{"id":21452,"date":"2026-06-03T10:22:21","date_gmt":"2026-06-03T10:22:21","guid":{"rendered":"https:\/\/any.run\/cybersecurity-blog\/?p=21452"},"modified":"2026-06-03T11:20:19","modified_gmt":"2026-06-03T11:20:19","slug":"release-notes-may-2026","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/","title":{"rendered":"Release Notes: Decision-Ready SOC Reporting, Elastic Security Integration, and 1400+ Threat Coverage Updates"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Security leaders are under growing pressure to reduce the time between threat detection and response without adding more complexity to already overloaded SOC workflows. ANY.RUN\u2019s May updates help teams act on security risks more efficiently, improve consistency across investigations, and maintain stronger protection as attacker tactics continue to evolve.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Discover the updates your team can use to strengthen SOC performance, reduce response delays, and stay ahead of emerging&nbsp;threats.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Product&nbsp;Updates<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In May, ANY.RUN introduced new capabilities to help SOC and MSSP teams reduce investigation delays, improve threat visibility, and make faster response decisions. The updates include decision-ready Tier 1 Reports with AI-powered insights and a new <a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a> integration with Elastic Security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Reduce&nbsp;Investigation&nbsp;Delays&nbsp;with&nbsp;Decision-Ready&nbsp;Tier&nbsp;1&nbsp;Reports&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">SOC teams can now generate structured <a href=\"https:\/\/any.run\/cybersecurity-blog\/soc-ready-reporting\/\" target=\"_blank\" rel=\"noreferrer noopener\">Tier 1 Reports<\/a> directly in ANY.RUN\u2019s <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a>, turning complex analysis findings into clear, actionable intelligence for faster response decisions.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"569\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-08.57.59-1024x569.png\" alt=\"Tier 1 Reports available in ANY.RUN sandbox \" class=\"wp-image-21453\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-08.57.59-1024x569.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-08.57.59-300x167.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-08.57.59-768x427.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-08.57.59-1536x853.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-08.57.59-2048x1138.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-08.57.59-370x206.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-08.57.59-270x150.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-08.57.59-740x411.png 740w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Tier 1&nbsp;Reports&nbsp;available&nbsp;in&nbsp;ANY.RUN&nbsp;sandbox<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Instead of reviewing raw technical data or rebuilding investigation context during escalations, teams receive a ready-to-use report with a threat verdict, key IOCs, behavioral indicators, and MITRE ATT&amp;CK mapping. Each report also includes an AI Summary with threat classification, a concise overview of the incident, and recommendations for the next response steps.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"685\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-summary.png-1024x685.webp\" alt=\"\" class=\"wp-image-21454\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-summary.png-1024x685.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-summary.png-300x201.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-summary.png-768x514.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-summary.png-1536x1027.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-summary.png-370x247.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-summary.png-270x181.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-summary.png-740x495.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-summary.png.webp 1890w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>AI Summary providing a clear, structured overview of the&nbsp;threat<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">This gives SOC managers, Heads of SOC, and CISOs a clearer view of incident severity, potential business impact, and response priorities while helping teams move cases forward without unnecessary delays.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"615\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-recommendations-1024x615.png\" alt=\"AI Recommendations generated by ANY.RUN's sandbox\" class=\"wp-image-21459\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-recommendations-1024x615.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-recommendations-300x180.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-recommendations-768x461.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-recommendations-1536x922.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-recommendations-2048x1230.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-recommendations-370x222.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-recommendations-270x162.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/ai-recommendations-740x444.png 740w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>AI Recommendations generated by ANY.RUN&#8217;s sandbox<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">With&nbsp;Tier&nbsp;1&nbsp;Reports,&nbsp;your&nbsp;SOC&nbsp;can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Accelerate alert triage:<\/strong> Help Tier 1 teams validate threats and make faster escalation decisions.<\/li>\n\n\n\n<li><strong>Reduce investigation delays:<\/strong> Give Tier 2 and incident response teams structured context without requiring them to reconstruct the case from raw data.<\/li>\n\n\n\n<li><strong>Improve&nbsp;SOC&nbsp;efficiency:<\/strong>&nbsp;Reduce&nbsp;repetitive&nbsp;reporting&nbsp;work&nbsp;and&nbsp;free&nbsp;senior&nbsp;teams&nbsp;to&nbsp;focus&nbsp;on&nbsp;high-priority&nbsp;incidents.&nbsp;<\/li>\n\n\n\n<li><strong>Strengthen business-risk visibility:<\/strong> Help decision-makers understand which threats require urgent action and where response efforts should be focused.