The Threat and Attack, RFC 2828

Threat

Threat

a potential for violation of security, which exists when is a circumstance,
capability, action, or event that could breach security and cause harm. that is,
a threat is a possible danger that might exploit a vulnerability

Attack
 
An assault on system security that derives from an intelligent threat; that is,
an intellinget act that is a deliberate attempt (especially in the sense of a
method or technique) to evade security services and violate the security policy
of a system