Glossary
Adversary-in-the-Middle (AitM)
An attack where the criminal slips in between you and the real site to steal your session, even with two-factor authentication.
Here the attacker routes you through a fake site that relays everything to the real one, without you noticing. Along the way they capture your password and, above all, your already-validated session, which lets them bypass two-factor authentication. The best protection is a security key or a passkey, which only work on the legitimate site.
See also
Supply chain attackAn attack that goes through a trusted supplier or piece of software to reach its customers by rebound.Credential stuffingAn attack that mass-tests passwords stolen elsewhere to open your other accounts.Cyber resilienceAn organisation's ability to keep going during a cyberattack and to recover quickly afterwards.DDoSAn attack that drowns a site under a flood of connections to make it unreachable.