The operator, Alexander Volosovik, also known as “Yalishanda”, “Downlow” and “Stas_vl,” ran a long-running bulletproof hosting operation used by top ransomware groups.

The UK’s National Crime Agency (NCA), working with international law enforcement agencies, has exposed and sanctioned Alexander Volosovik, also known online as “Yalishanda,” Downlow”, and “Stas\_vl” for running a long-standing bulletproof hosting operation that has supported major cybercrime and ransomware groups like LockBit, Evil Corp and BlackBasta.

Volosovik operated under the names Media Land LLC and ML.Cloud LLC, both based in Russia. According to the NCA, his infrastructure gave ransomware gangs and malware operators the tools to carry out cyber attacks that caused serious damage to organisations around the world, from financial losses to disrupted operations.

****Volosovik’s Hosting Helped 8chan Return After Takedown****

According to cybersecurity journalist Brian Krebs’ report from 2019, Volosovik is the world’s biggest “bulletproof” hosting operator. His infrastructure has been used to support a wide range of illegal online activity, from phishing sites to stolen data markets.

One notable case was the return of 8chan, later rebranded as 8kun, which came back online using IP space provided by Volosovik’s company, Media Land LLC. Despite facing widespread deplatforming, 8chan was able to resume operations through this hosting setup, which was designed to resist takedown efforts and obscure the identities of its clients.

Alexander Volosovik AKA Yalishanda (Image source: NCA UK)

Bulletproof hosting providers play a behind-the-scenes role in the cybercrime economy. They offer hosting that ignores abuse complaints, hides user identities, and actively resists takedowns by law enforcement. This makes them a valuable service for cybercriminals who want to operate with less risk of being stopped.

****Sanctions from the UK and Five Eyes****

The UK’s Foreign, Commonwealth and Development Office (FCDO) announced sanctions against Volosovik and three of his associates. This move was coordinated with similar actions from the US Treasury’s OFAC and Australia’s Department of Foreign Affairs and Trade.

The NCA said the action is part of a broader strategy to target support services that make cybercrime easier and more scalable. While ransomware operators often get the headlines, operations like Volosovik’s are what keep those attacks running behind the scenes.

To support the sanctions, the NCA and its Five Eyes partners (Australia, Canada, New Zealand, the US and the UK) have issued alerts to industry warning about the risks tied to bulletproof hosting services like Media Land and AEZA, another Russia-based bulletproof web hosting service.

Ransomware continues to be one of the most damaging forms of cybercrime. Victims in the UK and globally have included sectors like telecoms, finance and critical infrastructure. Hosting services that give safe infrastructure to ransomware groups make it harder for authorities to stop attacks before they spread.

Paul Foster, Deputy Director of the NCA’s National Cyber Crime Unit, said services like Media Land allow cybercriminals to launch and monetise attacks with confidence. He added that today’s coordinated action is designed to weaken that digital shield.

****Dutch Police Seize 250 Servers in Bulletproof Hosting Crackdown****

While the NCA says it will continue working with international allies to disrupt these operations and stop sanctioned services from abusing infrastructure within the UK, in a separate operation in the Netherlands, authorities seized around 250 physical servers used by an unknown bulletproof hosting provider that had been active since 2022 and linked to more than 80 cybercrime investigations

According to the Dutch Police’s press release, the service offered anonymous VPS and RDP access without identity verification or logs, which made it a go‑to platform for ransomware actors, phishing networks and malware operations.

Investigators now have access to the hardware and thousands of virtual servers taken offline, giving them a rare window into how back‑end infrastructure supports large‑scale cybercrime.

UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp

Hacker using the alias 888, claims to be selling Samsung Medison data taken through a third party breach, including internal files, keys and user info.

A hacker using the alias 888 on a cybercrime forum is offering internal records and data they claim belong to **Samsung**. In a post dated 13 November 2025, the hacker says the breach came from an attack on a third-party contractor, giving them access to data from several companies, including Samsung.

The hacker says the files include source code, private keys, SMTP credentials, configuration files, hardcoded credentials and user PII taken from a healthcare backup. The post also lists access to MSSQL and AWS S3. In a note, the hacker adds that the MSSQL and AWS S3 data were already exported and dumped, and that the access itself was an extra item they were offering.

