Glossary
Cross-site scripting (XSS)
An attack that injects code into a site to trap other visitors via their browser.
XSS takes advantage of a poorly protected site to insert code that will run in other visitors' browsers. The hacker can then steal sessions, act in their place or alter what they see. The defence is on the development side: properly cleaning and controlling everything the site displays.
See also
Privilege escalationWhen an attacker manages to grant themselves more rights than they had at the start.Lateral movementA hacker's progression from a compromised machine to others, to extend their hold on the network.APT (advanced persistent threat)A highly organised, well-funded attacker who settles in for the long term to spy or sabotage over time.Indicator of compromise (IOC)A technical clue that betrays a possible attack: a known malicious address, file or domain.