Anyrun

The Lazarus Group, North Korea’s state-sponsored hacking collective, has held the title of the most notorious advanced persistent threat (APT) for almost two decades now. In 2025, it escalated its cyber operations, targeting tech industries with fake IT workers, fraudulent job interviews, and hijacked open-source software.   It’s time to take a closer look at its […]

The post Lazarus Group Attacks in 2025: Here’s Everything SOC Teams Need to Know  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN’s Threat Intelligence Feeds are designed to power SOAR, SIEM, EDR/XDR, TIP, and other security systems. Our goal is simple: to fit naturally into a customer’s security ecosystem so analysts can investigate incidents faster, improve detection quality, and spend less time on repetitive tasks.  Now, IBM QRadar SIEM users can directly consolidate ANY.RUN’s Threat Intelligence […]

The post ANY.RYN x IBM QRadar SIEM: Real-Time Intelligence for Wider Threat Coverage  appeared first on ANY.RUN's Cybersecurity Blog.

August was a busy month at ANY.RUN. We expanded our list of connectors with Microsoft Sentinel and OpenCTI, added Linux Debian (ARM) support to the SDK, and strengthened detection across hundreds of new malware families and techniques. With fresh signatures, rules, and product updates, your SOC can now investigate faster, detect more threats in real time, and keep defenses sharp […]

The post Release Notes: Fresh Connectors, SDK Update, and 2,200+ New Detection Rules  appeared first on ANY.RUN's Cybersecurity Blog.

Running a SOC means living in a world of alerts. Every day, thousands of signals pour in; some urgent, many irrelevant. Analysts need to separate noise from real threats, investigate quickly, and keep the organization safe without letting cases pile up.  The challenge isn’t only about detecting threats but doing it fast enough to reduce escalations, […]

The post Streamline Your SOC: All-in-One Threat Detection with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

 An MSSP leader is no stranger to the relentless pressure of growth. With an expanding client base comes the daunting task of scaling threat detection capabilities: without compromising quality, speed, or your bottom line. The challenge that rises above all is how to grow while maintaining the balance between human potential and organizational demands. Human […]

The post MSSP Growth Guide: Scaling Threat Detection for Expanding Client Base  appeared first on ANY.RUN's Cybersecurity Blog.

Phishing kits and stealers didn’t slow down this August, and neither did we. ANY.RUN analysts tracked some of the month’s most dangerous campaigns, from a 7-stage Tycoon2FA phishing chain to Rhadamanthys delivered via ClickFix, and the discovery of Salty2FA, a brand-new PhaaS framework linked to Storm-1575.  All were analyzed inside ANY.RUN’s Interactive Sandbox, revealing full […]

The post Major Cyber Attacks in August 2025: 7-Stage Tycoon2FA Phishing, New ClickFix Campaign, and Salty2FA appeared first on ANY.RUN's Cybersecurity Blog.

One solution can change everything. ANY.RUN’s Threat Intelligence Lookup is living proof of that.  By delivering a browsable source of threat data, it helps your SOC overcome challenges that have to be faced in order to reach higher detection rates and make smarter security decisions.  Find details on how to make the most of TI […]

The post How to Enrich IOCs with Actionable Threat Context: Tips for SOC Analysts  appeared first on ANY.RUN's Cybersecurity Blog.

Today, phishing accounts for the majority of all cyberattacks. The availability of low-cost, easy-to-use Phishing-as-a-Service (PhaaS) platforms like Tycoon2FA, EvilProxy, and Sneaky2FA only makes the problem worse.  These services are actively maintained by their operators; new evasion techniques are regularly added, and the multi-layered infrastructure behind the phishing kits continues to evolve and expand.  But […]

The post Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article was originally published on March 11, 2024, and updated on August 14, 2025. Security Operations Centers (SOCs) face an overwhelming volume of threat alerts, making it difficult to separate real threats from false positives without heavy resource use.  For teams already working with, or planning to adopt Filigran’s OpenCTI, ANY.RUN now […]

The post ANY.RUN & OpenCTI: Transform SOC for Maximum Performance appeared first on ANY.RUN's Cybersecurity Blog.