While the exact size of the data remains unclear, it is being offered as a one-time sale, with the hacker asking interested buyers to submit offers through Keybase. Payment is in XMR, the privacy-focused cryptocurrency also known as Monero.

****Alleged Samsung Medison Data****

The screenshots shared by the hacker were analysed by Hackread.com and show what appears to be backend database content and cloud storage data from a Samsung Medison healthcare environment, including SQL tables, user/employee records, internal logs and exported cloud directories.

Screenshot from the hacker’s post (Image credit: Hackread.com)

**Samsung Medison Co., Ltd** is a South Korean medical device company owned by Samsung. It focuses on ultrasound systems and other medical imaging technologies used in hospitals and clinics.

Hackread.com has contacted Samsung for comment, and only the company can confirm or deny the material. If the files turn out to be real, the situation raises a clear privacy and security threat because the data shown includes names, emails, country details, SQL records and cloud logs tied to a healthcare setting. This type of information can be misused for targeting, intrusion or follow-up attacks.

The same hacker has a long record of breaches and leaks going back to the days of the now-closed Breach Forums. **In July 2024**, they released thousands of employee records tied to Microsoft and Nokia.

Hacker Selling Alleged Samsung Medison Data Stolen In 3rd Party Breach

Tel Aviv, Israel, 19th November 2025, CyberNewsWire

**Tel Aviv, Israel, November 19th, 2025, CyberNewsWire**

Seraphic, the leader in enterprise browser security (SEB) and AI enablement, today announced native protection for Electron-based applications such as ChatGPT desktop, Teams, Slack, and more, becoming the first and only browser security platform to introduce this capability.  

AI runs in the browser: SaaS applications, AI copilots, agentic browsers, and Electron apps all execute within a JavaScript-driven environment. Since Seraphic’s tech lives within the JavaScript Engine, the Seraphic platform is designed to serve the AI revolution and operate as the control point for securing any AI-powered browser such as Atlas, Comet, Leo, Dia, Genspark, and more, and any additional AI tool that interacts with the browser. The Seraphic Browser Security Platform offers inline DLP, safe browsing, remote connectivity and real-time visibility across all devices, whether managed or unmanaged. 

> “Existing solutions such as SASE, RBI, VDI, and even newer approaches like dedicated browsers or extension-based security tools struggle to support emerging technologies like AI and the Electron framework due to architectural limitations. Seraphic was built differently. Our design is inherently flexible because we operate at the core of the browser, not around it. As a result, when AI exploded, these capabilities emerged naturally and effortlessly for us,” said Ilan Yeshua, CEO & Co-Founder of Seraphic. 

Seraphic’s Electron app protection ties directly into its expanding AI Security features designed to protect enterprises as generative AI and LLM-based tools become central to daily workflows. Seraphic’s GenAI dashboard turns AI oversight from reactive to proactive, enabling organizations to adopt AI with confidence and protect against AI-driven threats. All this is achieved without making infrastructure changes and with no user friction. 

With Seraphic’s GenAI dashboard, enterprises get: 

*   **Complete AI Activity Visibility:** Real-time monitoring of all AI interactions, including prompts, uploads, downloads, and agentic behavior. 
*   **Shadow AI Detection:** Identifies unauthorized or high-risk AI tools and enforces granular access and usage guardrails. 
*   **Inline AI Data Protection (DLP):** Inspects prompts, pasted text, file uploads, and cross-tab activity before data leaves the device; blocks, masks, or watermarks sensitive content. 
*   **Protection for AI & Agentic Browsers:** Native enforcement for ChatGPT Atlas, Dia, Genspark, Comet, and other agentic tools, preventing token misuse, unauthorized automation, and AI-driven threats. 
*   **Electron Application Protection:** First-of-its-kind coverage for Electron apps. 

> “Seraphic gives organizations a single, lightweight control point that follows the user everywhere, securing any device, any browser, and now any Electron app without disrupting productivity or forcing architectural changes. By extending our enterprise browser security to Electron environments, we enable security teams to safely embrace AI, with the visibility and fine‑grained controls they need to keep sensitive data, identities, and intellectual property protected,” said Alon Levin, VP Product Management at Seraphic. 

In addition to its enterprise solution, Seraphic supports the wider security community through BrowserTotal, a free platform where users can educate themselves on AI threats like Prompt Injection and analyze LLMs for safety, empowering organizations and individuals to proactively mitigate risks as AI technologies evolve. 

