Anyrun

A Security Operations Center rarely struggles because it lacks alerts. It struggles because every alert creates work: validate the indicator, understand the behavior, check whether the threat is known, determine its scope, decide whether to escalate, contain the incident, and make sure the same attack is easier to detect next time. When these steps depend […]

The post From Alert Enrichment to Confident Response: How ANY.RUN Powers Every SOC Workflow appeared first on ANY.RUN's Cybersecurity Blog.

EvilTokens can hide serious account takeover risk from your SOC through “ghost” code that appears only after browser-side decryption.  As a result, static URL analysis may miss the most important part of the attack, leaving teams with incomplete evidence, slower triage, and longer exposure to a potential Microsoft 365 compromise.  Full browser-level inspection closes this gap by revealing […]

The post EvilTokens: How “Ghost” Code Threatens US and European Businesses appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN has been recognized as the Best Security Investigation Platform 2026 at the Cybersecurity Stars Awards by The Hacker News.  This award reflects our dedication to building solutions that make a real impact on daily security operations.  At ANY.RUN, we help SOC and MSSP teams worldwide streamline threat investigation workflows through confident decision-making, full malware and phishing visibility, and actionable insights thataccelerate incident investigations and response.  We thank our global community of security professionals for continuously trusting our solutions and supporting our growth!  Reinforcing Our Position as a Market […]

The post The Hacker News Recognizes ANY.RUN as the Best Security Investigation Platform 2026  appeared first on ANY.RUN's Cybersecurity Blog.

 A SOC is where every second counts. Amidst a flood of alerts, false positives, and ever-short time, analysts face the daily challenge of identifying what truly matters — before attackers gain ground.  That’s where alert triage comes in: the essential first step in detecting, prioritizing, and responding to threats efficiently. Done right, it defines the […]

The post Faster Triage, Clearer Evidence, Lower Risk: A SOC Guide to Better Alert Handling appeared first on ANY.RUN's Cybersecurity Blog.

Modern URL phishing relies on dynamic pages, credential harvesting flows, client-side scripts, and layered redirect chains. But most SOC workflows are still built around static analysis, making them blind to most of these tactics.  ANY.RUN changes this forever with in-browser data inspection.  The new technology takes URL analysis to the next level by bringing static and dynamic analysis into one single workflow. Now, […]

The post The New Standard for URL Analysis: Closing Phishing Blind Spots with In-Browser Data Inspection  appeared first on ANY.RUN's Cybersecurity Blog.

Three cities, three cybersecurity conferences, and plenty of conversations with security professionals across Europe.  Over the past few weeks, the ANY.RUN team joined Infosecurity Europe in London, CONFidence Conference in Kraków, and C1b3rWall Congress in Ávila. While every event had its own focus, the discussions pointed in the same direction: security teams need faster investigations, […]

The post From Infosecurity Europe to CONFidence and C1b3rWall: What Security Teams Are Prioritizing in 2026 appeared first on ANY.RUN's Cybersecurity Blog.

Talk to any threat hunter long enough, and beneath the polished case studies and conference talks, the same frustrations surface. Hunting is supposed to be proactive. In practice, it often feels reactive. You are chasing whispers of activity through log noise, querying SIEM fields that barely reflect real attacker behavior and writing detections against technique descriptions that […]

The post Intelligence-Driven Threat Hunting: How SOCs Find What Alerts Miss appeared first on ANY.RUN's Cybersecurity Blog.

Securing a university means defending a highly open environment, where thousands of users, devices, and external connections create constant exposure to risk. We had a unique opportunity to get an inside look at how these operations are run at a powerhouse R1 institution, the University of Massachusetts Boston.    We sat down with Daniel Mayer, Endpoint […]

The post Protecting 50,000 Users: How ANY.RUN Drives Incident Prevention at UMass Boston appeared first on ANY.RUN's Cybersecurity Blog.

We are proud to announce that ANY.RUN has earned the title of Momentum Leader and ranked #1 in the Relationship Index in the latest G2 Summer Reports. Reflecting real security teams’ actual experience, these rankings once again prove how critical ANY.RUN’s solutions are for daily SOC operations in modern enterprises.  Why ANY.RUN’s Momentum Leader Title Matters for Your Team  G2 awards […]

The post Leader in Malware Analysis: ANY.RUN Named Top Vendor in G2 Summer 2026 Awards appeared first on ANY.RUN's Cybersecurity Blog.

Based on 2,101,483 malware and phishing investigations from Q1 2026, ANY.RUN‘s Cyber Risk report provides a real-world view of modern attack trends.  It covers trending malware families, TTPs, and other technical observations, while also delivering executive insights CISOs and SOC teams can use to connect attacker behavior to business risk.  Combining data-backed malware trends with strategic guidance for security leaders, the report reveals critical gaps in detection, response, and visibility that directly impact business resilience, and outlines solutions organizations can use […]

The post Q1 2026 Cyber Risk Report: Insights from 2.1 Million Malware and Phishing Investigations  appeared first on ANY.RUN's Cybersecurity Blog.

