{"id":14592,"date":"2025-07-02T13:40:30","date_gmt":"2025-07-02T13:40:30","guid":{"rendered":"\/cybersecurity-blog\/?p=14592"},"modified":"2025-07-02T13:40:32","modified_gmt":"2025-07-02T13:40:32","slug":"release-notes-june-2025","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/","title":{"rendered":"Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules\u00a0"},"content":{"rendered":"\n<p>We\u2019ve packed June with updates designed to make your day-to-day analysis faster, clearer, and easier than before. Whether you\u2019re just getting started or deep into reverse engineering every day, these improvements are here to save you time and help you catch more threats.&nbsp;<\/p>\n\n\n\n<p>In this update:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Real-time Detonation Action hints that guide you through the steps needed to keep the analysis forward&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enhanced QR code extraction, making it easier to detect phishing links hidden in documents, images, or dropped during runtime&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Expanded threat coverage, including 120 new behavior signatures, 12 YARA rules, and 1,320 Suricata rules across Windows, Linux, and Android&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Scroll down to see what\u2019s new and how these updates can help your team work faster, spot threats earlier, and get more from your <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN sessions<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Product Updates&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Detonation Actions: Faster, Clearer Malware Analysis with Real-Time Guidance&nbsp;<\/h3>\n\n\n\n<p>In June, we focused on helping analysts work faster and with more clarity, especially during high-pressure investigations. That\u2019s why we introduced <a href=\"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Detonation Actions<\/strong><\/a>: real-time execution hints that keep your analysis moving forward without guesswork.&nbsp;<\/p>\n\n\n\n<p>Now, when a sample requires interaction to detonate, like opening a file or following a link, Detonation Actions will show exactly what needs to be done.&nbsp;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-2-1024x580.png\" alt=\"\" class=\"wp-image-14598\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-2-1024x580.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-2-300x170.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-2-768x435.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-2-1536x870.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-2-370x210.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-2-270x153.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-2-740x419.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-2.png 1842w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>You can find the Actions tab next to the Processes tab<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Whether you\u2019re clicking through manually or relying on automation, you\u2019ll&nbsp;see helpful hints to understand how the threat at hand unfolds.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/069d90f5-58e5-4178-90f6-7b1626847d5f\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">See example<\/a>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Manual Mode<\/strong> (Community plan):&nbsp;<br>You\u2019ll see suggested actions during the session and can approve or reject them individually, helping you uncover hidden behavior faster.&nbsp;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"713\" height=\"482\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-1.png\" alt=\"\" class=\"wp-image-14600\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-1.png 713w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-1-300x203.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-1-370x250.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-1-270x183.png 270w\" sizes=\"(max-width: 713px) 100vw, 713px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Automated Interactivity<\/strong> (Paid plans):&nbsp;<br>Detonation Actions are automatically followed as part of a guided flow. Each step is logged and visible, so your team gets full transparency, even when analysis is fully hands-off.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>You\u2019ll find Detonation Actions inside the Actions tab, right next to the process tree. They work across all samples and help analysts of any skill level trigger and observe malware behavior with confidence.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Speeds up threat analysis<\/strong>&nbsp;by guiding analysts through key detonation steps.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Improves SOC handover<\/strong>&nbsp;with action-based insights for smoother investigations.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Accelerates incident response<\/strong>&nbsp;by automating detonation and surfacing behavior fast.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Simplifies onboarding<\/strong>&nbsp;by helping junior analysts learn through guided workflows.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enables smarter decisions<\/strong>&nbsp;with clearer behavioral context during investigations.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Supports automation<\/strong>&nbsp;by integrating with existing workflows and API-based pipelines.