BBLabs NewsBBLabs News
NewsAll articlesTopics
ES
Live·37 d ago·Malicious npm targets Claude AI user directory
31 articles·4 streams
  1. Home
  2. ›
  3. Glossary

Cybersecurity glossary

Short, self-contained definitions of the technical terms we use every day in the newsletter. Designed to be quoted: one paragraph for what it is, another for why it matters and how it's used.

CVE

See CVE newsletter →
  • CVECommon Vulnerabilities and Exposures

    Unique identifier in the form CVE-YYYY-NNNN, assigned by MITRE to a publicly disclosed vulnerability. Industry standard for referencing specific security flaws.

    Read full entry →
  • CVSSCommon Vulnerability Scoring System

    Industry standard to score vulnerability severity on a 0–10 scale. Combines attack vector, complexity, privileges required, user interaction, and impact on C, I, A.

    Read full entry →
  • RCERemote Code Execution

    Vulnerability that lets a remote attacker run arbitrary code on the vulnerable system. The highest-severity category — and the most-hunted in bug bounty.

    Read full entry →
  • LPELocal Privilege Escalation

    Vulnerability that lets a user with local access (shell, regular user) elevate privileges — typically to root/SYSTEM. Critical in multi-tenant and post-compromise scenarios.

    Read full entry →
  • Zero-day

    Publicly unknown vulnerability with no patch available. The name comes from the vendor having 'zero days' to react before the first attack.

    Read full entry →

AI

See IA newsletter →
  • Prompt Injection

    Technique that manipulates an LLM's input (ChatGPT, Claude, Gemini) to override its original instructions and make it act outside its intended behaviour.

    Read full entry →

Bug Bounty

See Bug Bounty newsletter →
  • XSSCross-Site Scripting

    Vulnerability where attacker-controlled JavaScript executes in a victim's browser under a trusted domain's context. Session theft, account takeover, and targeted phishing.

    Read full entry →
  • SQLiSQL Injection

    Injection of malicious SQL into a backend query via unsafe concatenation of user input. Allows reading/modifying the database, and sometimes RCE via xp_cmdshell or load_file.

    Read full entry →
  • SSRFServer-Side Request Forgery

    Vulnerability where an attacker tricks the server into issuing HTTP requests to attacker-chosen targets. Allows reaching cloud metadata, internal networks, and localhost services.

    Read full entry →
  • IDORInsecure Direct Object Reference

    Access control vulnerability: the server exposes guessable or predictable IDs and doesn't validate that the requester is authorised to access that resource.

    Read full entry →

Cyberattacks

See Ciberataques newsletter →
  • Ransomware

    Malware that encrypts a victim's files and demands ransom (typically in crypto) for the decryption key. Organised criminal business model.

    Read full entry →
  • Phishing

    Social engineering technique where the attacker impersonates a trusted identity (bank, support, colleague) to steal credentials, OTPs, money, or trigger malware execution.

    Read full entry →
  • APTAdvanced Persistent Threat

    Threat actor with significant resources, long-term objectives, and sophisticated techniques. Often state-sponsored or backed by high-tier organised crime.

    Read full entry →
  • Supply Chain Attack

    Attack that compromises a software supply-chain component (dependency, build pipeline, vendor) to infect all of its consumers with a single intrusion.

    Read full entry →
BBLabs NewsBBLabs News

BBLabs News

Una historia al día. Cero ruido.

Newsletter técnica de ciberseguridad. Una historia al día sobre CVEs críticos, brechas, bug bounty e IA. Filtrado por IA, escrito para humanos.

Producto

  • Hemeroteca
  • Ediciones
  • Temas
  • Glosario
  • RSS
  • Atom
  • JSON Feed

Editorial

  • Acerca de
  • Suscribirse
  • Cuenta
  • English

Legal

  • Privacidad
  • Términos
  • Contacto: team@bblabs.es

Conectar

  • YouTube · @0xGorka
  • Instagram · @bblabs.es
  • Discord BBLabs
  • Discord Bug Bounty ES
31 artículos·10 ediciones·Desde 2026·Hecho en España
© 2026 BBLabs News·Por Gorka El Bochi