Anyrun

For years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server.  The reality in 2026 is very different. Apple devices now make up a significant share of corporate endpoints. And they sit in the hands of the people attackers most want […]

The post ClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the Wild appeared first on ANY.RUN's Cybersecurity Blog.

Reaching a higher level of SOC maturity takes better, more consistent decision-making during malware and phishing investigation.  This requires a shift in how threat intelligence is used: not as a reference point, but as a core layer in the decision process.  Moving from reactive to confidently proactive security means establishing a threat intelligence workflow that: In this model, threat intelligence becomes part of the SOC’s operational fabric. That’s what ANY.RUN […]

The post From Reactive to Proactive: 5 Steps to SOC Maturity with Threat Intelligence  appeared first on ANY.RUN's Cybersecurity Blog.

March 2026 brought a wave of cyber attacks that reflected how quickly modern threats can move from subtle early signals to serious business impact. ANY.RUN analysts identified and explored several major threats this month, exposing phishing campaigns, stealthy malware, payment-skimming activity, and resilient botnet infrastructure affecting organizations across industries. From Microsoft 365 token abuse and […]

The post Major Cyber Attacks in March 2026: OAuth Phishing, SVG Smuggling, Magecart, and More  appeared first on ANY.RUN's Cybersecurity Blog.

March was a packed month for ANY.RUN. We rolled out major product improvements that help security teams investigate phishing inside encrypted traffic, expand cross-platform analysis with macOS, and bring Windows Server into the sandbox workflow. At the same time, our detection team continued to strengthen threat coverage with new behavior signatures, Suricata rules, and fresh threat intelligence reports focused on active […]

The post Release Notes: Cross-Platform Threat Analysis with macOS, SSL Decryption, and 1,300+ New Detections  appeared first on ANY.RUN's Cybersecurity Blog.

We’ve just returned from RSAC™ 2026 in San Francisco, one of the most important cybersecurity events of the year.  As always, the conference brought together security leaders, vendors, and practitioners from around the world. For the ANY.RUN team, it was a packed few days of meetings with customers and partners, insightful presentations, and strong industry recognition.  ANY.RUN at RSAC […]

The post ANY.RUN at RSAC™ 2026: Highlights & Industry Recognition appeared first on ANY.RUN's Cybersecurity Blog.

A large-scale magecart operation remained active for over 24 months, leveraging an infrastructure of 100+ domains. While the targeted victims are e-commerce websites, the actual pressure falls on banks and payment systems. As ANY.RUN’s analysis shows, threat actors applied multi-step checkout hijacking, payment page mimicry, and WebSocket-based exfiltration of card data.  This report provides both executive-level insights and technical analysis of the campaign.  Key Takeaways  Campaign Overview  A […]

The post Active Magecart Campaign Targets Spain, Steals Card Data via Hijacked eStores for Bank Fraud  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN has been recognized at Global InfoSec Awards 2026 by Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. The award ceremony took place during RSAC™ 2026 conference. We’re especially proud and grateful that our impact for the industry has been acknowledged in two categories at once:  This dual recognition reflects the approach to cybersecurity we prioritize: supporting the full SOC […]

The post ANY.RUN Recognized for Innovations and Market Leadership at Global InfoSec Awards 2026   appeared first on ANY.RUN's Cybersecurity Blog.

DDoS attacks are no longer only an infrastructure problem. They can quickly turn into a business issue, affecting uptime, customer experience, and operational stability. Kamasers is a strong example of this new reality, with broad attack capabilities and resilient command-and-control mechanisms that allow it to remain active under pressure. Let’s explore the Kamasers botnet through […]

The post Kamasers Analysis: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN spoke with the Interim CISO and Director of Cyber Operations at Health Shared Services, who provided insights into how their team addressed alert fatigue, improved MTTD and MTTR, and strengthened their investigation workflow with ANY.RUN.  In this new addition to our success story series, we explore how the healthcare organization’s SOC team improved detection, triage, and response efficiency while maintaining the existing operational processes.  Organization Overview  Health Shared Services is a healthcare support organization based in Alberta, Canada.  Its SOC team consists of 16 […]

The post Canada-Based Organization Health Shared Services Accelerates SOC Investigations with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

We’re thrilled to announce that ANY.RUN has once again been recognized in IT-Harvest’s 2026 Cyber 150, a list of the fastest-growing cybersecurity companies. Receiving this recognition for the second year in a row makes this moment especially meaningful and reflects the strong progress our company made over the past year.  It also points to a broader shift in the market. […]

The post ANY.RUN Enters IT-Harvest’s 2026 Cyber 150 for Fast Growth and Industry Impact  appeared first on ANY.RUN's Cybersecurity Blog.

