A threat is the potential danger—like a hacker trying to break in. An exploit is the actual tool or technique used to take advantage of a vulnerability. The threat uses the exploit to attack the vulnerability.
⚠️
A threat represents a possible danger to the computer system. It represents something that an organization doesn't want to happen.
Example: A malicious hacker trying to gain unauthorized access, a disgruntled employee, malware authors.
🔨
An exploit is something that takes advantage of vulnerability in an asset to cause unintended or unanticipated behavior.
Example: Metasploit module, buffer overflow attack, SQL injection payload.
THREAT → uses EXPLOIT → against VULNERABILITY → compromises ASSET
A successful exploitation of vulnerability is a threat realized.