Insider threat is a category of risk posed by humans who have access to an organization's physical or digital assets. Such threats are usually attributed to employees or former employees, but may also arise from third parties, including contractors, temporary workers or customers.
A metamorphic virus is a type of malware that is capable of changing its code and signature patterns with each iteration.
Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.
A rootkit is a program or, more often, a collection of software tools that gives a threat actor remote access to and control over a computer or other system.
Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations, or for financial gain.