Anyrun

A large-scale magecart operation remained active for over 24 months, leveraging an infrastructure of 100+ domains. While the targeted victims are e-commerce websites, the actual pressure falls on banks and payment systems. As ANY.RUN’s analysis shows, threat actors applied multi-step checkout hijacking, payment page mimicry, and WebSocket-based exfiltration of card data.  This report provides both executive-level insights and technical analysis of the campaign.  Key Takeaways  Campaign Overview  A […]

The post Active Magecart Campaign Targets Spain, Steals Card Data via Hijacked eStores for Bank Fraud  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN has been recognized at Global InfoSec Awards 2026 by Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. The award ceremony took place during RSAC™ 2026 conference. We’re especially proud and grateful that our impact for the industry has been acknowledged in two categories at once:  This dual recognition reflects the approach to cybersecurity we prioritize: supporting the full SOC […]

The post ANY.RUN Recognized for Innovations and Market Leadership at Global InfoSec Awards 2026   appeared first on ANY.RUN's Cybersecurity Blog.

DDoS attacks are no longer only an infrastructure problem. They can quickly turn into a business issue, affecting uptime, customer experience, and operational stability. Kamasers is a strong example of this new reality, with broad attack capabilities and resilient command-and-control mechanisms that allow it to remain active under pressure. Let’s explore the Kamasers botnet through […]

The post Kamasers Analysis: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN spoke with the Interim CISO and Director of Cyber Operations at Health Shared Services, who provided insights into how their team addressed alert fatigue, improved MTTD and MTTR, and strengthened their investigation workflow with ANY.RUN.  In this new addition to our success story series, we explore how the healthcare organization’s SOC team improved detection, triage, and response efficiency while maintaining the existing operational processes.  Organization Overview  Health Shared Services is a healthcare support organization based in Alberta, Canada.  Its SOC team consists of 16 […]

The post Canada-Based Organization Health Shared Services Accelerates SOC Investigations with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

We’re thrilled to announce that ANY.RUN has once again been recognized in IT-Harvest’s 2026 Cyber 150, a list of the fastest-growing cybersecurity companies. Receiving this recognition for the second year in a row makes this moment especially meaningful and reflects the strong progress our company made over the past year.  It also points to a broader shift in the market. […]

The post ANY.RUN Enters IT-Harvest’s 2026 Cyber 150 for Fast Growth and Industry Impact  appeared first on ANY.RUN's Cybersecurity Blog.

Enterprise security teams are no longer defending a single-platform environment. They are expected to investigate threats across multiple platforms every day, often under constant pressure to move faster and make the right call early. When analysis workflows are split across different tools and environments, triage slows down, investigations take longer, and business risks grow.  To help SOC and MSSP teams handle cross-platform threats […]

The post Ready for macOS Threats: Expanding Your SOC’s Cross-Platform Analysis with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

MTTR is where strategy meets reality. In security operations, it is the margin between a contained incident and a catastrophic breach.  You can have perfect detection coverage, cutting-edge telemetry, and a wall of dashboards glowing like a spaceship cockpit. But if your team takes too long to respond, the attacker still wins the clock. Reducing Mean Time to Respond is not about shaving seconds for vanity metrics. It is about compressing the window in which damage happens. And the fastest way to do that is not more alerts, but better intelligence.  Key Takeaways  Beyond the […]

The post How to Reduce MTTR in Your SOC with Better Threat Intelligence appeared first on ANY.RUN's Cybersecurity Blog.

As part of a recent live expert panel, ANY.RUN together with threat researcher and ethical hacker Mauro Eldritch explored biggest security risks companies should be prepared for in 2026.  The discussion covered several relevant cases, from the Lazarus IT Workers operation to the rapid rise of AI-driven phishing attacks, and examined the common thread behind them: trust abuse.  Below are the key takeaways for those seeking a clearer view of […]

The post Lazarus, AI, and Trust Abuse: Top Enterprise Cybersecurity Risks 2026  appeared first on ANY.RUN's Cybersecurity Blog.

From March 5 to March 7, the ANY.RUN team attended RootedCON 2026 in Madrid and showcase some of our latest capabilities developed for modern SOC environments at the conference expo.  The event provided a great opportunity to meet our existing clients and connect with security teams exploring advanced threat detection solutions.  Meeting the Community and Partners  RootedCON is one of the largest cybersecurity conferences in Europe, bringing together thousands of security researchers, SOC […]

The post ANY.RUN at RootedCON 2026: Meeting Security Teams and Showcasing New Capabilities  appeared first on ANY.RUN's Cybersecurity Blog.

Security teams depend on early signals to spot and contain new threats. But what happens when a fully capable infostealer spreads while traditional detections stay limited?  In recent investigations, ANY.RUN researchers observed MicroStealer in 40+ sandbox sessions in less than a month, despite low public visibility. Early activity points to distribution through compromised or impersonated accounts, […]

The post MicroStealer Analysis: A Fast-Spreading Infostealer with Limited Detection  appeared first on ANY.RUN's Cybersecurity Blog.