Security leaders are under growing pressure to reduce the time between threat detection and response without adding more complexity to already overloaded SOC workflows. ANY.RUN’s May updates help teams act on security risks more efficiently, improve consistency across investigations, and maintain stronger protection as attacker tactics continue to evolve. Discover the updates your team can […]

The post Release Notes: Decision-Ready SOC Reporting, Elastic Security Integration, and 1400+ Threat Coverage Updates appeared first on ANY.RUN's Cybersecurity Blog.

A previously unidentified cyberattack is quietly spreading through US businesses — and most security tools are not catching it. Researchers at ANY.RUN have identified a new backdoor called JS.MonoGlyphRAT, an advanced piece of malware delivered as an ordinary-looking JavaScript file disguised as a purchase order, quote, or business proposal. Once an employee opens the file, […]

The post From Fake Purchase Orders to Remote Access: Analyzing the JS.MonoGlyphRAT Threat to US Enterprises appeared first on ANY.RUN's Cybersecurity Blog.

What happens when a malware analyst decides to build a product he always wished he had? The case of ANY.RUN tells us that ten years later it may turn into an industry-standard solution, adopted by 74 Fortune 100 companies.  Celebrating a decade of ANY.RUN, CEO Aleksey Lapshin shared his perspective on the evolution of the company, […]

The post Inside ANY.RUN’s 10-Year Evolution: An Interview with CEO Aleksey Lapshin appeared first on ANY.RUN's Cybersecurity Blog.

May 2026 showed how fast routine business activity can turn into real security exposure. ANY.RUN observed phishing campaigns, fileless malware delivery, credential theft, OTP interception, and remote access abuse targeting organizations across industries.  From fake invitations and banking portals to compromised B2B websites and Word Online lures, the month’s attacks had one thing in common: they were built […]

The post Major Cyber Attacks in May 2026: Fake Invitations, Agent Tesla, BlobPhish, and More appeared first on ANY.RUN's Cybersecurity Blog.

Scaling threat detection as an MSSP doesn’t mean hiring more analysts — it means enabling the analysts you already have to handle more clients, more alerts, and more complex threats without burning out. The practical path forward combines three capabilities: continuous real-time intelligence that keeps detection systems current automatically, instant IOC investigation that cuts triage […]

The post How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts? appeared first on ANY.RUN's Cybersecurity Blog.

Your employees are not falling for “bad grammar” phishing anymore. They are being pulled into fake Microsoft logins, banking pages, AI tool instructions, real OAuth flows, and event invitations that look close enough to daily work to pass without alarm.  For CISOs, that is the real social engineering problem in 2026: attacks are no longer […]

The post Top 5 Phishing-Driven Social Engineering Attacks on Companies in 2026 appeared first on ANY.RUN's Cybersecurity Blog.

Ten years in cybersecurity is a long journey. Threats have changed, attacks have become harder to spot, and security teams now need answers faster than ever.  ANY.RUN has grown with those teams.  What started as an interactive sandbox is now a trusted company with threat analysis and intelligence solution used by 15,000+ organizations, 600,000 security professionals, and teams at Fortune […]

The post ANY.RUN Turns 10: Special Offers for Stronger Security Operations appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The analysis is authored by Moises Cerqueira, malware researcher & threat hunter. You can find Moises on LinkedIn and X. Credential theft malware rarely announces itself with ransomware-level noise. Instead, it operates like a silent siphon hidden inside everyday business workflows: invoices, payroll files, purchase orders, procurement requests. Agent Tesla campaigns are especially dangerous because they target the operational […]

The post LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises appeared first on ANY.RUN's Cybersecurity Blog.

Successful SOC operations require more than accurate detections. Instant access to context, clear conclusions, and operationally relevant insights allow incidents to move across workflows without delays:  Making ANY.RUN’s Interactive Sandbox a part of your standard SOC workflow helps eliminate bottlenecks that occur along the incident lifecycle by contributing to the optimization of each process, decision, and report. SOC-ready Tier 1 reports turn complex sandboxing analysis into structured, decision-ready intelligence for faster, […]

The post New SOC-Ready Reporting for Faster Triage, Escalation, and Incident Response with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

Security teams don’t lack data. They lack timely, usable intelligence. Analysts spend too much time validating indicators, switching between tools, and figuring out what actually matters. This introduces delays and puts organizations at risk of a missed incident.   ANY.RUN solves this by bringing real-time, behavior-validated threat intelligence from ANY.RUN integrated into Elastic Security, where SOC and MSSP teams detect emerging cyberattacks earlier and respond faster without […]

The post ANY.RUN & Elastic Security: Bring Threat Intelligence into Detection and Investigation Workflows       appeared first on ANY.RUN's Cybersecurity Blog.