The vocabulary of an attack.
Every incident on this site uses a small set of recurring terms — phishing, vishing, ransomware, supply-chain compromise, n-day exploitation, and so on. This page defines them in plain English, the way a defender would actually use them. Where a real incident on the site illustrates the term cleanly, the entry links to it.
Business email compromise (BEC)
A finance-targeted con: the attacker takes over (or convincingly impersonates) an executive's email and tricks an employee into wiring money or changing supplier bank details. Boring, low-tech, and the single most expensive cybercrime category by reported losses.
Credential stuffing
Trying username and password pairs leaked from one site against thousands of others, betting on reuse. Cheap, automated, depressingly effective — and the reason every breached password list has a long tail of downstream account takeovers.
See on this site: 16-billion credential exposure →Data breach
A catch-all term for unauthorised access to data — customer records, employee files, source code, anything sensitive. Covers everything from a stolen laptop to a multi-month nation-state intrusion.
DDoS
Distributed Denial of Service. Flooding a target with traffic from many sources until it falls over. More disruptive than damaging on its own; sometimes used as a smokescreen for an actual intrusion.
Insider threat
Damage caused by someone with legitimate access — a current or former employee, a contractor, a third-party operator. Usually data theft. Occasionally sabotage. Notoriously hard to detect because the access is real.
See on this site: Coupang →MFA bypass
Defeating multi-factor authentication. Common techniques: phishing the one-time code in real time, registering an attacker-controlled device after capturing primary credentials, or stealing the session cookie after the user has already logged in.
Nation-state
An attack attributed to (or assessed to be the work of) a government intelligence service. Generally focused on espionage rather than money — though North Korea is the loud exception, and several services run financially-motivated operations on the side.
See on this site: UNC3886 in Singapore →Phishing
A fake email or message designed to trick someone into giving up credentials, clicking a malicious link, or installing malware. The grandparent of every social-engineering attack on this site, and still the entry point for the majority of intrusions.
Ransomware
Malware that encrypts a victim's files and demands payment to decrypt them. Modern ransomware almost always also exfiltrates the data first and threatens to leak it — the so-called "double extortion" model.
See on this site: Marks & Spencer →Smishing
Phishing by SMS or messaging app. Cheap, scalable, and increasingly used to harvest one-time codes or push malicious links to mobile devices, where users have fewer cues to spot a scam.
Supply-chain attack
Compromising a trusted supplier — software vendor, IT contractor, OAuth-connected SaaS tool — to reach the supplier's customers. Single foothold, many victims. The defender's nightmare scenario.
See on this site: SalesLoft Drift →Threat actor
The person, group, or nation behind an attack. Sometimes named — Scattered Spider, ShinyHunters, Lazarus Group. Sometimes catalogued by a tracker code — UNC6395, UAT-4356 — until they earn a name.
Vishing
Voice phishing. Same goal as phishing, executed by phone — usually impersonating IT helpdesk to walk a target through resetting a password or approving an MFA prompt. Behind several of the largest 2025-26 retail and SaaS breaches.
See on this site: Marks & Spencer →Wallet compromise
A crypto-specific theft where attackers gain access to private keys or wallet-signing infrastructure and drain funds. Effectively irreversible once the transactions clear, which is why these incidents tend to be the largest single losses on record.
See on this site: Bybit →Zero-day & n-day
A zero-day is a software flaw the vendor doesn't yet know about, so no patch exists. An n-day is a known flaw being exploited after a patch is available, against systems that haven't applied it. Most real-world exploitation is n-day, not zero-day.
See on this site: SharePoint ToolShell →