More information related to Seraphic’s Electron app protection can be found here.

**About Seraphic** 

Seraphic transforms any traditional or AI browser into a secure enterprise browser, delivering real-time protection against phishing, data loss, and credential theft on both managed and unmanaged devices. Backed by CrowdStrike’s Falcon Fund, recognized with the Frost & Sullivan Global Zero Trust Enabling Technology Leadership Award, and trusted by Fortune 500 enterprises, Seraphic provides the browser-layer security foundation for modern, cloud-driven businesses. 

Users can learn more at **seraphicsecurity.com**. 

**Contact**

**Head of Communications**  
**Eric Wolkstein**  
**Seraphic**  
**ericw@seraphicsecurity.com**

Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications

Two FortiWeb vulnerabilities, including a critical unauthenticated bypass (CVE-2025-64446), are under attack. Check logs for rogue admin accounts and upgrade immediately.

In worrying news for organisations relying on Fortinet FortiWeb products, the company has released emergency patches for two critical security weaknesses that hackers are already using in real-world attacks. These FortiWeb devices are special firewalls designed to protect web applications.

****Critical Flaw Allowed Total Takeover****

The most serious issue, CVE-2025-64446, is being exploited globally, with attack origins traced to the US, Europe, and Asia. This flaw is rated extremely high (9.8 out of 10) and has been active since early October 2025. It is a type of Path Traversal problem, which means attackers could trick the system into running files it shouldn’t.

What makes this flaw so bad is that it allows even a hacker who isn’t logged in (unauthenticated) to bypass security, create a new administrator account, and gain complete control over the device. The attacker could then disable security rules and possibly gain deeper network access.

Research firm Qualys analysed this threat, explaining that the attack cleverly combines two flaws to bypass the normal login process. The US CISA added this flaw to its KEV catalogue on November 14, 2025, demanding a fix by November 21, 2025.

****Second Exploit Also Requires Immediate Fix****

More recently, a second flaw, CVE-2025-58034, has also been confirmed as being actively exploited. This issue is an OS Command Injection vulnerability, which lets a logged-in (authenticated) attacker run unauthorised code on the system.

Although it is rated lower (6.7), its active exploitation is a serious concern. Jason McFadyen of Trend Micro’s Trend Research team is credited with the discovery. Due to the danger, CISA also added this flaw to its critical list on November 18, 2025, with a fix required by November 25, 2025.

****What You Need to Do Now****

Fortinet has released fixes, and CVE-2025-64446 was silently patched in version 8.0.2 on October 28, 2025, even though an official security alert was not released at that time.

Affected organisations must immediately update their FortiWeb versions. For example, if you are running version 8.0.1 or earlier, you must update to FortiWeb 8.0.2 or higher. If you are using the 7.6 branch, you must update to 7.6.6 to fix all recent issues (version 7.6.5 only fixed the older critical flaw). Updates are also available for versions in the 7.4, 7.2, and 7.0 branches.

As a necessary, temporary step, you should immediately disable the device’s management access from the public internet. Furthermore, organisations must check their system logs for any unauthorised administrator accounts, such as “Testpoint” or “trader,” which hackers have been observed creating since early October.

Fortinet Issues Fixes as FortiWeb Takeover Flaw Sees Active Attacks

Palo Alto, California, 19th November 2025, CyberNewsWire

**Palo Alto, California, November 19th, 2025, CyberNewsWire**

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local commands on users’ devices, capabilities that traditional browsers explicitly prohibit. Concerningly, there is limited official documentation on the MCP API. Existing documentation only covers the intent of the feature, without disclosing that Comet’s embedded extensions have persistent access to the API and the ability to launch local apps arbitrarily without user permission, creating a massive breach of user trust and transparency. 

> “For decades, browser vendors have adhered to strict security controls that prevent browsers, and especially extensions, from directly controlling the underlying device,” explains Kabilan Sakthivel, Researcher at SquareX. “Traditional browsers require native messaging APIs with explicit registry entries and user consent for any local system access. In their ambition to make the browser more powerful, Comet has bypassed all of these safeguards with a hidden API that most users don’t even know exists. This erosion of user trust fundamentally reverses the clock on decades of browser security principles established by vendors like Chrome, Safari, and Firefox.”

