What type of attack occurs when an attacker sits between two communicating parties and can intercept and alter traffic without either party knowing?

A man-in-the-middle attack is when an attacker places themselves between two communicating parties so they can intercept, read, and potentially alter the traffic without either party realizing it. By positioning themselves on the path of the communication—such as through ARP spoofing on a local network, a compromised Wi‑Fi access point, or DNS manipulation—the attacker can relay messages between the two ends while making each side believe they are talking directly to the other. This enables stealing credentials, session cookies, or injecting malicious content, all while the data flows through the attacker’s device. Denial of Service aims to make a service unavailable rather than covertly listening in or modifying traffic. Phishing involves tricking users into revealing sensitive information. SQL injection targets vulnerabilities in a website’s database by injecting malicious queries. None of these involve covertly intercepting and altering traffic between two parties in transit.