Anyrun

Security teams depend on early signals to spot and contain new threats. But what happens when a fully capable infostealer spreads while traditional detections stay limited?  In recent investigations, ANY.RUN researchers observed MicroStealer in 40+ sandbox sessions in less than a month, despite low public visibility. Early activity points to distribution through compromised or impersonated accounts, […]

The post MicroStealer Analysis: A Fast-Spreading Infostealer with Limited Detection  appeared first on ANY.RUN's Cybersecurity Blog.

In busy SOC environments, every minute spent waiting for threat validation slows containment and impacts response metrics. The ANY.RUN integration with Tines brings trusted verdicts and behavioral intelligence directly into the workflows you build in Tines. You can validate alerts, enrich incidents, and respond faster without switching tools, helping you reduce mean time to respond (MTTR) and […]

The post ANY.RUN & Tines: Scale SOC and Meet SLAs with Intelligent Workflows appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN’s analysts are observing a sharp increase in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week. This technique represents a shift from credential phishing to token-based account takeover, making detection significantly harder for many SOC teams.  Key Takeaways  How the Attack Works  In this campaign, attackers abuse Microsoft’s device […]

The post OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector appeared first on ANY.RUN's Cybersecurity Blog.

February brought another round of major detection improvements across ANY.RUN’s threat intelligence and sandbox coverage. Alongside new Threat Intelligence reports, our analysts expanded behavioral visibility across dozens of malware families, strengthened detection logic for modern phishing and data-stealing campaigns, and added thousands of new network detection rules.  Let’s take a closer look at the updates delivered this month.  Threat Intelligence Reports  […]

The post Threat Coverage Digest: New Malware Reports and 2,400+ Detection Rules   appeared first on ANY.RUN's Cybersecurity Blog.

February 2026 brought a surge of sophisticated cyber threats targeting businesses across industries. ANY.RUN’s analysts exposed and explored several major cyber threats this month, providing early visibility into emerging malware families and evolving attack techniques.  From new ransomware strains capable of encrypting entire environments in minutes, to fully undetected remote access trojans — the threat […]

The post Major Cyber Attacks in February 2026: BQTLock, Thread-Hijack Phishing, and MFA Bypass Evolution appeared first on ANY.RUN's Cybersecurity Blog.

90% of modern cyberattacks start with phishing and it’s getting worse. The volume of compromise attempts keeps surging, leaving companies more exposed to credential theft and heavy financial hits.  As phishing evolves, we focus on countering the core tactics that make it effective. That’s why ANY.RUN is upgrading the threat detection capabilities of the Interactive Sandbox across all subscription tiers with the new SSL decryption technology.  By extracting encryption keys directly from process memory, it increases the detection rate of phishing inside the sandbox, helping every user and SOC team […]

The post Expanding Phishing Detection at Scale with Automatic SSL Decryption appeared first on ANY.RUN's Cybersecurity Blog.

Security teams don’t lack alerts, they lack fast, reliable context for decision-making. When threat analysis and intelligence are not an integrated part of the SOC workflow, investigations slow down, MTTR grows, and the risk of missed incidents increases. Adding behavioral analysis and live intelligence directly into SIEM closes this gap, turning monitoring, triage, and response […]

The post ANY.RUN & Splunk Enterprise: Stronger Detection, Faster Response in Your SOC appeared first on ANY.RUN's Cybersecurity Blog.

Threat monitoring is treated as one capability among many. Something that sits alongside incident response and threat hunting on an org chart. That framing undersells how central it actually is.  Monitoring is the connective tissue of the entire security operation. Every other SOC function depends on it working well.  For SOC and MSSP leaders, building effective threat monitoring is not about “more alerts.” It […]

The post Turn Your SOC Into a Detection Engine: Rethinking Threat Monitoring appeared first on ANY.RUN's Cybersecurity Blog.

Security professionals rely on early detection signals to prioritize and contain incidents. But what happens when a fully capable RAT generates none?  In a recent investigation, the ANY.RUN experts uncovered a new Go-based remote access trojan we named Moonrise. At the time of analysis, it wasn’t detected on VirusTotal and had no vendor signatures tied to it.  That’s the problem teams can’t ignore: credential theft, remote command execution, and persistence […]

The post Moonrise RAT: A New Low-Detection Threat with High-Cost Consequences appeared first on ANY.RUN's Cybersecurity Blog.

G2, the world’s largest and most trusted software marketplace, has recognized ANY.RUN among the Best Software Companies. The ranking is based on verified reviews from organizations actively using ANY.RUN’s solutions. It reflects the company’s strong international presence and measurable impact across global cybersecurity markets. Thank You to Our Community  Recognition on G2’s Top 50 Best […]

The post G2 Recognizes ANY.RUN Among the Top 50 Best Software Companies in the Region appeared first on ANY.RUN's Cybersecurity Blog.