Currently, the API is found in the Agentic extension, and it can be triggered by the perplexity.ai page, creating a covert channel for Comet to access local data and launch arbitrary commands/apps without any user control. While there is no evidence that Perplexity is currently misusing the MCP API, the question is not if but when Perplexity will be compromised. A single XSS vulnerability, a successful phishing attack against a Perplexity employee, or an insider threat would instantly grant attackers unprecedented control via the browser over every Comet user’s device. This creates catastrophic third-party risk where users have resigned their device security to Perplexity’s security posture, with no easy way to assess or mitigate the risk.

In SquareX’s attack demo, the research team used extension stomping to disguise a malicious extension as the embedded Analytics Extension by spoofing its extension ID. Once sideloaded, the malicious Analytics Extension injects a script into the perplexity.ai page, which in turn invokes the Agentic Extension which finally uses the MCP to execute WannaCry on the victim’s device. While the demonstration leveraged extension stomping, other techniques such as XSS, MitM network attacks that exploits the perplexity.ai or the embedded extensions can also lead to the same result. 

More worryingly, as both extensions are critical to Comet’s agentic functionality, Perplexity has hidden them from Comet extension dashboard, preventing users from disabling them even if they are compromised. These embedded extensions become a “hidden IT” that security teams nor users have zero visibility over. Furthermore, due to the lack of documentation, there is no way to know whether or when Comet might expand access to other “trusted” sites.

While other AI Browsers also have embedded extensions, we have only found the MCP API in Comet for now. We have disclosed the attack to Perplexity, but have not heard a response. 

Similar to the OS and search engine, owning the platform where the majority of modern work occurs has always been the grand ambition for many tech companies. With AI, there is now the opportunity to make browsers more powerful than ever before. Yet, in the race to win the next browser war, many AI Browser companies are shipping features so quickly that it has come at the cost of proper documentation and security measures. 

> The MCP API exploits serve as an early warning to the third-party risks that poor implementation of AI Browsers can expose users to. “The early implementation of device control APIs in AI browsers is extremely dangerous,” Vivek Ramachandran, Founder of SquareX emphasizes. “We’re essentially seeing browser vendors grant themselves, and potentially third parties, the kind of system-level access that would require explicit user consent and security review in any traditional browser. Users deserve to know when software has this level of control over their devices.”

Without demand for accountability from users and the security community, other AI browsers will race to implement similar, or more invasive, capabilities to remain competitive. SquareX is calling on AI browser vendors to mandate disclosure for all APIs, undergo third-party security audits, and provide users with controls to disable embedded extensions. This isn’t just about one API in one browser. If the industry doesn’t establish boundaries now, we’re setting a precedent where AI browsers can bypass decades of security principles under the banner of innovation. 

**Demo Video:** https://youtu.be/qJl4XllT-9M 

For more information, users can refer to the technical blog.

**About SquareX**

SquareX‘s browser extension turns any browser on any device into an enterprise-grade secure browser, including AI Browsers. SquareX’s industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively defend against browser-native threats including rogue AI agents, Last Mile Reassembly Attacks, malicious extensions and identity attacks. Unlike dedicated enterprise browsers, SquareX seamlessly integrates with users’ existing consumer browsers, delivering security without compromising user experience. Users can find out more about SquareX’s research-led innovation at www.sqrx.com.

**Contact**

**Head of PR**  
**Junice Liew**  
**SquareX**  
**junice@sqrx.com**

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Orem, United States, November 18th, 2025, CyberNewsWire SecurityMetrics, a leading innovator in compliance and cybersecurity, today announced that…

Orem, United States, November 18th, 2025, CyberNewsWire

SecurityMetrics, a leading innovator in compliance and cybersecurity, today announced that its Shopping Cart Inspect (SCI) solutions has been selected as winner of the **“Data Leak Detection Solution of the Year”** award in the 9th annual CyberSecurity Breakthrough Awards program. Conducted by CyberSecurity Breakthrough, an independent market intelligence organization, the annual program recognizes the most innovative companies, products, and technologies driving progress in the global information security industry.

