Anyrun

Some attacks smash the door open. LOLBins just borrow your keys and walk right in.  They’re tricky because tools everyone trusts suddenly start doing things that don’t match their usual job; loading odd-looking modules, decoding files that shouldn’t need decoding, or quietly handing work off to hidden PowerShell scripts. At first glance it all feels […]

The post LOLBin Attacks Explained with Examples: Everything SOC Teams Need to Know  appeared first on ANY.RUN's Cybersecurity Blog.

Scaling as a managed security provider can be a mixed blessing. Growth comes with more revenue, but also with increasingly high demands related to maintaining SLAs, quality, and compliance. For MSSPs in healthcare, this pressure is intensified by regulations like HIPAA and NIS2, along with the striking cost of a single mistake.  This was a […]

The post Healthcare MSSP Cuts Phishing Triage by 76% and Launches Proactive Defense with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

How many real threats hide behind the noise your SOC faces every day?  When hundreds of alerts demand attention at once, even the best analysts start to lose focus. The nonstop pressure to react to everything drains energy, clouds judgment, and opens the door to real risk.  Teams using ANY.RUN have already flipped that script:  […]

The post Solve Alert Fatigue, Focus on High-Risk Incidents: An Action Plan for CISOs  appeared first on ANY.RUN's Cybersecurity Blog.

Eric Parker, a recognized cybersecurity expert, has recently released a video on ClickFix attacks, their detection, analysis, and gathering threat intelligence. Here is our recap highlighting the key points and practical advice. ClickFix as the Signature Threat of 2025 In 2025 the internet saw a sharp surge in a deceptively simple but highly effective social-engineering […]

The post ClickFix Explosion: Cross-Platform Social Engineering Turns Users Into Malware Installers  appeared first on ANY.RUN's Cybersecurity Blog.

Big news from the ANY.RUN team; we’ve just been named the 2025 “Trailblazing Threat Intelligence” winner at the Top InfoSec Innovators Awards!  This recognition means a lot to us because it celebrates what we care about most: helping analysts, SOC teams, and researchers access live, actionable threat intelligence that makes a real difference in investigations […]

The post ANY.RUN Wins Trailblazing Threat Intelligence at the 2025 Top InfoSec Innovators Awards appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN’s malware analysis and threat intelligence products are used by 15K SOCs and 500K analysts. Thanks to flexible API/SDK and read-made connectors, they seamlessly integrate with security teams’ existing software to expand threat coverage, reduce MTTR, and streamline performance.  Here’s how ANY.RUN’s solutions can transform your security.  Interactive Sandbox: Detect Evasive Phishing & Malware  ANY.RUN’s […]

The post Unified Security for Fast Response: All ANY.RUN Integrations for SIEM, SOAR, EDR, and More  appeared first on ANY.RUN's Cybersecurity Blog.

October brought another strong round of updates to ANY.RUN, from a new ThreatQ integration that connects our real-time Threat Intelligence Feeds directly into one of the industry’s leading TIPs, to hundreds of new signatures and rules that sharpen network and behavioral detection.  With 125 new behavior signatures, 17 YARA rules, and 3,264 Suricata rules, analysts can now spot emerging threats […]

The post Release Notes: ANY.RUN & ThreatQ Integration, 3,000+ New Rules, and Expanded Detection Coverage  appeared first on ANY.RUN's Cybersecurity Blog.

Each cyberattack leaves behavioral evidence. A malware sandbox provides the secure environment analysts need to study that activity and uncover hidden tactics.  Teams using sandbox analysis report measurable gains:  Behavior-based visibility gives SOCs the upper hand against stealthy attacks. Let’s see how sandbox security works, and why it has become essential for modern threat detection.  […]

The post What is a Malware Sandbox? Everything SOC Analysts and CISOs Need to Know  appeared first on ANY.RUN's Cybersecurity Blog.

Phishing campaigns and ransomware families evolved rapidly this October, from fake Google Careers pages and ClickUp redirect chains to Figma-hosted credential theft and LockBit’s move into ESXi and Linux systems. ANY.RUN analysts also uncovered TyKit, a reusable phishing kit hiding JavaScript inside SVG files to steal Microsoft 365 credentials across multiple sectors.  Each of these […]

The post Major Cyber Attacks in October 2025: Phishing via Google Careers & ClickUp, Figma Abuse, LockBit 5.0, and TyKit  appeared first on ANY.RUN's Cybersecurity Blog.

