{"id":17548,"date":"2025-12-29T12:36:53","date_gmt":"2025-12-29T12:36:53","guid":{"rendered":"\/cybersecurity-blog\/?p=17548"},"modified":"2025-12-29T12:53:04","modified_gmt":"2025-12-29T12:53:04","slug":"release-notes-december-2025","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/","title":{"rendered":"Release Notes: AI\u00a0Sigma Rules, Live Threat\u00a0Landscape &amp; 1,700+ New Detections"},"content":{"rendered":"\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&nbsp;is&nbsp;wrapping up 2025 with updates that take pressure off your SOC and help your team work faster. You can now get <a href=\"https:\/\/any.run\/cybersecurity-blog\/ai-sigma-rules\/\" target=\"_blank\" rel=\"noreferrer noopener\">AI\u2011generated Sigma<\/a> rules, track threats by <a href=\"https:\/\/any.run\/cybersecurity-blog\/industry-geo-threat-landscape\/\" target=\"_blank\" rel=\"noreferrer noopener\">industry and region<\/a>, and detect new campaigns with better speed and accuracy.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Let\u2019s&nbsp;see what these improvements bring to your security stack.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Product Updates&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industry &amp; Geo Threat Landscape in TI Lookup&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"936\" height=\"558\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-12.png\" alt=\"\" class=\"wp-image-17553\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-12.png 936w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-12-300x179.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-12-768x458.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-12-370x221.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-12-270x161.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-12-740x441.png 740w\" sizes=\"(max-width: 936px) 100vw, 936px\" \/><figcaption class=\"wp-element-caption\"><em>Industry &amp; geo threat landscape data for the Tycoon2FA&nbsp;phishkit<\/em><\/figcaption><\/figure><\/div>\n\n\n<p><a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a> now gives every indicator extra context showing which <a href=\"https:\/\/any.run\/cybersecurity-blog\/industry-geo-threat-landscape\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>industries<\/strong> and <strong>countries<\/strong><\/a> are linked to the threat of your industry and where similar activity is trending. It&#8217;s an easy way to see whether a threat actually affects your business or if it&#8217;s just background noise.<\/p>\n\n\n\n<p>Built on live data from more than&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-from-organizations\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>15,000 organizations<\/strong><\/a>, this update helps your team tighten detection focus and reduce blind spots:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>See what matters first:<\/strong>&nbsp;Identify&nbsp;threats targeting your market or region so you can prioritize high\u2011risk activity.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Triage faster:<\/strong>&nbsp;Skip irrelevant alerts and go straight to the ones that match your exposure.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Work with better insight:<\/strong>&nbsp;Use targeted intelligence to guide hunts, automate enrichment, and improve MTTD.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>With&nbsp;TI Lookup,&nbsp;you spot threats earlier, respond faster, and keep your attention where it counts.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nThe threat landscape changes fast <br> Now <span class=\"highlight\">your SOC<\/span> can move with it<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=industry_geo_threat_landscape&#038;utm_term=091225&#038;utm_content=linktotilookup\" target=\"_blank\" rel=\"noopener\">\nTry TI Lookup<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">AI Sigma Rules in ANY.RUN Sandbox&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"901\" height=\"553\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-7.png\" alt=\"\" class=\"wp-image-17554\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-7.png 901w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-7-300x184.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-7-768x471.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-7-370x227.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-7-270x166.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-7-740x454.png 740w\" sizes=\"(max-width: 901px) 100vw, 901px\" \/><figcaption class=\"wp-element-caption\"><em>AI Sigma Rules displayed inside ANY.RUN sandbox<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>The new&nbsp;<strong>AI Sigma Rules<\/strong>&nbsp;feature in the&nbsp;<a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=AI_Sigma_Rules&amp;utm_term=111225&amp;utm_content=linktosandbox\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a>&nbsp;turns your confirmed detections into ready\u2011to\u2011use Sigma rules automatically. Instead of spending hours writing them by hand, you can now take the rule straight from the sandbox and add it to&nbsp;your&nbsp;<a href=\"https:\/\/any.run\/integrations\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktointegrations\" target=\"_blank\" rel=\"noreferrer noopener\">SIEM or SOAR<\/a>&nbsp;in seconds.&nbsp;<\/p>\n\n\n\n<p>The rules are created from the same processes, files, and network events you see in the sandbox, so they stay closely tied to real attacker behavior. That means better accuracy and quicker response without extra effort.&nbsp;<\/p>\n\n\n\n<p>Here\u2019s&nbsp;what you gain:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Less manual work:<\/strong>&nbsp;Every confirmed threat instantly becomes a reusable detection rule.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Better coverage:<\/strong>&nbsp;Each investigation now improves how your SOC spots similar attacks later.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster action:<\/strong>&nbsp;Analysts spend less time writing rules and more time acting on real signals.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nCut MTTR by 21\u00a0min and\u00a0reduce MTTD to 15 sec <br> Request trial of <span class=\"highlight\">ANY.RUN\u2019s Enterprise plan<\/span><\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_dec_25&#038;utm_term=060126&#038;utm_content=linktoenterpriseform#contact-sales\" target=\"_blank\" rel=\"noopener\">\nContact us<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Threat Coverage Updates&nbsp;<\/h2>\n\n\n\n<p>In December, our detection team rolled out another wave of coverage improvements with:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>86 new behavior signatures<\/strong>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>13 new YARA rules<\/strong>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>1,686 new Suricata rules<\/strong>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These updates enhance phishing detection, expand coverage of stealers, loaders, and RATs, and clean up false positives across multi\u2011stage attacks.