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nTest <span class=\"highlight\">Automated Interactivity<\/span> with 14-day trial<br>See how you can streamline analysis and boost detection&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_june_25&#038;utm_term=020725&#038;utm_content=linktodemo\" rel=\"noopener\" target=\"_blank\">\nGet 14-day trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>You can activate Detonation Actions by clicking the new <strong>Auto<\/strong> button when launching your VM or toggle <strong>Automated Interactivity (ML)<\/strong> manually in Advanced Settings.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"797\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image3-1024x797.png\" alt=\"\" class=\"wp-image-14601\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image3-1024x797.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image3-300x234.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image3-768x598.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image3-1536x1196.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image3-370x288.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image3-270x210.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image3-385x300.png 385w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image3-740x576.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image3.png 1680w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Options for enabling Detonation Actions with Automated Interactivity<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">Enhanced QR Code Auto-Extraction for Broader Use Cases&nbsp;<\/h3>\n\n\n\n<p>We\u2019ve improved how the sandbox detects and extracts <a href=\"https:\/\/any.run\/cybersecurity-blog\/qr-extractor\/\" target=\"_blank\" rel=\"noreferrer noopener\">QR codes<\/a>, making it easier to investigate threats hidden in documents, images, and archives.&nbsp;<\/p>\n\n\n\n<p>Now, QR code detection works more reliably across a wider range of file types and delivery methods. Whether it\u2019s a malicious link embedded in a PDF or a code inside an SVG file, the sandbox will automatically pick it up and display the decoded URL in the <em>QR tab <\/em>under <em>Static Discovering<\/em>.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"578\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-1024x578.png\" alt=\"\" class=\"wp-image-14602\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-1024x578.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-768x433.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-1536x866.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-370x209.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-740x417.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>QR code decoded under Static Discovering<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>QR-based phishing is still on the rise. This improvement makes it even easier to detect and investigate QR code threats before a user ever scans them.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Coverage Updates&nbsp;<\/h2>\n\n\n\n<p>This month, we expanded threat detection across all supported platforms, <a href=\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-threats\/\" target=\"_blank\" rel=\"noreferrer noopener\">Windows, Linux, and Android<\/a>, with major additions to our rule base and signature library.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>120 new behavior-based detection signatures&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>12 new <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-rules-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA rules<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>1320 new <a href=\"https:\/\/any.run\/cybersecurity-blog\/detection-with-suricata-ids\/\" target=\"_blank\" rel=\"noreferrer noopener\">Suricata rules<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These updates improve detection accuracy, shorten triage time, and give analysts better visibility into evasive threats. From commodity malware to nation-state actors, the latest rules reflect real-world samples seen in the wild and analyzed inside ANY.RUN.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>New Behavior Signatures<\/strong>&nbsp;<\/h3>\n\n\n\n<p>We added 120 behavior signatures targeting stealers, ransomware, RATs, loaders, and evasive techniques, many of which were observed in active campaigns.&nbsp;<\/p>\n\n\n\n<p>Some highlights:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/adc3242c-25aa-4279-ae84-184dc9a64332\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>PurpleFox<\/strong><\/a> \u2013 A rootkit-enabled malware that abuses SMB vulnerabilities for lateral movement&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e4550654-eb92-44a0-a050-dc5cbe019c99\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Bert Loader<\/strong><\/a> \u2013 Dropper with obfuscated payload delivery tactics&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a2fd3e49-c797-4b56-bbfe-7c90ea8c69b9\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Bondy Loader<\/strong><\/a> \u2013 Frequently used to stage ransomware and remote control tools&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1293d24a-0a63-44ef-91bd-8e728f1bc879\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>XData Ransomware<\/strong><\/a> \u2013 Resurfaces with updated infection logic and encryption flow&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/fd94c175-d4de-4fd4-90b4-26757bcc4093\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>LD_PRELOAD Hijacking<\/strong><\/a> \u2013 A Linux-based persistence technique now tracked as standalone behavior&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/106cc699-a219-42cd-89b7-5210a48216c2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Winlocker<\/strong><\/a> \u2013 Known for fake law enforcement messages and aggressive blocking behavior&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5d976c0c-5c8b-4da4-9bf6-da0f018498a0\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Ransomblox<\/strong><\/a> \u2013 