Anyrun

CISOs are under pressure to prove that their security programs can detect threats early, reduce business risk, and support fast, confident response. But that becomes harder when attackers stop relying on obviously malicious tools. In recent phishing-to-RMM campaigns observed by ANY.RUN analysts, threat actors are using fake Microsoft, Adobe, and OneDrive pages to deliver legitimate […]

The post Phishing-to-RMM Attacks: The Remote Access Blind Spot CISOs Can’t Ignore  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The analysis is authored by Moises Cerqueira, malware researcher & threat hunter. You can find Moises on LinkedIn and X. A new phishing campaign targeting Brazilian users demonstrates how modern financial malware has evolved from simple credential theft into full-scale, operator-driven fraud platforms. Disguised as a judicial summons, this campaign leverages social engineering, multi-stage malware delivery, and real-time […]

The post Inside agenteV2: How Brazilian Attackers Use Fake Court Summons to Steal Banking Credentials in Real Time  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN has expanded access to Threat Intelligence capabilities for SOC and MSSP teams, backed by live attack data from 15,000 organizations.  Here’s how your team can test TI’s impact on triage quality, response speed, and threat hunting workflows.  See How Threat Intelligence Accelerates Your SOC  ANY.RUN now offers 20 premium requests in Threat Intelligence Lookup and YARA Search as part of the Free plan.   You can get immediate threat context for over 40 types […]

The post More Attack Context for Faster Triage, Response, and Hunting. Now Available to Every SOC appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The research is authored by Mauro Eldritch, offensive security expert and a founder of BCA LTD, a company dedicated to threat intelligence and hunting. You can find Mauro on X.  The recent wave of ClickFix attacks has introduced several new ways to compromise users, establishing itself as a technique that is likely here to stay. We have observed Lazarus Group using […]

The post New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN has observed a sustained surge in a credential-phishing campaign active since 2024. This campaign, dubbed BlobPhish, introduces a sneaky twist: instead of delivering phishing pages via traditional HTTP requests, it generates them directly inside the victim’s browser using blob objects. The result is a phishing payload that lives entirely in memory, leaving little to no trace in logs, caches, […]

The post BlobPhish: The Phantom Phishing Campaign Hiding in Browser Memory appeared first on ANY.RUN's Cybersecurity Blog.

In Chile, cybersecurity compliance is becoming an operational issue, not just a legal one. Under the new Cybersecurity Framework Law, organizations must show they have real capabilities for threat detection, incident analysis, and response. For many teams, that exposes a serious gap between regulatory expectations and day-to-day security operations.  Key Takeaways  The Regulatory Shift  Chile has […]

The post Chile’s Cybersecurity Framework Law: How SOCs Achieve Compliance and Response Readiness appeared first on ANY.RUN's Cybersecurity Blog.

Modern phishing campaigns increasingly abuse legitimate services. Cloud platforms, file-sharing tools, trusted domains, and widely used SaaS applications are now part of the attacker’s toolkit. Instead of breaking trust, attackers borrow it.  This shift creates a dangerous asymmetry. Security controls often whitelist or inherently trust these services, while users are far less likely to question them. The […]

The post When Trust Becomes a Weapon: Google Cloud Storage Phishing Deploying Remcos RAT appeared first on ANY.RUN's Cybersecurity Blog.

Germany’s economy is a precision machine: finance fuels it, manufacturing builds it, telecom connects it, IT optimizes it, and healthcare sustains it. The country sits at the crossroads of industrial power and digital transformation, making it irresistibly attractive to attackers. In this article, we explore real-world attacks targeting five critical German industries, analyzed by ANY.RUN’s analysts using Interactive […]

The post How Phishing Is Targeting Germany’s Economy: Active Threats from Finance to Manufacturing appeared first on ANY.RUN's Cybersecurity Blog.

90% of attacks start with phishing. For CISOs, the real pain begins when the SOC cannot quickly tell whether a suspicious alert is just noise or the start of credential theft, account compromise, malware delivery, or wider business disruption.  Modern phishing campaigns are designed to create exactly that uncertainty. QR codes, redirect chains, CAPTCHAs, phishing kits, and AI-generated lures can all hide the real objective until late […]

The post Building Phishing Detection That Works: 3 Steps for CISOs  appeared first on ANY.RUN's Cybersecurity Blog.

For years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server.  The reality in 2026 is very different. Apple devices now make up a significant share of corporate endpoints. And they sit in the hands of the people attackers most want […]

The post ClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the Wild appeared first on ANY.RUN's Cybersecurity Blog.

