New VoidProxy phishing service targets Microsoft 365, Google accounts

VoidProxy, a new phishing-as-a-service platform, targets Microsoft 365 and Google accounts using adversary-in-the-middle tactics to steal credentials, MFA codes, and session cookies. The platform employs Cloudflare for protection and uses phishing sites hosted on disposable domains to deceive users. Okta Threat Intelligence researchers discovered VoidProxy and recommend security measures like restricting access to sensitive apps and enforcing risk-based access controls.