SCI reduces the chances of an e-commerce skimming attack through the inspection of a website’s shopping cart by a SecurityMetrics Forensic Investigator. The process involves the use of **patented WIM Technology** to determine if a website has fallen victim to JavaScript payment skimming. WIM technology can detect web skimming at the moment it is triggered and will alert a merchant if a webpage has been compromised, through tools like Shopping Cart Inspect and Shopping Cart Monitor.

Using Inspect, SecurityMetrics Forensic Analysts review the rendered webpage code in a shopping cart URL to collect evidence of a skimming attack. Inspect is non-intrusive and website reviews are conducted without business interruption or merchant installation/intervention.

Following the inspection, SecurityMetrics Forensic Analysts create a **risk report** illustrating a risk rating and include a list of vulnerabilities, ranking them from medium to high-risk based on the CVSS scale. The reports include a description of malicious JavaScript, identification of suspicious URLs on the website, a list of third-party domains participating in the e-commerce experience, and remediation recommendations. 24/7 technical support is also available to help with remediation.

> “We understand how important it is to keep a business running as usual, so we designed SCI to discover website skimming attacks while still allowing business to continue uninterrupted. Our solution has been purpose-built to strengthen merchants, and our Forensic Analysts are at the forefront of emerging cyber threats,” said Brad Caldwell, CEO of SecurityMetrics. “Our e-commerce investigations conducted by our expert Forensics Investigators will continue to identify trends that we will meet head-on with solutions that prioritize security technology for our valued global customer base.”

The 2025 awards program received thousands of nominations from more than 20 countries around the world, representing everything from disruptive startups to established global enterprises. This year’s winners embody the cutting edge of cybersecurity technology, delivering next-generation protection and resilience in today’s increasingly complex threat landscape.

> “SecurityMetrics knows that keeping your website up and running is vital to your business,” said Steve Johansson, managing director, CyberSecurity Breakthrough. “SCI from SecurityMetrics helps businesses tackle vulnerabilities confidently and gives them the tools and support they need to identify malicious scripts, protect their business, and ensure customer trust. That makes SCI our choice for 2025’s ‘Data Leak Detection Solution of the Year!’”

**About SecurityMetrics**

SecurityMetrics secures peace of mind for organizations that handle sensitive data. They have tested over 100 million systems for data security and compliance. Industry standards don’t keep up with the threat landscape, which is why SecurityMetrics hold their tools, training, and support to a higher, more thorough standard of performance and service. Never have a false sense of security.

**About CyberSecurity Breakthrough**

Part of Tech Breakthrough, a leading market intelligence and recognition platform for global technology innovation and leadership, the CyberSecurity Breakthrough Awards program is devoted to honoring excellence in information security and cybersecurity technology companies, products and people. The CyberSecurity Breakthrough Awards provide a platform for public recognition around the achievements of breakthrough information security companies and products in categories including Cloud Security, Threat Detection, Risk Management, Fraud Prevention, Mobile Security, Web and Email Security, UTM, Firewall and more. For more information, users can visit CyberSecurityBreakthrough.com.

Tech Breakthrough LLC does not endorse any vendor, product or service depicted in our recognition programs, and does not advise technology users to select only those vendors with award designations. Tech Breakthrough LLC recognition consists of the opinions of the Tech Breakthrough LLC organization and should not be construed as statements of fact. Tech Breakthrough LLC disclaims all warranties, expressed or implied, with respect to this recognition program, including any warranties of merchantability or fitness for a particular purpose.

**Contact**

Corporate Communications Manager

Landry French

SecurityMetrics

landry.french@securitymetrics.com

+1 801-995-6431

SecurityMetrics Wins “Data Leak Detection Solution of the Year” in 2025 CyberSecurity Breakthrough Awards Program

Mindgard reveals 4 critical security flaws in the popular Cline Bot AI coding agent. Learn how prompt injection can hijack the tool for API key theft and remote code execution.

AI coding assistants are fast becoming standard options in software development. However, a recent security audit of Cline Bot, one of the most popular assistants, revealed four serious security issues, including three critical flaws, that could allow a clever attacker to steal private information or run malicious software on a developer’s computer.

This ground-breaking research was conducted by AI security specialist Mindgard and shared with Hackread.com. The audit began on August 22, 2025, and Mindgard found these problems within just two days (by August 24), highlighting major security gaps in tools that are common nowadays.

