Anyrun

Think you can trust every email that comes from a business partner?  Unfortunately, that’s no longer guaranteed; attackers now slip into legitimate threads and send messages that look fully authentic.   That’s exactly what happened in a new case uncovered by ANY.RUN researchers; a trust takeover inside a real executive discussion about a document awaiting final approval.   By detonating the suspicious message, the investigation exposed the […]

The post Attackers Are Taking Over Real Email Threads to Deliver Phishing: New Enterprise Risk appeared first on ANY.RUN's Cybersecurity Blog.

In cybersecurity, humans occupy both ends of the vulnerability spectrum. They click what should never be clicked, reuse passwords like heirlooms, and generously donate credentials to phishing pages that look “kind of legit.”  Yet the same species becomes the strongest link once you step inside a SOC.  Cybersecurity professionals don’t fail because they are careless […]

The post Fix Staff Shortage & Burnout in Your SOC with Better Threat Intelligence appeared first on ANY.RUN's Cybersecurity Blog.

Most SOC teams are overloaded with routine work. Tier 1 & 2 analysts spend too much time validating alerts, moving samples between tools, and chasing missing context. When integrations are weak, investigations slow down, MTTR grows, and SLAs suffer delays. That directly increases operational risk and cost for the business.   ANY.RUN has already helped teams close part of this […]

The post ANY.RUN Sandbox & MISP Integration: Confirm Alerts Faster, Stop Incidents Early  appeared first on ANY.RUN's Cybersecurity Blog.

A growing skepticism around JA3 is evident, and quite understandable as well. Public lists are rarely updated, and initiatives like JA3-fingerprints have been effectively frozen since 2021, creating the impression that this is a “yesterday’s technology.”  However, JA3 fingerprints have not disappeared. Sensors continue to collect them, they appear in reports and threat intelligence interfaces; it’s just that many teams treat them formally, as yet […]

The post From Forgotten Tool to Powerful Pivot: Using JA3 to Expose Attackers’ Infrastructure  appeared first on ANY.RUN's Cybersecurity Blog.

Summarizing the past year’s threat landscape based on activity observed in ANY.RUN’s Interactive Sandbox, this annual report provides insights into the most detected malware types, families, TTPs, and phishing threats of 2025.  For additional insights, view ANY.RUN’s quarterly malware trends reports.   Key Takeaways  Summary  In 2025, ANY.RUN experienced significant growth alongside a rise in malicious activity. The numbers reflect a substantial growth of deep investigations and the detections of evasive threats facilitated by Interactive Sandbox:  As investigation volume and behavioral visibility increase, 15K+ security teams gain earlier detection, richer […]

The post Malware Trends Report 2025: New Security Risks for Businesses in 2026 appeared first on ANY.RUN's Cybersecurity Blog.

In busy SOC environments, every minute spent waiting for threat validation slows containment and impacts response metrics. The ANY.RUN integration with Tines delivers trusted verdicts and enriched context in seconds to cut mean time to respond (MTTR) and keep investigations flowing without delays.  ANY.RUN X Tines Integration: Faster Triage with Behavior-Driven Context  The new integration lets your SOC team pull actionable verdicts and […]

The post ANY.RUN & Tines: Scale SOC and Meet SLAs with Powerful Automation  appeared first on ANY.RUN's Cybersecurity Blog.

Manufacturing companies have quietly become one of the most hunted species in the modern threat landscape. Not because they are careless, but because they are operationally critical, geographically distributed, and often rely on complex IT and OT environments that attackers love to probe.  Key Takeaways  The Threat Landscape: Manufacturing Under Siege  ANY.RUN‘s data, based on sandbox submissions […]

The post German Manufacturing Under Phishing Attacks: Tracking a Stealthy AsyncRAT Campaign  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN’s team conducted an extensive malware analysis of CastleLoader, the first link in the chain of attacks impacting various industries, including government agencies and critical infrastructures. It’s a unique walkthrough of its entire execution path, from a packaged installer to C2 server connection, as well as an overview of a parser developed to extract initialized […]

The post CastleLoader Analysis: A Deep Dive into Stealthy Loader Targeting Government Sector appeared first on ANY.RUN's Cybersecurity Blog.

SOAR platforms are excellent at moving work forward. They trigger playbooks, route incidents, and enforce consistent response steps. What they don’t do well on their own is confirm what’s actually SOAR helps teams move faster, but speed isn’t the real problem.  The real issue is figuring out what an alert actually means. A sandbox solves that by safely running the file or link […]

The post Integrating a Malware Sandbox into SOAR Workflows: Steps, Benefits, and Impact  appeared first on ANY.RUN's Cybersecurity Blog.

