A vulnerability is a weakness in a system. That could be anything from outdated software to a misconfigured setting that leaves the door open for attack.
An exploit is the method someone uses to take advantage of that weakness. Think of it like a tool or trick designed to break in through that open door.
A threat is the possibility that someone or something will try to do harm. It includes both the intent and the capability to exploit a vulnerability. A threat could be a person, a group, or even a piece of malware that’s out there looking for targets.
These terms are closely connected, but they describe different parts of the risk equation. A strong defense means patching vulnerabilities, blocking exploits, and staying aware of threats as they evolve.
