Anyrun

Security leaders are under growing pressure to reduce the time between threat detection and response without adding more complexity to already overloaded SOC workflows. ANY.RUN’s May updates help teams act on security risks more efficiently, improve consistency across investigations, and maintain stronger protection as attacker tactics continue to evolve. Discover the updates your team can […]

The post Release Notes: Decision-Ready SOC Reporting, Elastic Security Integration, and 1400+ Threat Coverage Updates appeared first on ANY.RUN's Cybersecurity Blog.

A previously unidentified cyberattack is quietly spreading through US businesses — and most security tools are not catching it. Researchers at ANY.RUN have identified a new backdoor called JS.MonoGlyphRAT, an advanced piece of malware delivered as an ordinary-looking JavaScript file disguised as a purchase order, quote, or business proposal. Once an employee opens the file, […]

The post From Fake Purchase Orders to Remote Access: Analyzing the JS.MonoGlyphRAT Threat to US Enterprises appeared first on ANY.RUN's Cybersecurity Blog.

What happens when a malware analyst decides to build a product he always wished he had? The case of ANY.RUN tells us that ten years later it may turn into an industry-standard solution, adopted by 74 Fortune 100 companies.  Celebrating a decade of ANY.RUN, CEO Aleksey Lapshin shared his perspective on the evolution of the company, […]

The post Inside ANY.RUN’s 10-Year Evolution: An Interview with CEO Aleksey Lapshin appeared first on ANY.RUN's Cybersecurity Blog.

May 2026 showed how fast routine business activity can turn into real security exposure. ANY.RUN observed phishing campaigns, fileless malware delivery, credential theft, OTP interception, and remote access abuse targeting organizations across industries.  From fake invitations and banking portals to compromised B2B websites and Word Online lures, the month’s attacks had one thing in common: they were built […]

The post Major Cyber Attacks in May 2026: Fake Invitations, Agent Tesla, BlobPhish, and More appeared first on ANY.RUN's Cybersecurity Blog.

Scaling threat detection as an MSSP doesn’t mean hiring more analysts — it means enabling the analysts you already have to handle more clients, more alerts, and more complex threats without burning out. The practical path forward combines three capabilities: continuous real-time intelligence that keeps detection systems current automatically, instant IOC investigation that cuts triage […]

The post How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts? appeared first on ANY.RUN's Cybersecurity Blog.

Your employees are not falling for “bad grammar” phishing anymore. They are being pulled into fake Microsoft logins, banking pages, AI tool instructions, real OAuth flows, and event invitations that look close enough to daily work to pass without alarm.  For CISOs, that is the real social engineering problem in 2026: attacks are no longer […]

The post Top 5 Phishing-Driven Social Engineering Attacks on Companies in 2026 appeared first on ANY.RUN's Cybersecurity Blog.

Ten years in cybersecurity is a long journey. Threats have changed, attacks have become harder to spot, and security teams now need answers faster than ever.  ANY.RUN has grown with those teams.  What started as an interactive sandbox is now a trusted company with threat analysis and intelligence solution used by 15,000+ organizations, 600,000 security professionals, and teams at Fortune […]

The post ANY.RUN Turns 10: Special Offers for Stronger Security Operations appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The analysis is authored by Moises Cerqueira, malware researcher & threat hunter. You can find Moises on LinkedIn and X. Credential theft malware rarely announces itself with ransomware-level noise. Instead, it operates like a silent siphon hidden inside everyday business workflows: invoices, payroll files, purchase orders, procurement requests. Agent Tesla campaigns are especially dangerous because they target the operational […]

The post LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises appeared first on ANY.RUN's Cybersecurity Blog.

Successful SOC operations require more than accurate detections. Instant access to context, clear conclusions, and operationally relevant insights allow incidents to move across workflows without delays:  Making ANY.RUN’s Interactive Sandbox a part of your standard SOC workflow helps eliminate bottlenecks that occur along the incident lifecycle by contributing to the optimization of each process, decision, and report. SOC-ready Tier 1 reports turn complex sandboxing analysis into structured, decision-ready intelligence for faster, […]

The post New SOC-Ready Reporting for Faster Triage, Escalation, and Incident Response with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

Security teams don’t lack data. They lack timely, usable intelligence. Analysts spend too much time validating indicators, switching between tools, and figuring out what actually matters. This introduces delays and puts organizations at risk of a missed incident.   ANY.RUN solves this by bringing real-time, behavior-validated threat intelligence from ANY.RUN integrated into Elastic Security, where SOC and MSSP teams detect emerging cyberattacks earlier and respond faster without […]

The post ANY.RUN & Elastic Security: Bring Threat Intelligence into Detection and Investigation Workflows       appeared first on ANY.RUN's Cybersecurity Blog.

