Okay kiddo, imagine you and your friends really like going to this one park to play on the playground. Now, imagine that park is like a "watering hole" for animals, where they go to drink water. You following me so far?
Well, the same thing can happen with computers. Sometimes bad guys want to hack into a specific group of computers, like a big company or organization. But instead of trying to hack into each computer individually (which can be hard and time-consuming), they try to figure out where those people like to go online, like a favorite website or social media platform.
They know that if they infect that website with some kind of bad code (like a virus), it can spread to the computers of the people who visit that website. It's like if you went to the park with your friends and somebody put glitter on the toys you like to play with. When you touch the toys, the glitter gets on you and now you have it on your hands and clothes (and maybe even in your eyes and mouth, yuck!).
In the same way, when people visit the infected website, the bad code gets on their computer and starts doing bad things, like spying on them or stealing their personal information. The bad guys can then use that information to do more bad stuff, like access their bank accounts or steal their identity.
So, a watering hole attack is when bad guys infect a website that they know a specific group of people (like a company) visit often, in order to spread bad code to all of their computers. Just like glitter on the playground toys, it's hard to get rid of once it's on there!