Displays error pop-ups while communicating with its C2 during encryption&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1a61be19-6307-4d1b-88b1-57dff32e6bc1\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Conti-style variant<\/strong><\/a> \u2013 Exhibits callbacks to infrastructure overlapping with known Conti and DragonForce setups&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0e3cf12f-3e40-40c6-892a-0a7214141ff4\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Dacic ransomware<\/strong><\/a> \u2013 Recently observed in campaigns with custom servers and DNS-based C2&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/84576080-370a-45b0-93b4-b2e8f28b963b\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Cyberkiller<\/strong><\/a> \u2013 Attempts stealthy exfiltration before launching destructive behavior&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><em>Platform-Specific Threats<\/em>&nbsp;<\/p>\n\n\n\n<p>New behavior detections were also added for threats targeting specific operating systems:&nbsp;<\/p>\n\n\n\n<p><strong>Windows:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f7e3b88b-1c41-41a1-97b1-0122ed8aced7\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Kiwistealer<\/strong><\/a> \u2013 Stealer that extracts browser data, passwords, and system information&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/cec471dd-6d3e-4256-83e2-63f4af9e683d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>KimJongRAT<\/strong><\/a> \u2013 Remote access trojan that abuses trusted binaries and uses a GUI-based control panel&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/14ddf867-c3a6-4999-af31-c5219aeed11a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Byakugan<\/strong><\/a> \u2013 Leverages signed binaries to inject into processes and maintain stealth&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Linux:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/3eeef61d-c9f8-463d-92c1-e0a8148705e4\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>DSLogdRAT<\/strong><\/a> \u2013 Lightweight Linux backdoor with keylogging, reverse shell access, and simple evasion logic&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Android:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/346da0f4-3a31-4211-b96d-463c97bc002d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Antidot<\/strong><\/a> \u2013 Spyware disguised as a system utility app, capable of remote monitoring&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/b217864c-c6eb-42d9-b4ed-574a42188cc6\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Zanubis<\/strong><\/a> \u2013 Banking trojan that abuses accessibility services to intercept credentials&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e376b81f-58a3-4e52-a7ad-e6e7a9c65db9\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Godfather<\/strong><\/a> \u2013 Targets financial apps and intercepts MFA codes to bypass login security&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">YARA Rule Updates&nbsp;<\/h3>\n\n\n\n<p>We released 12 new and updated YARA rules this month to support faster static detection and classification of threats across all platforms. These rules help flag malicious files before execution and enhance attribution in multi-stage attacks.&nbsp;<\/p>\n\n\n\n<p>Some of the key additions include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/74988ffb-d042-4a13-9a2b-9f4fd7f83ad2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Katz<\/a> \u2013 Credential-dumping tool used in post-exploitation phases&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/9f43eacb-173a-48fb-9919-51ef2098c3aa\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Ryuk<\/a> \u2013 Ransomware version attributed to the hacker group WIZARD SPIDER&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/13618b3e-3a4d-4ef4-9f96-9666139c1e12\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">WirelessKeyView<\/a> \u2013 Tool that extracts stored Wi-Fi credentials from Windows systems&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/33c2256c-ba4f-4e99-979a-205ac4eaaa5e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Mail PassView<\/a> \u2013 Password-recovery tool that reveals the passwords and other account details for email clients&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/4cd3798f-3a63-434c-8319-4323f9e119e0\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SmartSniff<\/a> \u2013 Network sniffer commonly abused in data exfiltration scenarios&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e2ed241a-5323-49fb-8168-c0f5f2f6e115\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">LClipper<\/a> \u2013 Clipper malware that hijacks clipboard data to redirect crypto transactions&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6d1f8909-3651-4b13-85d4-d1b7be5cfd0c\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Phantom<\/a> \u2013 Stealer with anti-analysis techniques, commonly used in phishing kits&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Suricata Rule Updates&nbsp;<\/h3>\n\n\n\n<p>To improve detection of phishing threats at the network layer, we added&nbsp;<strong>1,320 new Suricata rules<\/strong>&nbsp;in June. These rules help security teams identify malicious domains, redirection chains, and phishing infrastructure early in the attack flow.