<\/li>\n\n\n\n<li><strong>Standardize incident reporting:<\/strong> Create consistent, easy-to-share reports for faster internal communication and more informed decisions.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Unlimited Tier 1 Report generation, including AI Summary and Recommendations, is available with <a href=\"https:\/\/any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoplans#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\">Enterprise Suite and Hunter plans<\/a>. Free plan users receive five shared generations.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nTurn sandbox analysis into confident&nbsp;SOC decisions<br>\n\nwith <span class=\"highlight\">interactive investigations&nbsp;<\/span>and&nbsp;<span class=\"highlight\">refined reporting<\/span>\n\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release-notes-may-2026&#038;utm_term=030626&#038;utm_content=linktoenterprise#contact-sales\" rel=\"noopener\" target=\"_blank\">\nPower Your SOC with ANY.RUN<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">ANY.RUN&nbsp;Threat&nbsp;Intelligence&nbsp;Feeds&nbsp;Are&nbsp;Now&nbsp;Available&nbsp;in&nbsp;Elastic&nbsp;Security&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">SOC and MSSP teams can now integrate ANY.RUN <a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a> directly into <a href=\"https:\/\/www.elastic.co\/security\/siem\" target=\"_blank\" rel=\"noreferrer noopener\">Elastic Security<\/a> to bring fresh, sandbox-backed IOCs into their existing workflows.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Built from live sandbox investigations across more than 15,000 organizations and a community of 600,000 security professionals, ANY.RUN Threat Intelligence Feeds provide indicators linked to activephishing, malware delivery, and attacker campaigns.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Once configured, the integration ingests IP addresses, domains, URLs, and other IOCs into Elastic Security on a scheduled basis. Each indicator includes additional context and a direct link to the related sandbox report, helping teams quickly understand threat behavior and TTPs.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"505\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/elastic.png-1024x505.webp\" alt=\"IOC overview of Threat Intelligence Feeds inside Elastic Security \" class=\"wp-image-21455\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/elastic.png-1024x505.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/elastic.png-300x148.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/elastic.png-768x379.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/elastic.png-1536x758.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/elastic.png-370x182.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/elastic.png-270x133.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/elastic.png-740x365.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/elastic.png.webp 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>IOC overview of&nbsp;Threat&nbsp;Intelligence&nbsp;Feeds&nbsp;inside&nbsp;Elastic Security<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Here&nbsp;is&nbsp;what&nbsp;your&nbsp;team&nbsp;gains:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Detect threats early:<\/strong> Use fresh indicators from live attacks to identify malicious activity sooner.<\/li>\n\n\n\n<li><strong>Validate alerts with real context:<\/strong> Use sandbox-backed evidence instead of relying only on static indicators.<\/li>\n\n\n\n<li><strong>Reduce&nbsp;manual&nbsp;work:<\/strong>&nbsp;Eliminate&nbsp;repetitive&nbsp;enrichment&nbsp;steps&nbsp;and&nbsp;tool&nbsp;switching.&nbsp;<\/li>\n\n\n\n<li><strong>Improve detection quality:<\/strong> Use high-confidence indicators in detection rules and correlation logic.<\/li>\n\n\n\n<li><strong>Speed up triage and response:<\/strong> Access additional context directly in Elastic Security and make faster decisions.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The plug-and-play integration is available to teams with an active Threat Intelligence Feeds license (<a href=\"https:\/\/intelligence.any.run\/plans?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktotiplans\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Live or Complete subscriptions<\/a>).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.elastic.co\/docs\/reference\/integrations\/ti_anyrun\" target=\"_blank\" rel=\"noreferrer noopener\">Integrate ANY.RUN&nbsp;Threat&nbsp;Intelligence&nbsp;Feeds&nbsp;with Elastic Security \u2192<\/a>&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Threat&nbsp;Coverage&nbsp;Updates&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In <strong>May<\/strong>, the detection team continued to strengthen ANY.RUN\u2019s threat coverage by adding <strong>120 new behavior signatures<\/strong>, <strong>1,327 new Suricata rules<\/strong>, and <strong>7 new YARA rules<\/strong>. These additions expand detection capabilities across suspicious behaviors, network-level activities, and file-based indicators.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">New&nbsp;Behavior&nbsp;Signatures&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The <strong>120 new behavior signatures<\/strong> added in May cover malware-specific activities, mutex indicators, and exploitation-related behavior. These signatures focus on observable actions and artifacts that appear duringdetonation, helping security teams confirm sample behavior within the sandbox.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Highlighted&nbsp;detections&nbsp;include:&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group is-layout-grid wp-container-core-group-is-layout-9d260ee2 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/961375ba-d7a4-4b66-b04d-08bf138729ce\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>ASYNCRAT<\/strong><\/a>&nbsp;(mutex)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/60ad7bcd-5e85-4c6b-9e17-7c20f199d318\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>SHEETRAT<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5a7809bf-6f35-4bf0-8f86-4573a2f14be3?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>RICIN<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/839c2d61-4169-416a-953e-93f01bc62654?