Every security alert represents a decision point. Act too slowly, and a threat becomes a breach. Act without context, and analysts drown in noise. At the center of both failure modes is a single, often underestimated process: alert enrichment.  Key Takeaways The Seconds That Define a Breach  Alert enrichment is the practice of layering contextual intelligence onto […]

The post One Process, Every Metric: How Better Alert Enrichment Transforms SOC Performance appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Moises Cerqueira, malware researcher and threat hunter. You can find Moises on LinkedIn. Malware campaigns targeting Latin America (LATAM) are evolving. While the final payloads, often commodity RATs like XWorm, remain consistent, delivery mechanisms are becoming increasingly sophisticated to bypass region-specific defenses and increase the chance of reaching real business users.  In this analysis, […]

The post LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis  appeared first on ANY.RUN's Cybersecurity Blog.

In enterprise SaaS, unclear security decisions carry real cost. False positives disrupt customers, while missed threats expose the business.  A Fortune 500 cloud provider addressed this risk by embedding ANY.RUN into SOC investigations, giving analysts the behavioral evidence needed to reduce escalations, improve triage confidence, and make proportionate response decisions at scale.  Company Context and Security Scope  The organization is a […]

The post Fortune 500 Tech Enterprise Speeds up Triage and Response with ANY.RUN’s Solutions appeared first on ANY.RUN's Cybersecurity Blog.

How long would it take your team to realize ransomware is already running?  The newly identified ransomware families are already causing real business disruption. These threats can disrupt operations fast while also reducing visibility through stealth or cleanup activity, shrinking the time teams have to detect and contain the attack.  Here’s what you should know about BQTLock and GREENBLOOD, and how your team can detect and contain them before […]

The post Emerging Ransomware BQTLock & GREENBLOOD Disrupt Businesses in Minutes  appeared first on ANY.RUN's Cybersecurity Blog.

Threat hunting is widely recognized as one of the most important capabilities of a mature SOC. It uncovers stealthy attackers early, reduces dwell time, and prevents security incidents from impacting the business. Yet, in practice, many organizations find that their threat hunting efforts don’t consistently deliver these outcomes.  Let’s take a look at how high-performing security teams make threat hunting more repeatable, measurable, and effective.  Why Threat Hunting Programs Often Fail Before They Start  […]

The post How to Build Threat Hunting that Defends Your Organization Against Real Attacks appeared first on ANY.RUN's Cybersecurity Blog.

The financial sector resembles a treasure vault under constant siege. Banks, insurers, and fintech firms are not just custodians of money. They are guardians of irreplaceable personal and corporate data, payment flows, transactional integrity, and trust itself.   When cybercriminals strike, the ripple effects cascade outward, threatening individual savings, corporate balance sheets, national infrastructures, and broader economic confidence.  The Biggest […]

The post How Threat Intelligence Helps Protect Financial Organizations from Business Risk appeared first on ANY.RUN's Cybersecurity Blog.

First month of the year, and we’re starting it off with updates that support faster decisions and more predictable SOC operations.  In January, we introduced a major workflow enhancement with the new ANY.RUN Sandbox integration with MISP, alongside expanded detection coverage across behavior signatures, YARA rules, and Suricata.  Let’s find out what this means for your team.  Product Updates  January brought another solid round of improvements […]

The post Release Notes: Workflow Improvements, MISP Integration & 2,000+ New Detections  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN observes a growing trend of phishing kit infrastructure being hosted on legitimate cloud and CDN platforms, rather than on newly registered domains. These campaigns often target enterprise users specifically, creating a global threat to businesses. The shift creates serious visibility challenges for security teams, as trusted platforms and valid indicators shield malicious activity from detection.  For a deeper dive, read on and see the breakdown of such cases, along with […]

The post Enterprise Phishing: How Attackers Abuse Trusted Microsoft & Google Platforms  appeared first on ANY.RUN's Cybersecurity Blog.

Running a SOC today means constant trade-offs: too many alerts, not enough people, strict SLAs, and attacks that keep getting smarter. Most leaders aren’t asking for “the next cool product” but a proof that something actually cuts time, risk, and workload in real environments like theirs.  Thousands of organizations already rely on ANY.RUN to reduce analyst load, resolve phishing cases faster, cut unnecessary […]

The post SOC & Business Success with ANY.RUN: Real-World Results & Cases  appeared first on ANY.RUN's Cybersecurity Blog.

Think you can trust every email that comes from a business partner?  Unfortunately, that’s no longer guaranteed; attackers now slip into legitimate threads and send messages that look fully authentic.   That’s exactly what happened in a new case uncovered by ANY.RUN researchers; a trust takeover inside a real executive discussion about a document awaiting final approval.   By detonating the suspicious message, the investigation exposed the […]

The post Attackers Are Taking Over Real Email Threads to Deliver Phishing: New Enterprise Risk appeared first on ANY.RUN's Cybersecurity Blog.