H-ISAC TLP White Threat Bulletin VoidProxy: A New and Evasive Phishing-as-a-Service Framework

On September 11, 2025, Okta discovered a sophisticated Phishing-as-a-Service framework named VoidProxy. Due to its evasive capabilities and modular design, it has emerged as a significant threat. Cybercriminals use it to conduct Adversary-in-the-Middle (AitM) phishing attacks, which allow them to intercept and manipulate communications between users and legitimate services. The attacks target Microsoft and Google accounts and can redirect accounts secured by identity providers, such as Okta, to malicious websites.

As phishing remains one of the most common attack vectors for the health sector, Health-ISAC is providing this information to increase situational awareness and share details about the recent Phishing-as-a-Service framework, its security implications, and recommendations for defending against malicious activity.

View the detailed report below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Special Bulletin
House Releases Continuing Resolution to Fund Government, Extends Key Health Care Provisions
Member
Advisory
AHA Warns of Targeted Cyber Attacks on Retirement Accounts
Member
Advisory
Ongoing Attack Impacting Microsoft SharePoint Servers Managed on Premises
Public
AHA Center for Health Innovation Market Scan
Microsoft Plan to Help Rural Care Facilities Improve Cybersecurity Gains Traction
Public
Testimony
AHA Statement to Senate HELP Committee on Cybersecurity
Public
Advancing Health Podcast
When Cyberattacks Strike: Is Your Board Ready?
Public