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>KONG<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f14d7692-ddb2-464b-b62f-fbe1306efb06?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>SILVION<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/ec00028f-e071-484d-9c9a-29c7a1052e3a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>SAGE<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a9d8ecff-7c7d-4a3c-80da-76e70ca8cc26\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>STEALC<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/60773dd2-262f-45f5-8a4e-38f7102bfbb2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>BLANKGRABBER<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/8b889c46-e5a6-4153-9d13-16a03ffe76d8?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>EXILENCE<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/b6e758fb-74a9-4225-90a5-56f3e5056a56\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>BERBEW<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/16f14270-37fe-4f87-85a6-235dd47020ad?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>PCLOCKER<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/706a4e50-1970-4e7a-bcb4-f417f2a5026b?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>EXITIUM<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/4b8281cd-031e-45c6-a5eb-53f74fc6ad5e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>OBLIVION<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/cc9a5ba5-2242-4d0e-8200-675e233ddd96?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>SPIDEYLOADER<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f1bc8ea8-78e1-462e-989b-2391f0e1490d?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>MAKOP<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1c13178d-d97a-4150-bd7a-1eb93a476e0d?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>1BYTE<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/dea19a66-25cb-4224-820a-ef93c62fb2d1\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>CLEARWATER<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/9c00069f-e180-4c64-928c-3c2bfcf490ee\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>XRED<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/807bf35a-2912-4541-ae11-6bdf901c9ef9?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>MORPH<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/b65c1bd1-1983-4b20-8ea5-3ffabe58437e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>SMUKX<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n<\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"604\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/threat-analysis-1024x604.png\" alt=\"\" class=\"wp-image-21456\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/threat-analysis-1024x604.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/threat-analysis-300x177.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/threat-analysis-768x453.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/threat-analysis-1536x907.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/threat-analysis-2048x1209.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/threat-analysis-370x218.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/threat-analysis-270x159.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/threat-analysis-740x437.png 740w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>P3TY&nbsp;ransomware&nbsp;analyzed&nbsp;inside&nbsp;ANY.RUN&nbsp;sandbox<\/em>&nbsp;<\/figcaption><\/figure>\n<\/div>\n\n\n<div class=\"wp-block-group is-layout-grid wp-container-core-group-is-layout-9d260ee2 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5d8e7b3c-61f3-4cd1-ba83-6b0af7bdb769?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>CLIPBANKER<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0f3b32a4-e8e7-4e50-91ee-89635200fae7?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>RAZY<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/3aeba3a8-6b15-4bcd-b9b0-04524f306b83?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>SILENTSTEALER<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/34cde5c7-6cb9-4d8a-b93e-b9410daa0497?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>SIGMABOT<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/89d19890-eabf-43ad-811d-355fa205ad7d?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>BANANARAT<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/29f9b9af-419f-4e05-83e0-9c0b440ffe26?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>BENSAGENT<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0d5a6db1-0c88-4432-b488-d19d86c6f1d5?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>NFCMULTIPAY<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/ea9405f5-5014-41c4-b4ee-8a5dbd12a5cb?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>LALIA<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f66dead4-fba7-44a1-8f1d-648244eb6a71?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>GOVTI<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/ba774e48-66a4-4479-b1db-209160d9cb9f?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>EIMERIA<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/15530303-40f2-4eb4-b18f-94c94025c5ee?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>NETHERHOUND<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/99036e9e-0805-424a-b1a6-33246d1c003c?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>LUCID<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6b6e342c-2f7e-4db1-8531-30223183e86a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>P3TY<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0bdba134-a44d-419d-9ecf-1989d7ea64ca?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>CCLAND<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1b74929e-034a-4986-984e-a1f78bcda121?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>NBLOCK<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1dedeffe-1a9e-4c72-92c8-aaebfb7da897?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>EVOLUTION<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/ec258c18-dab3-468c-8f38-2880aca616b9?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>LARPBIN<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f3ba937e-6eb8-4da1-83ed-df321aa88915?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>PHENO<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/708e77a5-d162-4719-a460-7bf548ec38d2?