No SOC is perfect, but it’s possible to overcome frequent shortcomings and achieve measurable results by introducing one essential component of modern cybersecurity operations: threat intelligence.  Organizations using ANY.RUN’s TI solutions report the following results:  Quality, real-time threat intelligence helps SOCs tackle their toughest challenges. More on that below.  #1. Low Detection Rates  As attackers […]

The post 5 SOC Challenges and How Threat Intelligence Solves Them  appeared first on ANY.RUN's Cybersecurity Blog.

Here at ANY.RUN, we know how crucial threat intelligence is for ensuring strong cybersecurity, especially in organizations.  This year, our efforts in promoting this data-driven approach to solving the needs of businesses were praised at CyberSecurity Breakthrough Awards. ANY.RUN was recognized as the Threat Intelligence Company of the Year 2025.  New Milestone on the Way […]

The post ANY.RUN Recognized as Threat Intelligence Company of the Year 2025   appeared first on ANY.RUN's Cybersecurity Blog.

Fresh, actionable IOCs from the latest malware attacks are now available to all security teams using the ThreatQ TIP. ANY.RUN’s Threat Intelligence Feeds integrate seamlessly with the platform, enabling SOCs and MSSPs to boost detection rates, expand threat coverage, and streamline response.   Here’s how you can benefit from it.  Real-Time Visibility of the Current Threat […]

The post ANY.RUN & ThreatQ: Boost Detection Rate, Turbocharge Response Speed  appeared first on ANY.RUN's Cybersecurity Blog.

 A SOC is where every second counts. Amidst a flood of alerts, false positives, and ever-short time, analysts face the daily challenge of identifying what truly matters — before attackers gain ground.  That’s where alert triage comes in: the essential first step in detecting, prioritizing, and responding to threats efficiently. Done right, it defines the […]

The post No Threats Left Behind: SOC Analyst’s Guide to Expert Triage  appeared first on ANY.RUN's Cybersecurity Blog.

Not long ago we reported a spike in phishing attacks that use an SVG file as the delivery vector. One striking detail was how the SVG embeds JavaScript that rebuilds the payload with XOR and then executes it directly via eval() to redirect victims to a phishing page.  A quick look at the indicators we […]

The post Tykit Analysis: New Phishing Kit Stealing Hundreds of Microsoft Accounts in Finance  appeared first on ANY.RUN's Cybersecurity Blog.

Cybersecurity is not just about defense, it is about protecting profits. Organizations without modern threat intelligence (TI) face escalating breach costs, wasted resources, and operational inefficiencies that hit the bottom line.   Here is how actionable intel can help businesses cut costs, optimize workflows, and neutralize risks before they escalate.  Key Takeaways  3 Hidden Costs of […]

The post 5 Ways Threat Intelligence Saves Businesses Money and Resources  appeared first on ANY.RUN's Cybersecurity Blog.

Recently, we have hosted a webinar exploring some of the latest malware and phishing techniques to show how interactive analysis and fresh threat intelligence can help SOC teams stay ahead. ANY.RUN’s experts depicted the evolving landscape of malware tactics, highlighted real-world examples of sophisticated attacks, and provided practical detection tips for analysts.   You can watch […]

The post New Malware Tactics: Cases & Detection Tips for SOCs and MSSPs appeared first on ANY.RUN's Cybersecurity Blog.

Building analyst expertise takes time, often too much… Most new hires need over six months before they can handle complex incidents with confidence, leaving senior analysts to pick up the slack and slowing the entire SOC down.  Traditional training programs can’t keep pace with real attacks. Theories and simulations don’t prepare teams for fast, messy, real-world […]

The post How to Grow SOC Team Expertise for Ultimate Triage & Response Speed  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Clandestine, threat researcher and threat hunter. You can find Clandestine on X.  ANY.RUN’s Threat Intelligence (TI) Lookup is a powerful service for Open Source Intelligence (OSINT) and Threat Intelligence investigations. In this research, we shall analyze 5 specific queries, each targeting different aspects of the threat landscape, to better […]

The post Phishing, Cloud Abuse, and Evasion: Advanced OSINT Investigation with ANY.RUN Threat Intelligence  appeared first on ANY.RUN's Cybersecurity Blog.

September brought big updates to ANY.RUN. From four new connectors that plug our sandbox and threat intelligence straight into the world’s top SIEM and SOAR platforms, to a redesigned Threat Intelligence Lookup home screen built for speed and simplicity, your SOC now works smarter and faster than ever.   Add in 99 fresh signatures, 11 new YARA rules, and 2,322 […]

The post Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X.  AI is part of our lives whether we like it or not. Even if you are not quite a fan, or not a user at all, you probably came across multiple AI-generated avatars, pictures, […]

The post FunkSec’s FunkLocker: How AI Is Powering the Next Wave of Ransomware  appeared first on ANY.RUN's Cybersecurity Blog.