Exploit: What it is, where it hits, and how to reduce the risk

Exploit

What it is

An exploit is code or a technique that takes advantage of a vulnerability to make software do something it shouldn’t—run attacker code, dump data, or bypass security. It’s not the whole attack by itself, but the key that opens the door. For a deeper overview, see our 
exploit explainer

Where you’ll see it

  • Web apps (SQLi, XSS, deserialization bugs)

  • Client apps (document readers, browsers, media players)

  • OS/kernel and drivers (privilege escalation, sandbox escapes)

  • Network services and VPNs (remote code execution)

Why it matters

Exploits turn small mistakes in code into account takeovers, ransomware, and data theft—often with no click or just one.

Reduce the risk 

  • Patch fast, especially internet-facing apps and VPNs

  • Turn on DEP/ASLR/CFG and keep browsers/runtimes updated

  • Least privilege for services and users; segment critical systems

  • Use WAF/RASP, strong input validation, and dependency scanning

  • Monitor for exploit signs: crashes, blocked DEP events, unusual child processes

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Exploit Kit

        What it is An exploit kit is a malicious toolkit on a booby-trapped or hacked website. When you land there, it quietly checks your browser and plugins for known bugs and, if it finds one, uses it to install malware - ransomware, trojans, keyloggers, ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Internet Worm

        What it is An internet worm is self-spreading malware that copies itself across networks without you clicking or installing anything. Unlike a classic virus that needs an infected file to run, a worm exploits bugs and weak settings to move ...

      • Malware

        What it is Malware is any software made to harm your device or data. It can steal passwords, lock your files, spy on activity, or hijack your browser. For a quick primer and examples, see our malware explainer. How it spreads Phishing emails and fake ...

      • EDR (Endpoint Detection and Response)

        What it is EDR is your always-on security team for laptops and servers. It watches what’s happening on each device, spots attacks in progress, and helps you respond fast - quarantine, investigate, and clean up. For details on capabilities and use ...