MITM

A MITM (Man-in-the-Middle) attack is any scenario where an adversary positions themselves between two communicating parties, relaying messages while reading or modifying them. Classic examples include hostile Wi-Fi hotspots that proxy HTTPS with a fake certificate, ARP spoofing on a local network, and BGP hijacks that reroute traffic through an attacker's network. Defences are layered: TLS with certificate validation, HSTS to prevent downgrade, DNSSEC and DoH/DoT to protect name resolution, and Certificate Transparency to detect mis-issuance. Any service running plain HTTP or unauthenticated DNS is vulnerable by default.