Think MFA saved you? VoidProxy says hi.
A new PhaaS, VoidProxy, is blitzing Microsoft 365/Google sign-ins with AitM relays that steal session tokens—making SMS/OTP MFA basically decorative. Okta’s write-up shows FastPass/WebAuthn-style authenticators resisted every attempt they saw, while the kit leaned on Cloudflare Workers, dynamic DNS, and ESP abuse to stay slippery.
Meanwhile, PhaaS is having a moment: Microsoft + Cloudflare just torched 338 domains tied to the RaccoonO365 service. Different crew, same playbook: cookie theft at scale.
In our breakdown: IOCs/patterns to block, policy moves that actually help (passkeys), and how to catch session hijacking before BEC lands. Where are you on FIDO2/passkeys today—pilot or production?
Read the brief & subscribe:
https://blog.alphahunt.io/voidproxy-aitm-phishing-as-a-service-quietly-bypasses-mfa-at-scale
#AlphaHunt #VoidProxy #PhishingAsAService #AitM #Passkeys