backdoors, steal data, download additional malware or give attackers remote control of the infected system.
The registration of domain names that are common misspellings or typographical errors of popular brand domains — designed to capture traffic from users who mistype a URL and redirect them to malicious or competing sites.
The creation of a URL that appears legitimate but redirects to a malicious site — using techniques like lookalike domains, URL shorteners, open redirects or Unicode characters to disguise the true destination.
A phishing attack conducted over the phone — attackers impersonate banks, tech support, government agencies or executives to trick victims into revealing credentials, transferring money or granting remote access.
A weakness in a system, application or process that can be exploited by a threat actor to gain unauthorized access or cause harm. Vulnerabilities are classified by severity using the CVSS scoring system.
An attack strategy where the attacker compromises a website frequently visited by the target group — infecting visitors with malware when they visit the site. Named after predators waiting at watering holes for prey.
A highly targeted spear phishing attack directed at senior executives — CEOs, CFOs, board members — using personalized content to trick them into authorizing wire transfers, revealing credentials or approving fraudulent requests.
Self-replicating malware that spreads across networks without requiring user interaction or a host file — consuming bandwidth, installing backdoors and delivering payloads to every system it infects.
Cross-Site Scripting (XSS) is a web vulnerability that allows attackers to inject malicious scripts into pages viewed by other users. See the full definition under C.
An attack that targets a previously unknown software vulnerability — one for which no patch exists yet. Zero-days are highly valuable on criminal markets because defenders have zero days to prepare before the exploit is used.
A security model based on the principle "never trust, always verify" — requiring strict identity verification for every user and device attempting to access resources, regardless of whether they are inside or outside the network perimeter.
Real-time monitoring for phishing, impersonation, brand abuse and data exposure — across every channel where your brand can be targeted.