&nbsp;<\/p>\n\n\n\n<p>Here are some of the highlights:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/659a366e-f45b-4795-814d-4e66bde2349d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Lndeed domain typosquatting pattern<\/strong><\/a>&nbsp;(sid:85000784): Identifies indeed.com &#8211; themed phishing attempts&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/browses\/4a7f30aa-8b36-46ad-b169-20c3c3d1ce02\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Document-themed phishing<\/strong><\/a>&nbsp;(sid:85000452): Detects phishing domains utilizing social engineering methods (&#8220;See \/ review \/ share&#8221; + &#8220;document&#8221;)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/browses\/b8a2ad30-0831-4673-a658-9f3b10d0ffcd\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>EvilProxy domain chain<\/strong><\/a>&nbsp;(sid:85000494): Tracks EvilProxy phishing kit activity by sequence of queried domains&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">New Detection Techniques&nbsp;<\/h3>\n\n\n\n<p>We added behavior-based detection for a tactic used by malware to bypass standard execution monitoring:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c2581952-d873-4017-86bd-0c1e5f75edb2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Command execution via FileFix technique<\/strong><\/a> \u2013 This method involves abusing renamed or repurposed legitimate executables (e.g., \u201cFileFix.exe\u201d) to stealthily launch payloads. It\u2019s commonly used in commodity loaders to blend in with normal activity.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>This new detection helps analysts flag unusual execution chains earlier in the process tree and trace hidden payload delivery paths more efficiently.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&nbsp;supports over&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-from-organizations\/\" target=\"_blank\" rel=\"noreferrer noopener\">15,000 organizations<\/a>&nbsp;across industries such as banking, manufacturing, telecommunications, healthcare, retail, and technology, helping them build stronger and more resilient cybersecurity operations.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>With our cloud-based Interactive Sandbox, security teams can safely analyze and understand threats targeting Windows, Linux, and Android environments in less than 40 seconds and without the need for complex on-premise systems. Combined with&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a>, and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, we equip businesses to speed up investigations, reduce security risks, and improve team\u2019s efficiency.&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_june_25&amp;utm_term=020725&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Integrate ANY.RUN\u2019s Threat Intelligence suite in your organization \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019ve packed June with updates designed to make your day-to-day analysis faster, clearer, and easier than before. Whether you\u2019re just getting started or deep into reverse engineering every day, these improvements are here to save you time and help you catch more threats.&nbsp; In this update:&nbsp; Scroll down to see what\u2019s new and how these [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":7723,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,54,55,56],"class_list":["post-14592","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-features","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: Detonation Actions, Better QR Decoding, and More<\/title>\n<meta name=\"description\" content=\"See all updates from ANY.RUN in June 2025, including Detonation Actions, enhanced QR decoding, 1,400 detection rules, and more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules\u00a0\",\"datePublished\":\"2025-07-02T13:40:30+00:00\",\"dateModified\":\"2025-07-02T13:40:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/\"},\"wordCount\":1346,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"features\",\"release\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/\",\"name\":\"Release Notes: Detonation Actions, Better QR Decoding, and More\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-07-02T13:40:30+00:00\",\"dateModified\":\"2025-07-02T13:40:32+00:00\",\"description\":\"See all updates from ANY.RUN in June 2025, including Detonation Actions, enhanced QR decoding, 1,400 detection rules, and more.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: Detonation Actions, Better QR Decoding, and More","description":"See all updates from ANY.RUN in June 2025, including Detonation Actions, enhanced QR decoding, 1,400 detection rules, and more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules\u00a0","datePublished":"2025-07-02T13:40:30+00:00","dateModified":"2025-07-02T13:40:32+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/"},"wordCount":1346,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","features","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/","name":"Release Notes: Detonation Actions, Better QR Decoding, and More","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-07-02T13:40:30+00:00","dateModified":"2025-07-02T13:40:32+00:00","description":"See all updates from ANY.RUN in June 2025, including Detonation Actions, enhanced QR decoding, 1,400 detection rules, and more.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-june-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/14592"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=14592"}],"version-history":[{"count":5,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/14592\/revisions"}],"predecessor-version":[{"id":14605,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/14592\/revisions\/14605"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/7723"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=14592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=14592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=14592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}