****Turning a Helper into a Hazard****

The Cline Bot assistant is very popular, with over 3.8 million installs and more than 1.1 million daily active users. AI coding assistants, as we know it, are meant to be helpful, like a “golden retriever,” as the researchers put it, “endlessly eager, wildly helpful, and perhaps a little too trusting.”

But that’s not entirely the case here, as Mindgard demonstrated how a tricky attacker could hide a prompt injection inside source code files. When a developer simply opens a malicious project and asks Cline Bot to analyse it, the AI can be tricked into carrying out dangerous actions. These four issues include:

1.  Theft of Secret Keys: The AI could be tricked into sending sensitive API keys and other private data to an attacker’s location.
2.  Unauthorised Code Execution: An attacker could force the AI to download and run malicious software on the developer’s computer without needing approval.
3.  Bypassing Safety Checks: Attackers could override the AI’s internal safety rules, making it execute commands it should have flagged as dangerous.
4.  Leakage of Model Information: An error message could reveal secret details about the underlying AI model being used.

****The Secret Instructions Leak****

A key part of Mindgard’s success was getting hold of the Cline Bot’s system prompt– a set of secret instructions that tells the AI how to behave and what rules to follow. While some security experts believe this information isn’t a major risk, Mindgard strongly disagrees.

“Disclosure of the system prompt itself does not present the real risk; the security risk lies with the underlying elements,” researchers stated in their technical blog post, as Mindgard’s experiment showed that knowing the exact wording of the prompt helps attackers find loopholes much more precisely.

Further probing revealed that by manipulating how the AI processes project files, attackers could force the tool to ignore its own safety checks. For instance, in one test against Cline’s newer Sonic model (released on August 20, 2025), the researchers showed they could get the AI to execute an unsafe command (like downloading and running malicious code) without ever asking the user for approval.

It is worth noting that all four vulnerabilities were promptly shared with the vendor, who has since worked to fix the issues, but did not respond to the researchers accordingly.

Cline Bot AI Agent Vulnerable to Data Theft and Code Execution

ANY.RUN shows how early clarity, automation and shared data help SOC teams cut delays and speed up response during heavy alert loads.

_Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings._

What slows your Security Operations Center (SOC) down when a critical alert hits? For many teams, it’s not the alert itself but the time lost searching for clarity, switching between tools, and trying to confirm what’s real and what’s noise.

Leading SOCs have already started adopting specific strategies that help them cut this delay, shorten response time, and keep control even during heavy alert loads. Let’s discover what these strategies are and how you can bring them into your workflow.

****Why Response Time Slows Down****

Most delays inside a SOC come from one simple problem: analysts don’t get the right information fast enough. When an alert arrives without context, the team has to dig for answers; check logs, compare sources, wait for results from separate tools. Minutes disappear before anyone can say whether the threat is serious or not.

This gap creates three predictable issues:

*   **Uncertain prioritisation:** Teams waste time on alerts that don’t matter.

*   **Slow confirmation:** Analysts spend too long verifying what the threat is actually doing.

*   **Longer MTTR:** The whole response chain stretches because early steps take too much time.

This is exactly where high-performing SOCs have changed their approach: they focus on cutting the “uncertainty window” at the very beginning of the process.

****Strategy 1: Get Clarity Early to Avoid Wasting Time****

One pattern stands out across fast, well-organised SOCs: they reduce uncertainty at the very beginning of an alert. Instead of waiting for scattered tools to catch up, many teams now rely on interactive sandboxes like ANY.RUN to see what the threat is actually doing within moments.

For most samples, analysts receive a clear verdict in about 60 seconds, and in many cases, the full attack chain becomes visible almost instantly. This cuts down the usual back-and-forth, removes guesswork, and lets the team decide on the next steps without delay.

Fake Google Careers page exposed inside ANY.RUN sandbox in 60 seconds

When clarity arrives this quickly, response time drops sharply, and the entire workflow moves with far more confidence and control.

****Strategy 2: Automate Early Steps to Speed Up Your Response Cycle****

A surprising amount of lost time inside a SOC comes from actions that don’t require analyst expertise at all; opening lures, clicking through fake pages, solving CAPTCHAs, following redirects, or coaxing a threat to finally reveal itself. These tiny steps slow down the very beginning of the response cycle, making it harder for teams to react quickly when it matters most.

