Release Notes: In-Browser Data Inspection, Torq Integration, and 1,100+ Threat Coverage Updates
Phishing pages don’t s 2026-7-1 11:57:11 Author: any.run(查看原文) 阅读量:2 收藏

Phishing pages don’t sit still anymore. They redirect, load scripts, harvest credentials through dynamic forms, and rebuild their DOM after the initial load — and most URL analysis workflows still only see the finish line, not the race. This June, ANY.RUN closed that gap directly inside the Interactive Sandbox and extended its automation reach with a new integration built for scale. 

Here’s what your team can put to work this month: full browser-level visibility for every URL analysis, a no-code path to embed ANY.RUN in Torq playbooks, and over 1,100 new detections across behavior signatures, Suricata rules, and YARA rules. 

Product Updates 

June’s releases focus on closing the visibility gap in phishing investigations and giving SOC and MSSP teams a faster route from alert to automated response. The headline update is in-browser data inspection, a new investigation layer in the Interactive Sandbox, alongside a new integration with the Torq AI SOC Platform. 

Closing the Phishing Blind Spot with In-Browser Data Inspection

Modern phishing campaigns rarely stop at a malicious URL. They rely on dynamic content, JavaScript, multi-stage redirects, credential harvesting forms, and browser-based tricks that often remain invisible to traditional analysis methods. 

This month, ANY.RUN introduced In-Browser Data Inspection, a new capability that captures browser-rendered content during URL analysis, revealing exactly what users would experience when interacting with a suspicious website. 

Instead of relying solely on page source or network data, analysts can now inspect: 

  • Fully rendered web pages and dynamic content; 
  • Phishing forms and credential collection attempts; 
  • Client-side JavaScript execution; 
  • Redirect chains and browser behavior; 
  • Hidden elements designed to evade detection.
See all URL details, DOM changes, network requests, and IOCs in one place 

For SOC analysts, this means fewer blind spots during phishing investigations and faster validation of suspicious URLs. 

For security managers and CISOs, it means higher confidence in phishing detection, quicker incident triage, and better protection against increasingly sophisticated browser-based attacks. 

Scaling Triage and Response with the ANY.RUN & Torq Integration

Alert volume keeps growing faster than SOC headcount, and every alert that lands without context costs an analyst time they don’t have. ANY.RUN’s new integration with the Torq AI SOC Platform puts conclusive malware and phishing verdicts directly into the automated workflows teams already build in Torq: no custom code, no months-long rollout. 

The integration ships with five ready-to-use Torq HyperAgents™ covering two workflow types: case-based templates that pull observables straight from an open Torq case for enrichment, and standalone sandbox workflows that accept a URL or file as input and return a full verdict, IOC list, and report link anywhere in a custom automation chain. Results — reputation data, threat names, tags, and structured JSON — land directly in Torq Case Management, ready to branch on. 

Teams integrating ANY.RUN into Torq gain: 

  • Faster incident resolution, with an average MTTR reduction of 21 minutes per case. 
  • Operational scaling without added headcount, as HyperAgents absorb routine Tier 1 enrichment work. 
  • Zero development overhead, with a no-code setup that’s live in minutes rather than months. 
  • Standardized investigation logic, so every alert is checked against the same high-fidelity criteria regardless of analyst experience. 
  • Higher ROI on existing tools, as ANY.RUN enriches the SIEM, EDR, and XDR data already flowing into Torq. 
ANY.RUN’s Sandbox provides fast case enrichment in Torq

The integration is available on ANY.RUN Threat Intelligence and Interactive Sandbox plans with API access, giving SOC and MSSP teams a direct path to scale triage and response without scaling the team itself. 

Threat Coverage Updates

Keeping pace with evolving malware remains a core priority for our detection team. During June, we significantly expanded threat coverage with:

  • 1,055 new Suricata rules,
  • 65 new behavior signatures,
  • 14 new YARA rules.

These additions improve detection across network traffic, behavioral activity, and malware samples, helping analysts identify emerging threats faster while increasing investigation accuracy. The continuous expansion of detection logic also strengthens the quality of intelligence powering ANY.RUN’s Interactive Sandbox and Threat Intelligence solutions.

New Behavior Signatures

The 65 new behavior signatures added this month target malware-specific activity helping analysts confirm what a sample actually does inside the sandbox, rather than inferring it from static traits alone. Coverage this month spans commodity stealers and loaders, RATs, and ransomware families active across recent phishing and malvertising campaigns.

Highlighted detections include: 

New Suricata Rules

A total of 1,055 new Suricata rules were implemented in June to improve visibility into malicious network activity, including:

  • Phishing Redirect Engine related URL (sid: 89003883) – Identifies various PhaaS operators’ infrastructure used as routing layer, delivering victim to specific phishkit landing pages.
  • Adobe-themed RMM phishing (sid: 84003399) – Tracks attempts to lure user into installing remote management tool, disguised as shared secure documents.
  • SilentNet CnC HTTP activity (sid: 84003444) – Detects SilentNet attempts to communicate with its C2-server.

About ANY.RUN 

ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, helps businesses and organizations strengthen security operations with faster threat understanding andclearer evidence for response.

Its solutions include the Interactive Sandbox for enterprise-scale malware and phishing analysis, as well as Threat Intelligence solutions built on investigation data from more than 15,000 organizations. This intelligence helps security teams enrich alerts, detect active threats earlier, and support investigation and response workflows with relevant context.

ANY.RUN is SOC 2 Type II attested, reflecting its strong security controls and commitment to protecting customer data. For SOCs, MSSPs, and enterprise teams, the platform helps reduce investigationuncertainty, improve triage speed, and turn threat analysis into actionable insights for faster, better-informed decisions.

Integrate ANY.RUN into your SOC workflow → 


文章来源: https://any.run/cybersecurity-blog/release-notes-june-2026/
如有侵权请联系:admin#unsafe.sh