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>SORRY<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/9df93ac3-c579-4c80-b1cd-abf902db8352?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>PINAAOX<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n<\/div>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nCut response delays before threats become costly incidents.<br>\n<span class=\"highlight\">Give your SOC faster, evidence-backed decisions<\/span>\n\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoenterprise#contact-sales\" rel=\"noopener\" target=\"_blank\">\nIntegrate in your SOC<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Tools, RMM &amp;&nbsp;Exploitation:<\/strong>&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group is-layout-grid wp-container-core-group-is-layout-9d260ee2 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e51635ad-a2fa-486f-a77f-e37ae4ddbf26?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>RCLONE tool<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f3347758-2e51-49b9-ae2b-7a70fca66bd6\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>HIDEUL tool<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e38135e4-6c04-43df-8048-beb16a09d77d?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>TIFLUX<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7845d74a-9317-425c-9bab-e08ce5385864?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>REMSUPP<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/ff92119d-b536-4645-abdc-034b84b518fe?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>CONTROLIO<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/597b1835-2434-46dc-976e-c26c183d22ef?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>CVE-2026-31431<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\">New&nbsp;Suricata&nbsp;Rules&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A total of <strong>1,327 new Suricata rules<\/strong> were implemented in May to improve visibility into malicious network activity, including phishing kit communications and C2 check-ins.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Generic Fake Captcha HTTP activity (sid: 85007558):<\/strong> Detects fake captcha implementations used in the execution chains of various phishing campaigns.<\/li>\n\n\n\n<li><strong>DrimKit related HTTP GET request (sid: 85007566):<\/strong> Identifies activity associated with the emerged phishing kit known as DrimKit.<\/li>\n\n\n\n<li><strong>Tycoon2FA related JS file in HTTP response (sid: 84003241):<\/strong> Tracks client-side code loaded by phishing pages related to Tycoon2FA.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">New&nbsp;Threat&nbsp;Intelligence&nbsp;Reports&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In May, ANY.RUN released three new <a href=\"https:\/\/intelligence.any.run\/reports?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktottireports\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Threat Intelligence Reports<\/strong><\/a> providing in-depth analysis of recent malware activity and attacker techniques. These reports are available to <a href=\"https:\/\/intelligence.any.run\/plans?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030526&amp;utm_content=linktotiplans\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>TI Lookup Premium<\/strong><\/a> subscribers tosupport faster investigations.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"540\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-09.22.04-1024x540.png\" alt=\"Threat Intelligence Reports available for deeper analysis\" class=\"wp-image-21457\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-09.22.04-1024x540.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-09.22.04-300x158.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-09.22.04-768x405.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-09.22.04-1536x811.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-09.22.04-2048x1081.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-09.22.04-370x195.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-09.22.04-270x142.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-09.22.04-740x391.png 740w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Threat&nbsp;Intelligence&nbsp;Reports&nbsp;available&nbsp;for&nbsp;deeper&nbsp;analysis<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/2026-05-07-threat-brief-clipbanker-kycshadow-slotagent\" target=\"_blank\" rel=\"noreferrer noopener\">CLIPBANKER, KYCSHADOW, and SLOTAGENT<\/a>: Analysis focusing on clipboard hijacking and related malicious agents.<\/li>\n\n\n\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/2026-05-13-threat-brief-sheetrat-lotus-wiper-cloudz\" target=\"_blank\" rel=\"noreferrer noopener\">SHEETRAT, LOTUS WIPER, and CLOUDZ<\/a>: Detailed examination of this RAT and associated wiper\/cloud-based threats.<\/li>\n\n\n\n<li><a href=\"https:\/\/intelligence.any.run\/reports\/2026-05-22-threat-brief-stealc-nfcmultipay-nwhstealer\" target=\"_blank\" rel=\"noreferrer noopener\">STEALC, NFCMULTIPAY, and NWHSTEALER<\/a>: Coverage of these specific stealers and their operational behaviors.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About&nbsp;ANY.RUN&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, helps businesses and organizations strengthen security operations with faster threat understanding andclearer evidence for response.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Its solutions include the <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> for enterprise-scale malware and phishing analysis, as well as <a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence<\/a> solutions built on investigation data from more than 15,000 organizations. This intelligence helps security teams enrich alerts, detect active threats earlier, and support investigation and response workflows with relevant context.