Attack vectors: Attack vectors are the various ways or methods by which hackers can gain unauthorized access to a network. They can be exploited by malicious actors to gain access to confidential information or to launch a coordinated cyberattack. Examples of attack vectors include phishing, compromised credentials or ransomware.
Attack surfaces: The entire set of points on the boundary of an organization’s system, a system element, or an environment where an attacker can try to enter, cause an effect on or extract data from the organization. Attack surfaces can be physical or digital.
Sources: csrc.nist.gov/ and securitytrails.com/