According to ISO 27005, a threat is defined as a potential cause of an incident that may cause harm to systems and organization.
A threat is something that might happen, yet can cause serious harm.
A threat can be intentional or accidental or otherwise an action.
Malware, computer virus, Botnet, spam, etc. are some of the common security threats.