What it is
An exploit is code or a technique that takes advantage of a vulnerability to make software do something it shouldn’t—run attacker code, dump data, or bypass security. It’s not the whole attack by itself, but the key that opens the door. For a deeper overview, see our
exploit explainer
Where you’ll see it
-
Web apps (SQLi, XSS, deserialization bugs)
-
Client apps (document readers, browsers, media players)
-
OS/kernel and drivers (privilege escalation, sandbox escapes)
-
Network services and VPNs (remote code execution)
Why it matters
Exploits turn small mistakes in code into account takeovers, ransomware, and data theft—often with no click or just one.
Reduce the risk
-
Patch fast, especially internet-facing apps and VPNs
-
Turn on DEP/ASLR/CFG and keep browsers/runtimes updated
-
Least privilege for services and users; segment critical systems
-
Use WAF/RASP, strong input validation, and dependency scanning
-
Monitor for exploit signs: crashes, blocked DEP events, unusual child processes