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">ANY.RUN is <a href=\"https:\/\/any.run\/compliance\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030626&amp;utm_content=linktocompliance\" target=\"_blank\" rel=\"noreferrer noopener\">SOC 2 Type II attested<\/a>, reflecting its strong security controls and commitment to protecting customer data. For SOCs, MSSPs, and enterprise teams, the platform helps reduce investigationuncertainty, improve triage speed, and turn threat analysis into actionable insights for faster, better-informed decisions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release-notes-may-2026&amp;utm_term=030526&amp;utm_content=linktoenterprise#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Integrate ANY.RUN into your SOC workflow \u2192<\/strong><\/a><strong><\/strong>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security leaders are under growing pressure to reduce the time between threat detection and response without adding more complexity to already overloaded SOC workflows. ANY.RUN\u2019s May updates help teams act on security risks more efficiently, improve consistency across investigations, and maintain stronger protection as attacker tactics continue to evolve. Discover the updates your team can [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":15741,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9],"tags":[57,10,55,56],"class_list":["post-21452","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Release Notes: Elastic Integration, Tier 1 Reports &amp; 1,400+ Threat Updates<\/title>\n<meta name=\"description\" content=\"Explore ANY.RUN\u2019s May updates: Tier 1 Reports with AI Summary, Elastic Security integration, and new threat coverage updates for faster SOC response.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"headline\":\"Release Notes: Decision-Ready SOC Reporting, Elastic Security Integration, and 1400+ Threat Coverage Updates\",\"datePublished\":\"2026-06-03T10:22:21+00:00\",\"dateModified\":\"2026-06-03T11:20:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/\"},\"wordCount\":1237,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"image\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/Release-notes.png\",\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"release\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/\",\"url\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/\",\"name\":\"Release Notes: Elastic Integration, Tier 1 Reports & 1,400+ Threat Updates\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/Release-notes.png\",\"datePublished\":\"2026-06-03T10:22:21+00:00\",\"dateModified\":\"2026-06-03T11:20:19+00:00\",\"description\":\"Explore ANY.RUN\u2019s May updates: Tier 1 Reports with AI Summary, Elastic Security integration, and new threat coverage updates for faster SOC response.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/#primaryimage\",\"url\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/Release-notes.png\",\"contentUrl\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/Release-notes.png\",\"width\":1400,\"height\":680,\"caption\":\"release notes new\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/release-notes-may-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/category\\\/service-updates\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: Decision-Ready SOC Reporting, Elastic Security Integration, and 1400+ Threat Coverage Updates\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/any.run\\\/\",\"url\":\"https:\\\/\\\/any.run\\\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/any.run\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/any.run\\\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\\\/\\\/any.run\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/any.run\\\/\",\"url\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/www.any.run\\\/\",\"https:\\\/\\\/x.com\\\/anyrun_app\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/30692044\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/any.run\\\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/author\\\/a-bespalova\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: Elastic Integration, Tier 1 Reports & 1,400+ Threat Updates","description":"Explore ANY.RUN\u2019s May updates: Tier 1 Reports with AI Summary, Elastic Security integration, and new threat coverage updates for faster SOC response.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release Notes: Decision-Ready SOC Reporting, Elastic Security Integration, and 1400+ Threat Coverage Updates","datePublished":"2026-06-03T10:22:21+00:00","dateModified":"2026-06-03T11:20:19+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/"},"wordCount":1237,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"image":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/#primaryimage"},"thumbnailUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/Release-notes.png","keywords":["ANYRUN","cybersecurity","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/","name":"Release Notes: Elastic Integration, Tier 1 Reports & 1,400+ Threat Updates","isPartOf":{"@id":"https:\/\/any.run\/"},"primaryImageOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/#primaryimage"},"image":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/#primaryimage"},"thumbnailUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/Release-notes.png","datePublished":"2026-06-03T10:22:21+00:00","dateModified":"2026-06-03T11:20:19+00:00","description":"Explore ANY.RUN\u2019s May updates: Tier 1 Reports with AI Summary, Elastic Security integration, and new threat coverage updates for faster SOC response.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/#primaryimage","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/Release-notes.png","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/Release-notes.png","width":1400,"height":680,"caption":"release notes new"},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-may-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: Decision-Ready SOC Reporting, Elastic Security Integration, and 1400+ Threat Coverage Updates"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/x.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/21452","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=21452"}],"version-history":[{"count":17,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/21452\/revisions"}],"predecessor-version":[{"id":21486,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/21452\/revisions\/21486"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/15741"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=21452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=21452"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=21452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}