A transitive dependency in cybersecurity refers to a software component that is not directly included in a project, but is brought in indirectly through another dependency. This can lead to hidden vulnerabilities, as these indirect dependencies may not be visible or reviewed by developers. Attackers can exploit weaknesses in transitive dependencies, making it crucial for organizations to monitor and manage the entire dependency chain. Proper dependency management tools and regular security audits help identify and mitigate risks associated with transitive dependencies.