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">New Behavior Signatures&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-11-1024x555.png\" alt=\"\" class=\"wp-image-17555\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-11-1024x555.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-11-300x163.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-11-768x416.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-11-1536x832.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-11-370x200.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-11-270x146.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-11-740x401.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-11.png 1840w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>SHINYSPIDER malware detonated inside ANY.RUN&#8217;s Interactive Sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Fresh signatures add visibility into persistence, lateral movement, and abuse of system tools seen across mixed environments.&nbsp;<\/p>\n\n\n\n<p>Highlighted families include:&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-1 wp-block-group-is-layout-grid\">\n<p><a href=\"https:\/\/app.any.run\/tasks\/31cfbaf7-3eb3-4a5c-b1c1-038b61ba02d2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">JIGSAW<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/f83dcae6-cc00-4735-9885-36db6074859d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">AMATERA<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/f674f002-32df-44fc-9ab9-41f7d8d834da\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SHINYSPIDER<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/08ce632e-b1cd-4b94-b75e-c81cc0de2bce\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SOLIMBA<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/0d319dfe-7587-47fb-a419-bbe4bc590d29\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">DROIDLOCK<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/960729bc-361d-41fc-8cb2-85b3160d4bbe\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">XMRIG loader<\/a><\/p>\n<\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><br>These detections help analysts catch miner and loader activity earlier and recognize evasion tricks like rundll32 abuse or PowerShell obfuscation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">New YARA Rules&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"578\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-8-1024x578.png\" alt=\"\" class=\"wp-image-17557\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-8-1024x578.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-8-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-8-768x433.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-8-1536x867.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-8-370x209.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-8-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-8-740x418.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-8.png 1554w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>OCTORAT process&nbsp;identified&nbsp;by ANY.RUN\u2019s Interactive Sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>We added&nbsp;<strong>13 YARA rules<\/strong>&nbsp;to improve detection across new malware strains and living\u2011off\u2011the\u2011land tools.&nbsp;<\/p>\n\n\n\n<p>Highlighted families are <a href=\"https:\/\/app.any.run\/tasks\/aa88879d-fb3e-4a9e-b266-e1e0763b09ea\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">STEAL1<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/5faaad57-f191-4bfc-94b0-b46d96485a78\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">SANTASTEALER<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/dd725478-4099-4dc4-9823-4dab967741f3\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">UNIXSTEALER<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/71e543f3-b693-4ae5-9e3d-19275f594d34\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">OCTORAT<\/a>, <a href=\"https:\/\/app.any.run\/tasks\/bf9fd251-4558-4876-a338-eb43339f6d00\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">DonutLoader<\/a>.<\/p>\n\n\n\n<p>These cover credential theft, modular loaders, and dual\u2011use administrative tools to ensure better coverage for both Windows and Linux\u2011based systems.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">New Suricata Rules&nbsp;<\/h3>\n\n\n\n<p>We\u2019ve&nbsp;added&nbsp;<strong>1,686 Suricata rules<\/strong>&nbsp;targeting phishing, botnet activity, and evasive network behaviors often missed by standard IDS.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f6824607-80a7-4dd0-ab24-f4f064694dfd\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Cephas phish\u2011kit detection<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/16e74119-4270-40c7-b450-be07c9cb9f6b\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">PulsarRAT commands and connections<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a85696de-1479-4047-bc64-8c6a69f2259c\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Udados botnet HTTP activity<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Together, these bring better coverage of C2 traffic, phishing domains, and low\u2011signal campaign infrastructure.&nbsp;<\/p>\n\n\n\n<p>Businesses that are constantly being bombarded by hundreds of hacker attacks daily can upgrade their proactive defense&nbsp;with&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Threat Intelligence Feeds<\/a>.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"656\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image5-8-1024x656.png\" alt=\"\" class=\"wp-image-17560\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image5-8-1024x656.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image5-8-300x192.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image5-8-768x492.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image5-8-1536x984.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image5-8-2048x1312.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image5-8-370x237.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image5-8-270x173.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image5-8-740x474.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Expand threat coverage and cut MTTR with ANY.RUN\u2019s TI Feeds<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Powered by&nbsp;sandbox&nbsp;analyses&nbsp;of the latest malware &amp; phishing samples&nbsp;across 15K SOCs,&nbsp;they deliver fresh, real-time malicious network IOCs to&nbsp;numerous&nbsp;companies around the globe. Enriched with detailed sandbox reports,&nbsp;TI Feeds&nbsp;not only help you catch emerging threats&nbsp;early but&nbsp;also provide your analysts with actionable intelligence for fast remediation, boosting your detection rate and driving down the MTTR.