In busy SOC environments, every minute spent waiting for threat validation slows containment and impacts response metrics. The ANY.RUN integration with Tines brings trusted verdicts and behavioral intelligence directly into the workflows you build in Tines. You can validate alerts, enrich incidents, and respond faster without switching tools, helping you reduce mean time to respond (MTTR) and […]

The post ANY.RUN & Tines: Scale SOC and Meet SLAs with Intelligent Workflows appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN’s analysts are observing a sharp increase in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week. This technique represents a shift from credential phishing to token-based account takeover, making detection significantly harder for many SOC teams.  Key Takeaways  How the Attack Works  In this campaign, attackers abuse Microsoft’s device […]

The post OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector appeared first on ANY.RUN's Cybersecurity Blog.

February brought another round of major detection improvements across ANY.RUN’s threat intelligence and sandbox coverage. Alongside new Threat Intelligence reports, our analysts expanded behavioral visibility across dozens of malware families, strengthened detection logic for modern phishing and data-stealing campaigns, and added thousands of new network detection rules.  Let’s take a closer look at the updates delivered this month.  Threat Intelligence Reports  […]

The post Threat Coverage Digest: New Malware Reports and 2,400+ Detection Rules   appeared first on ANY.RUN's Cybersecurity Blog.

February 2026 brought a surge of sophisticated cyber threats targeting businesses across industries. ANY.RUN’s analysts exposed and explored several major cyber threats this month, providing early visibility into emerging malware families and evolving attack techniques.  From new ransomware strains capable of encrypting entire environments in minutes, to fully undetected remote access trojans — the threat […]

The post Major Cyber Attacks in February 2026: BQTLock, Thread-Hijack Phishing, and MFA Bypass Evolution appeared first on ANY.RUN's Cybersecurity Blog.

90% of modern cyberattacks start with phishing and it’s getting worse. The volume of compromise attempts keeps surging, leaving companies more exposed to credential theft and heavy financial hits.  As phishing evolves, we focus on countering the core tactics that make it effective. That’s why ANY.RUN is upgrading the threat detection capabilities of the Interactive Sandbox across all subscription tiers with the new SSL decryption technology.  By extracting encryption keys directly from process memory, it increases the detection rate of phishing inside the sandbox, helping every user and SOC team […]

The post Expanding Phishing Detection at Scale with Automatic SSL Decryption appeared first on ANY.RUN's Cybersecurity Blog.

Security teams don’t lack alerts, they lack fast, reliable context for decision-making. When threat analysis and intelligence are not an integrated part of the SOC workflow, investigations slow down, MTTR grows, and the risk of missed incidents increases. Adding behavioral analysis and live intelligence directly into SIEM closes this gap, turning monitoring, triage, and response […]

The post ANY.RUN & Splunk Enterprise: Stronger Detection, Faster Response in Your SOC appeared first on ANY.RUN's Cybersecurity Blog.

Threat monitoring is treated as one capability among many. Something that sits alongside incident response and threat hunting on an org chart. That framing undersells how central it actually is.  Monitoring is the connective tissue of the entire security operation. Every other SOC function depends on it working well.  For SOC and MSSP leaders, building effective threat monitoring is not about “more alerts.” It […]

The post Turn Your SOC Into a Detection Engine: Rethinking Threat Monitoring appeared first on ANY.RUN's Cybersecurity Blog.

Security professionals rely on early detection signals to prioritize and contain incidents. But what happens when a fully capable RAT generates none?  In a recent investigation, the ANY.RUN experts uncovered a new Go-based remote access trojan we named Moonrise. At the time of analysis, it wasn’t detected on VirusTotal and had no vendor signatures tied to it.  That’s the problem teams can’t ignore: credential theft, remote command execution, and persistence […]

The post Moonrise RAT: A New Low-Detection Threat with High-Cost Consequences appeared first on ANY.RUN's Cybersecurity Blog.

G2, the world’s largest and most trusted software marketplace, has recognized ANY.RUN among the Best Software Companies. The ranking is based on verified reviews from organizations actively using ANY.RUN’s solutions. It reflects the company’s strong international presence and measurable impact across global cybersecurity markets. Thank You to Our Community  Recognition on G2’s Top 50 Best […]

The post G2 Recognizes ANY.RUN Among the Top 50 Best Software Companies in the Region appeared first on ANY.RUN's Cybersecurity Blog.

Every security alert represents a decision point. Act too slowly, and a threat becomes a breach. Act without context, and analysts drown in noise. At the center of both failure modes is a single, often underestimated process: alert enrichment.  Key Takeaways The Seconds That Define a Breach  Alert enrichment is the practice of layering contextual intelligence onto […]

The post One Process, Every Metric: How Better Alert Enrichment Transforms SOC Performance appeared first on ANY.RUN's Cybersecurity Blog.