By 2026, MSSPs will compete less on tooling and more on clarity, speed, and foresight. Security buyers want proof that their provider understands what threats matter now, how fast they can respond, and how security decisions reduce business risk. At the center of this challenge sits threat intelligence. Not as a research output, but as […]

The post 5 Ways MSSPs Can Win Clients in 2026 appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN is wrapping up 2025 with updates that take pressure off your SOC and help your team work faster. You can now get AI‑generated Sigma rules, track threats by industry and region, and detect new campaigns with better speed and accuracy.   Let’s see what these improvements bring to your security stack.  Product Updates  Industry & Geo Threat Landscape […]

The post Release Notes: AI Sigma Rules, Live Threat Landscape & 1,700+ New Detections appeared first on ANY.RUN's Cybersecurity Blog.

We’re glad to present our regular quarterly report highlighting the most prominent malicious trends of the last three months of 2025, as observed by ANY.RUN’s community. Following the release of our annual report on key threats and milestones, this report offers a closer look at the threat landscape of the final chapter of 2025.  The Malware Trends report Q4 features top malware types, families, phishing kits, TTPs, […]

The post Malware Trends Q4 2025: Inside ANY.RUN’s Latest Threat Landscape Report  appeared first on ANY.RUN's Cybersecurity Blog.

It’s December — that time of year when we take a pause and look back at how much we’ve achieved.  If you’re reading this, chances are you’ve shared these wins with us. Maybe you’ve launched one analysis, maybe thousands. Maybe you’ve browsed our Threat Intelligence Lookup daily or just joined us. Anyhow, thanks for being here!  2025 kept all of us busy for sure. But it also brought a ton of breakthrough studies, insights, and improvements. Let’s glance back […]

The post Year in Review by ANY.RUN: Key Threats, Solutions, and Breakthroughs of 2025  appeared first on ANY.RUN's Cybersecurity Blog.

When CISOs ask for budget, they are rarely competing against “no security.” They are competing against growth initiatives, product launches, and cost optimization.  Technical jargon and security metrics often fall flat here. To win the conversation, threat intelligence cannot be framed as more data for analysts. It must be positioned as a business enabler that reduces […]

The post 5 Ways Threat Intelligence Drives ROI in SOCs: Board-Ready Cases for CISOs  appeared first on ANY.RUN's Cybersecurity Blog.

If you’ve ever looked at a SOC queue and thought, “Where do we even start?” you’re not alone.  Most teams face more alerts than they can realistically investigate, tools that don’t always connect, and investigations that take longer than they should.  In a recent webinar, we shared a simple framework for speeding up detection and response without overloading teams. You can watch the full […]

The post SOC Leader’s Playbook: 3 Practical Steps to Faster MTTR  appeared first on ANY.RUN's Cybersecurity Blog.

Security teams face thousands of alerts every single day. Many of them don’t clearly show whether there’s a true threat behind them. Investigation slows down, analysts lose time on low-value signals, and important findings are often buried in noise.  AI Sigma Rules change this routine. With this new capability in ANY.RUN’s Interactive Sandbox, SOC teams can not only see the source of malicious activity […]

The post AI Sigma Rules: Scale Threat Detection, Drive Down MTTR  appeared first on ANY.RUN's Cybersecurity Blog.

Phishing used to be easy to spot. Now it looks clean, trusted, and almost perfect. Behind it are phishkits; ready-made attack platforms built to steal credentials, bypass MFA, and hijack live sessions in seconds.  For SOC teams, one click starts the countdown. What looks like a routine alert can already be a live account takeover.  Here’s how these attacks actually […]

The post Phishing Kit Attacks 101: Everything SOC Analysts Should Know  appeared first on ANY.RUN's Cybersecurity Blog.

Effective cyber security depends on knowing which risks matter most. ANY.RUN’s Threat Intelligence Lookup provides industry and geographic context, powered by live attack investigations from 15,000+ companies, that SOC teams need to prioritize alerts, IOCs, and threats with confidence and build their defense strategy for maximum ROI.  Here’s how.  Challenge: Context-free TI Wastes SOC Time  Most threat intelligence sources return long lists of IPs, domains, […]

The post Track Evolving Cyber Threat Landscape for Your Industry & Country in Real Time  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: This work is a collaboration between Mauro Eldritch from BCA LTD, a company dedicated to threat intelligence and hunting, Heiner García from NorthScan, a threat intelligence initiative uncovering North Korean IT worker infiltration, and ANY.RUN, the leading company in malware analysis and threat intelligence. The article was written by Mauro and Heiner. In this article, we’ll uncover an entire North Korean infiltration operation aimed […]

The post Smile, You’re on Camera: A Live Stream from Inside Lazarus Group’s IT Workers Scheme  appeared first on ANY.RUN's Cybersecurity Blog.

 Phishing kits usually have distinct signatures in their delivery methods, infrastructure, and client-side code, which makes attribution fairly predictable. But recent samples began showing traits from two different kits at once, blurring those distinctions.  That’s exactly what ANY.RUN analysts saw with Salty2FA and Tycoon2FA: a sudden drop in Salty activity, the appearance of Tycoon indicators inside Salty-linked chains, and eventually single […]

The post Salty2FA & Tycoon2FA Hybrid: A New Phishing Threat to Enterprises  appeared first on ANY.RUN's Cybersecurity Blog.