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nKeep your defense\u00a0up-to-date\u00a0with TI Feeds <br> Get 99% unique IOCs from live attacks <span class=\"highlight\">on 15K SOCs<\/span><\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/feeds\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_dec_25&#038;utm_term=060126&#038;utm_content=linktotifeedsservice\" target=\"_blank\" rel=\"noopener\">\nTry TI Feeds<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">Threat Intelligence Reports&nbsp;<\/h3>\n\n\n\n<p>In December we published new&nbsp;<a href=\"https:\/\/intelligence.any.run\/reports\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktotireports\" target=\"_blank\" rel=\"noreferrer noopener\">TI Reports<\/a>&nbsp;summarizing late\u2011year activity:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/6931905e156507eb84b88aec\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktotireports\" target=\"_blank\" rel=\"noreferrer noopener\">Sturnus, ShinySpider, and Tsundere<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/69440c66df2d202c2ce203c3\" target=\"_blank\" rel=\"noreferrer noopener\">GuLoader, Albiriox, and OctoRAT<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/693c03c33f01da084e83a564\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktotireports\" target=\"_blank\" rel=\"noreferrer noopener\">ShadowAgent and UDPGangster<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/12-19-end-of-year-phishing\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktotireports\" target=\"_blank\" rel=\"noreferrer noopener\">End of Year Phishing<\/a>&nbsp;(Available as part of the&nbsp;<a href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktotiplans\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup Premium subscription<\/a>)&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Each brief distills TTPs, campaigns, and IOCs from live submissions to help SOC teams&nbsp;anticipate&nbsp;what\u2019s&nbsp;next.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&nbsp;powers SOCs at more than&nbsp;<strong>15,000 organizations<\/strong>, giving them faster visibility into live threats through interactive sandboxing and cloud\u2011based intelligence.&nbsp;<\/p>\n\n\n\n<p>Our&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a>&nbsp;lets you analyze Windows, Linux, and Android samples in real time, watch the execution flow second\u2011by\u2011second, and pull IOCs instantly,&nbsp;no installs, no waiting. Combined with&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat&nbsp;Intelligence&nbsp;Lookup<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_dec_25&amp;utm_term=060126&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a>, you get a single&nbsp;workflow&nbsp;built to speed up investigation, cut MTTD and MTTR, and keep your SOC focused on the right threats.&nbsp;<\/p>\n\n\n\n<p>Start 2026 with faster detection, better&nbsp;threat intel, and less noise.&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_december_2025&amp;utm_term=121225&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Request trial of&nbsp;ANY.RUN\u2019s products<\/a>&nbsp;for your SOC.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ANY.RUN&nbsp;is&nbsp;wrapping up 2025 with updates that take pressure off your SOC and help your team work faster. You can now get AI\u2011generated Sigma rules, track threats by industry and region, and detect new campaigns with better speed and accuracy.&nbsp;&nbsp; Let\u2019s&nbsp;see what these improvements bring to your security stack.&nbsp; Product Updates&nbsp; Industry &amp; Geo Threat Landscape [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16650,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,54,55,56],"class_list":["post-17548","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-features","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: AI Sigma Rules, Industry Threat Landscape<\/title>\n<meta name=\"description\" content=\"Discover top updates of ANY.RUN in December 2025, including AI Sigma Rules, Industry Threat Landscape, and more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release Notes: AI\u00a0Sigma Rules, Live Threat\u00a0Landscape &amp; 1,700+ New Detections\",\"datePublished\":\"2025-12-29T12:36:53+00:00\",\"dateModified\":\"2025-12-29T12:53:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/\"},\"wordCount\":1011,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"features\",\"release\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/\",\"name\":\"Release Notes: AI Sigma Rules, Industry Threat Landscape\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-12-29T12:36:53+00:00\",\"dateModified\":\"2025-12-29T12:53:04+00:00\",\"description\":\"Discover top updates of ANY.RUN in December 2025, including AI Sigma Rules, Industry Threat Landscape, and more.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: AI\u00a0Sigma Rules, Live Threat\u00a0Landscape &amp; 1,700+ New Detections\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: AI Sigma Rules, Industry Threat Landscape","description":"Discover top updates of ANY.RUN in December 2025, including AI Sigma Rules, Industry Threat Landscape, and more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release Notes: AI\u00a0Sigma Rules, Live Threat\u00a0Landscape &amp; 1,700+ New Detections","datePublished":"2025-12-29T12:36:53+00:00","dateModified":"2025-12-29T12:53:04+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/"},"wordCount":1011,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","features","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/","name":"Release Notes: AI Sigma Rules, Industry Threat Landscape","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-12-29T12:36:53+00:00","dateModified":"2025-12-29T12:53:04+00:00","description":"Discover top updates of ANY.RUN in December 2025, including AI Sigma Rules, Industry Threat Landscape, and more.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-december-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: AI\u00a0Sigma Rules, Live Threat\u00a0Landscape &amp; 1,700+ New Detections"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/17548"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=17548"}],"version-history":[{"count":22,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/17548\/revisions"}],"predecessor-version":[{"id":18309,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/17548\/revisions\/18309"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/16650"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=17548"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=17548"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=17548"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}