Man-in-the-Middle Attack
Also known as: mitm, on-path attack
An attacker positioned between you and the site you're talking to, reading or altering traffic.
A man-in-the-middle sits on the network path — hostile Wi-Fi, a compromised router, a rogue ISP — and either passively records traffic or actively rewrites it. Without TLS, both are trivial; with TLS, the attacker must trick the browser into accepting a fake certificate.
Defences: HTTPS everywhere, HSTS, certificate transparency logs, and pinned certificates in high-value apps like banking. Public Wi-Fi is a classic MITM surface — treat plain-HTTP sites on unfamiliar networks as compromised.