Nowadays CISOs face escalating threats that outpace traditional defenses. The strategy is evolving from compliance-driven checklists to a threat-informed approach. MITRE ATT&CK provides a globally accessible knowledge base of real-world adversary tactics, techniques, and procedures (TTPs), enabling organizations to understand, prioritize, and counter actual attacker behaviors rather than abstract controls.  This shift helps align security efforts with business […]

The post How CISOs Reduce Cyber Risk with MITRE ATT&CK  appeared first on ANY.RUN's Cybersecurity Blog.

A new large-scale phishing campaign is targeting U.S. organizations with fake event invitations that lead to credential theft, OTP interception, or RMM tool installation. ANY.RUN researchers found that the campaign uses a repeatable phishing framework to create event-themed lure pages at scale. Some pages steal email credentials and OTP codes, while others deliver legitimate remote […]

The post New Phishing Campaign Targets US with Credential Theft: What CISOs Need to Know appeared first on ANY.RUN's Cybersecurity Blog.

April brought several updates across ANY.RUN’s Threat Intelligence and detection coverage.  The biggest change is expanded access to Threat Intelligence: Free plan users now get 20 premium requests in TI Lookup and YARA Search. This gives security teams a practical way to check suspicious indicators, explore related sandbox sessions, and validate malware or phishing activity using real attack […]

The post Release Notes: Expanded Threat Intelligence Access, AI Assisted Search 1,770 New Detections and More appeared first on ANY.RUN's Cybersecurity Blog.

Leading a managed security services provider has never been a comfortable job. And it isn’t now, though the demand for MSSPs has never been higher. The global threat landscape is expanding faster than most enterprise security teams can keep pace with, and organizations across every sector are turning to managed providers to fill the gap.   For MSSP leaders, this […]

The post Margin vs. Madness: Fixing MSSP Top 5 Operational Nightmares appeared first on ANY.RUN's Cybersecurity Blog.

CISOs are under pressure to prove that their security programs can detect threats early, reduce business risk, and support fast, confident response. But that becomes harder when attackers stop relying on obviously malicious tools. In recent phishing-to-RMM campaigns observed by ANY.RUN analysts, threat actors are using fake Microsoft, Adobe, and OneDrive pages to deliver legitimate […]

The post Phishing-to-RMM Attacks: The Remote Access Blind Spot CISOs Can’t Ignore  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The analysis is authored by Moises Cerqueira, malware researcher & threat hunter. You can find Moises on LinkedIn and X. A new phishing campaign targeting Brazilian users demonstrates how modern financial malware has evolved from simple credential theft into full-scale, operator-driven fraud platforms. Disguised as a judicial summons, this campaign leverages social engineering, multi-stage malware delivery, and real-time […]

The post Inside agenteV2: How Brazilian Attackers Use Fake Court Summons to Steal Banking Credentials in Real Time  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN has expanded access to Threat Intelligence capabilities for SOC and MSSP teams, backed by live attack data from 15,000 organizations.  Here’s how your team can test TI’s impact on triage quality, response speed, and threat hunting workflows.  See How Threat Intelligence Accelerates Your SOC  ANY.RUN now offers 20 premium requests in Threat Intelligence Lookup and YARA Search as part of the Free plan.   You can get immediate threat context for over 40 types […]

The post More Attack Context for Faster Triage, Response, and Hunting. Now Available to Every SOC appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The research is authored by Mauro Eldritch, offensive security expert and a founder of BCA LTD, a company dedicated to threat intelligence and hunting. You can find Mauro on X.  The recent wave of ClickFix attacks has introduced several new ways to compromise users, establishing itself as a technique that is likely here to stay. We have observed Lazarus Group using […]

The post New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN has observed a sustained surge in a credential-phishing campaign active since 2024. This campaign, dubbed BlobPhish, introduces a sneaky twist: instead of delivering phishing pages via traditional HTTP requests, it generates them directly inside the victim’s browser using blob objects. The result is a phishing payload that lives entirely in memory, leaving little to no trace in logs, caches, […]

The post BlobPhish: The Phantom Phishing Campaign Hiding in Browser Memory appeared first on ANY.RUN's Cybersecurity Blog.

In Chile, cybersecurity compliance is becoming an operational issue, not just a legal one. Under the new Cybersecurity Framework Law, organizations must show they have real capabilities for threat detection, incident analysis, and response. For many teams, that exposes a serious gap between regulatory expectations and day-to-day security operations.  Key Takeaways  The Regulatory Shift  Chile has […]

The post Chile’s Cybersecurity Framework Law: How SOCs Achieve Compliance and Response Readiness appeared first on ANY.RUN's Cybersecurity Blog.