Reaching a higher level of SOC maturity takes better, more consistent decision-making during malware and phishing investigation.  This requires a shift in how threat intelligence is used: not as a reference point, but as a core layer in the decision process.  Moving from reactive to confidently proactive security means establishing a threat intelligence workflow that: In this model, threat intelligence becomes part of the SOC’s operational fabric. That’s what ANY.RUN […]

The post From Reactive to Proactive: 5 Steps to SOC Maturity with Threat Intelligence  appeared first on ANY.RUN's Cybersecurity Blog.

March 2026 brought a wave of cyber attacks that reflected how quickly modern threats can move from subtle early signals to serious business impact. ANY.RUN analysts identified and explored several major threats this month, exposing phishing campaigns, stealthy malware, payment-skimming activity, and resilient botnet infrastructure affecting organizations across industries. From Microsoft 365 token abuse and […]

The post Major Cyber Attacks in March 2026: OAuth Phishing, SVG Smuggling, Magecart, and More  appeared first on ANY.RUN's Cybersecurity Blog.

March was a packed month for ANY.RUN. We rolled out major product improvements that help security teams investigate phishing inside encrypted traffic, expand cross-platform analysis with macOS, and bring Windows Server into the sandbox workflow. At the same time, our detection team continued to strengthen threat coverage with new behavior signatures, Suricata rules, and fresh threat intelligence reports focused on active […]

The post Release Notes: Cross-Platform Threat Analysis with macOS, SSL Decryption, and 1,300+ New Detections  appeared first on ANY.RUN's Cybersecurity Blog.

We’ve just returned from RSAC™ 2026 in San Francisco, one of the most important cybersecurity events of the year.  As always, the conference brought together security leaders, vendors, and practitioners from around the world. For the ANY.RUN team, it was a packed few days of meetings with customers and partners, insightful presentations, and strong industry recognition.  ANY.RUN at RSAC […]

The post ANY.RUN at RSAC™ 2026: Highlights & Industry Recognition appeared first on ANY.RUN's Cybersecurity Blog.

A large-scale magecart operation remained active for over 24 months, leveraging an infrastructure of 100+ domains. While the targeted victims are e-commerce websites, the actual pressure falls on banks and payment systems. As ANY.RUN’s analysis shows, threat actors applied multi-step checkout hijacking, payment page mimicry, and WebSocket-based exfiltration of card data.  This report provides both executive-level insights and technical analysis of the campaign.  Key Takeaways  Campaign Overview  A […]

The post Active Magecart Campaign Targets Spain, Steals Card Data via Hijacked eStores for Bank Fraud  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN has been recognized at Global InfoSec Awards 2026 by Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. The award ceremony took place during RSAC™ 2026 conference. We’re especially proud and grateful that our impact for the industry has been acknowledged in two categories at once:  This dual recognition reflects the approach to cybersecurity we prioritize: supporting the full SOC […]

The post ANY.RUN Recognized for Innovations and Market Leadership at Global InfoSec Awards 2026   appeared first on ANY.RUN's Cybersecurity Blog.

DDoS attacks are no longer only an infrastructure problem. They can quickly turn into a business issue, affecting uptime, customer experience, and operational stability. Kamasers is a strong example of this new reality, with broad attack capabilities and resilient command-and-control mechanisms that allow it to remain active under pressure. Let’s explore the Kamasers botnet through […]

The post Kamasers Analysis: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN spoke with the Interim CISO and Director of Cyber Operations at Health Shared Services, who provided insights into how their team addressed alert fatigue, improved MTTD and MTTR, and strengthened their investigation workflow with ANY.RUN.  In this new addition to our success story series, we explore how the healthcare organization’s SOC team improved detection, triage, and response efficiency while maintaining the existing operational processes.  Organization Overview  Health Shared Services is a healthcare support organization based in Alberta, Canada.  Its SOC team consists of 16 […]

The post Canada-Based Organization Health Shared Services Accelerates SOC Investigations with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

We’re thrilled to announce that ANY.RUN has once again been recognized in IT-Harvest’s 2026 Cyber 150, a list of the fastest-growing cybersecurity companies. Receiving this recognition for the second year in a row makes this moment especially meaningful and reflects the strong progress our company made over the past year.  It also points to a broader shift in the market. […]

The post ANY.RUN Enters IT-Harvest’s 2026 Cyber 150 for Fast Growth and Industry Impact  appeared first on ANY.RUN's Cybersecurity Blog.

Enterprise security teams are no longer defending a single-platform environment. They are expected to investigate threats across multiple platforms every day, often under constant pressure to move faster and make the right call early. When analysis workflows are split across different tools and environments, triage slows down, investigations take longer, and business risks grow.  To help SOC and MSSP teams handle cross-platform threats […]

The post Ready for macOS Threats: Expanding Your SOC’s Cross-Platform Analysis with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.