As we highlighted in our article on building threat resilience in enterprises, one of the key challenges that stand before CISOs is ensuring proactive security. Reacting to incidents is no longer enough; you need to anticipate upcoming threats.  To achieve this, your team needs powerful solutions that meet your criteria and deliver fast results. Explore […]

The post Bridging the Threat Intelligence Gap in Your SOC: A Guide for Security Leaders  appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X.  North Korean state-sponsored groups, such as Lazarus, continue to target the financial and cryptocurrency sectors with a variety of custom malware families. In previous research, we examined strains like InvisibleFerret, Beavertail, and OtterCookie, often […]

The post PyLangGhost RAT: Rising Stealer from Lazarus Group Striking Finance and Technology  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN now delivers Threat Intelligence (TI) Feeds directly to Microsoft Sentinel via the built-in STIX/TAXII connector. No complicated setups. No custom scripts. Only high-quality indicators of compromise (IOCs) to fortify your SOC and catch attacks early, keeping your business secure.  About the TI Feeds Connector for Microsoft Sentinel   ANY.RUN’s TI Feeds support a seamless, out-of-the-box […]

The post ANY.RUN & Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence appeared first on ANY.RUN's Cybersecurity Blog.

July brought powerful new updates to help your SOC catch threats faster, reduce manual effort, and make more confident decisions, right inside your existing workflows. From fresh integrations to better detection coverage, these changes are built to support your team every step of the way.  In this update:  Keep reading to explore what’s new and how […]

The post Release Notes: QRadar SOAR App, TI Lookup Free Access, and 2,900+ New Detection Rules appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN’s Interactive Sandbox provides SOC teams with the fastest solution for analyzing and detecting cyber threats targeting Windows, Linux, and Android systems. Now, our selection of VMs has been expanded to include Linux Debian 12.2 64-bit (ARM).   With the rapid rise of ARM-based malware, the sandbox helps businesses tackle this threat through proactive analysis and […]

The post Detect ARM Malware in Seconds with Debian Sandbox for Stronger Enterprise Security  appeared first on ANY.RUN's Cybersecurity Blog.

Why are SOC teams still struggling to keep up despite heavy investments in security tools? False positives pile up, evasive threats slip through, and critical alerts often get buried under noise. For CISOs, the challenge is giving teams the visibility and speed they need to respond before damage is done.  ANY.RUN helps close that gap. 95% of […]

The post CISO Blueprint: 5 Steps to Enterprise Cyber Threat Resilience  appeared first on ANY.RUN's Cybersecurity Blog.

While cybercriminals were working overtime this July, so were we at ANY.RUN — and, dare we say, with better results. As always, we’ve picked the most dangerous and intriguing attacks of the month. But this time, there’s more.  Alongside the monthly top, we are highlighting a key trend that’s been powering campaigns throughout 2025: the […]

The post Major Cyber Attacks in July 2025: Obfuscated .LNK‑Delivered DeerStealer, Fake 7‑Zip, and More appeared first on ANY.RUN's Cybersecurity Blog.

Even with all the new ways we stay in touch, Slack, Teams, DMs, email is still the backbone of business communication. That also makes it one of the easiest ways in for attackers.  A single message with the right subject line or attachment can lead to stolen logins, malware infections, or even full network access. […]

The post Top Email Security Risks for Businesses and How to Catch Them Before They Cause Damage  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN’s services processes data on current threats daily, including attacks affecting supply chains. In this case study, we analyze examples of DHL brand abuse. The company is a leading global logistic operator, and attackers exploit its recognition to send phishing emails, potentially targeting its partners.   We will demonstrate how ANY.RUN’s solutions can be used to […]

The post Beating Supply Chain Attacks: DHL Impersonation Case Study   appeared first on ANY.RUN's Cybersecurity Blog.

IBM QRadar SOAR is a go-to platform for incident response. To make things faster and easier for SOCs to use this powerful tool with ANY.RUN’s services, we built an official app. Now you can seamlessly launch different playbooks directly inside SOAR to streamline threat analysis, speed up investigations, and reduce Mean Time to Respond (MTTR) […]

The post Turn Alert Noise into Threat Insights without Leaving QRadar SOAR with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

Get Q2 2025 Report Based on real data from 15,000+ global SOC teams. Top malware types, families, and APTs Changes in threat landscape since Q1 2025 What SOC teams need to focus on Opt in to receive news, updates, and promotions. Get free report Loading… A copy of the report has been sent to your […]

The post Malware Trends Report, Q2 2025: Know the Key Risks to Your Business appeared first on ANY.RUN's Cybersecurity Blog.