Enterprise security teams are no longer defending a single-platform environment. They are expected to investigate threats across multiple platforms every day, often under constant pressure to move faster and make the right call early. When analysis workflows are split across different tools and environments, triage slows down, investigations take longer, and business risks grow.  To help SOC and MSSP teams handle cross-platform threats […]

The post Ready for macOS Threats: Expanding Your SOC’s Cross-Platform Analysis with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

MTTR is where strategy meets reality. In security operations, it is the margin between a contained incident and a catastrophic breach.  You can have perfect detection coverage, cutting-edge telemetry, and a wall of dashboards glowing like a spaceship cockpit. But if your team takes too long to respond, the attacker still wins the clock. Reducing Mean Time to Respond is not about shaving seconds for vanity metrics. It is about compressing the window in which damage happens. And the fastest way to do that is not more alerts, but better intelligence.  Key Takeaways  Beyond the […]

The post How to Reduce MTTR in Your SOC with Better Threat Intelligence appeared first on ANY.RUN's Cybersecurity Blog.

As part of a recent live expert panel, ANY.RUN together with threat researcher and ethical hacker Mauro Eldritch explored biggest security risks companies should be prepared for in 2026.  The discussion covered several relevant cases, from the Lazarus IT Workers operation to the rapid rise of AI-driven phishing attacks, and examined the common thread behind them: trust abuse.  Below are the key takeaways for those seeking a clearer view of […]

The post Lazarus, AI, and Trust Abuse: Top Enterprise Cybersecurity Risks 2026  appeared first on ANY.RUN's Cybersecurity Blog.

From March 5 to March 7, the ANY.RUN team attended RootedCON 2026 in Madrid and showcase some of our latest capabilities developed for modern SOC environments at the conference expo.  The event provided a great opportunity to meet our existing clients and connect with security teams exploring advanced threat detection solutions.  Meeting the Community and Partners  RootedCON is one of the largest cybersecurity conferences in Europe, bringing together thousands of security researchers, SOC […]

The post ANY.RUN at RootedCON 2026: Meeting Security Teams and Showcasing New Capabilities  appeared first on ANY.RUN's Cybersecurity Blog.

Security teams depend on early signals to spot and contain new threats. But what happens when a fully capable infostealer spreads while traditional detections stay limited?  In recent investigations, ANY.RUN researchers observed MicroStealer in 40+ sandbox sessions in less than a month, despite low public visibility. Early activity points to distribution through compromised or impersonated accounts, […]

The post MicroStealer Analysis: A Fast-Spreading Infostealer with Limited Detection  appeared first on ANY.RUN's Cybersecurity Blog.

In busy SOC environments, every minute spent waiting for threat validation slows containment and impacts response metrics. The ANY.RUN integration with Tines brings trusted verdicts and behavioral intelligence directly into the workflows you build in Tines. You can validate alerts, enrich incidents, and respond faster without switching tools, helping you reduce mean time to respond (MTTR) and […]

The post ANY.RUN & Tines: Scale SOC and Meet SLAs with Intelligent Workflows appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN’s analysts are observing a sharp increase in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week. This technique represents a shift from credential phishing to token-based account takeover, making detection significantly harder for many SOC teams.  Key Takeaways  How the Attack Works  In this campaign, attackers abuse Microsoft’s device […]

The post OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector appeared first on ANY.RUN's Cybersecurity Blog.

February brought another round of major detection improvements across ANY.RUN’s threat intelligence and sandbox coverage. Alongside new Threat Intelligence reports, our analysts expanded behavioral visibility across dozens of malware families, strengthened detection logic for modern phishing and data-stealing campaigns, and added thousands of new network detection rules.  Let’s take a closer look at the updates delivered this month.  Threat Intelligence Reports  […]

The post Threat Coverage Digest: New Malware Reports and 2,400+ Detection Rules   appeared first on ANY.RUN's Cybersecurity Blog.

February 2026 brought a surge of sophisticated cyber threats targeting businesses across industries. ANY.RUN’s analysts exposed and explored several major cyber threats this month, providing early visibility into emerging malware families and evolving attack techniques.  From new ransomware strains capable of encrypting entire environments in minutes, to fully undetected remote access trojans — the threat […]

The post Major Cyber Attacks in February 2026: BQTLock, Thread-Hijack Phishing, and MFA Bypass Evolution appeared first on ANY.RUN's Cybersecurity Blog.

90% of modern cyberattacks start with phishing and it’s getting worse. The volume of compromise attempts keeps surging, leaving companies more exposed to credential theft and heavy financial hits.  As phishing evolves, we focus on countering the core tactics that make it effective. That’s why ANY.RUN is upgrading the threat detection capabilities of the Interactive Sandbox across all subscription tiers with the new SSL decryption technology.  By extracting encryption keys directly from process memory, it increases the detection rate of phishing inside the sandbox, helping every user and SOC team […]

The post Expanding Phishing Detection at Scale with Automatic SSL Decryption appeared first on ANY.RUN's Cybersecurity Blog.