Cybersecurity Dictionary
Simple explanations of key security terms used in our alerts, guides and recovery workflows.
- Phishing: Impersonation attack used to steal credentials or money.
- Smishing: SMS-based phishing attack.
- Vishing: Voice phishing where attackers use phone calls or voicemail to extract data or payments.
- Spoofing: Forging sender identity to look legitimate.
- Malware: Malicious software designed to damage or control systems.
- 2FA: Two-factor authentication adding extra login protection.
- Infostealer: Malware focused on stealing cookies, credentials, wallet data or session tokens.
- Ransomware: Malware that encrypts systems or data and demands payment.
- CVE: A public identifier assigned to a disclosed software vulnerability.
- Zero-day: A flaw actively exploited before defenders have broadly deployed a fix.
- IOC: Indicator of compromise such as a malicious domain, IP, hash or file path.
- Session hijacking: Taking over a logged-in session by stealing cookies or authentication tokens.
Why this section exists
Readers often land on a breaking alert without knowing the jargon. This glossary gives just enough context to make the response steps easier to follow.
How to use the dictionary
Start with the term you do not recognize in an article, then go back to the response steps. We keep definitions intentionally short so readers can understand the threat fast without losing the thread of the incident.
Editorial note
Definitions are maintained by the HackWatch editorial team and updated when terminology changes in vendor advisories, CERT guidance or incident response practice.