Leading SOCs avoid this slowdown by automating the early phase of alert validation. ANY.RUN’s automated interactivity blends automation with human-like actions: it can follow QR-code chains, interact with fake login pages, trigger multi-stage loaders, and bypass common barriers that usually require manual effort. All of this happens automatically, within seconds.

CAPTCHA challenge automatically solved inside ANY.RUN sandbox

As a result, teams report up to a 20% decrease in Tier 1 workload and fewer unnecessary Tier 1-to-Tier 2 escalations, because routine checks no longer require human time. Analysts get to the important part of the investigation faster, and the whole response cycle moves noticeably quicker.

****Strategy 3: Strengthen Collaboration So Your Response Doesn’t Stall****

A SOC can move quickly only if everyone involved sees the same picture and works from the same information. When data is scattered, screenshots in chats, logs in tickets, partial notes in emails, the response slows down simply because teams spend too much time syncing.

Leading SOCs avoid this by giving analysts, engineers, and incident responders a shared workspace with consistent, ready-to-use data. ANY.RUN makes this simple: every analysis generates a structured report with timelines, IOCs, network details, and behavioural highlights, all in a format that can be shared instantly across teams and tools.

Well-structured report with relevant IOCs, TTPs and other important information

This removes the usual communication lag, cuts back on repeated checks, and ensures that everyone involved can act immediately without waiting for clarification. The result is faster coordination, cleaner handoffs, and a response process that keeps moving instead of stopping to gather missing details.

****Achieve the Response Speed Your SOC Needs****

As you can see, reaching ultra-fast response time is absolutely possible when teams combine the right strategies with solutions designed to remove delays from the very start of an alert. SOCs using ANY.RUN’s sandbox has already proven this through measurable, real-world results from our latest survey:

*   **Up to 21 minutes reduced MTTR** per incident
*   **95% of SOC teams speed up threat investigations**
*   **94% of users report faster triage**
*   **3× SOC efficiency boost**
*   **24× more unique IOCs** to power downstream detection
*   **Fewer false positives** and more accurate prioritisation

If you want to see how much faster your team can operate with the same advantages, there’s only one way to know: Try ANY.RUN and measure the difference yourself.

****Free Webinar: SOC Leader’s Playbook – 3 Steps to Faster MTTR****

For readers who want a deeper look at practical ways to speed up incident response, ANY.RUN is hosting a one-hour session titled “SOC Leader’s Playbook: 3 Steps to Faster MTTR.” It will take place on 25 November 2025 at 16:00 CET.

During the webinar, experts will cover how leading SOCs:

*   Cut MTTR by 21 minutes per incident
*   Detect new attacks earlier with intelligence from 15,000 organisations
*   Achieve a 3× performance boost by reducing false positives

Save your seat now to get a clear, structured playbook for speeding up detection and response.

How to Achieve Ultra-Fast Response Time in Your SOC

Singapore, Singapore, 19th November 2025, CyberNewsWire

**Singapore, Singapore, November 19th, 2025, CyberNewsWire**

The collaboration advances enterprise grade application security into decentralized ecosystems, uniting Checkmarx’s AppSec expertise with Web3 specialization by CredShields.

CredShields, a leading Web3 security firm, has partnered with Checkmarx, the global leader in agentic AI-powered application security testing, to work with AI-driven smart contract audits, vulnerability research, and blockchain security tooling from CredShields to work alongside the Checkmarx application security platform.

As the application security market accelerates toward an expected US $55 billion by 2029, decentralized architectures introduce new attack surfaces that traditional AppSec programs are not designed to address. Nearly half of the largest DeFi breaches trace back to smart contract flaws, and in 2025 to date, losses from cryptocurrency service hacks already surpass US $2.1 billion and are projected to climb further. Research further indicates that up to 89% of smart contracts contain vulnerabilities, highlighting the need for Web3-native security standards alongside legacy security frameworks.

Through this agreement, Checkmarx is adding CredShields as a Web3 security partner to provide customers with dedicated support for decentralized environments. The collaboration combines Checkmarx’s enterprise AppSec leadership with deep expertise in smart contract auditing, vulnerability assessment, and blockchain security research from CredShields, enabling organizations to extend their existing DevSecOps programs into Web3 with minimal friction.

> “This partnership represents a natural evolution in the AppSec landscape,” said **Shashank**, Co-founder of CredShields. “Together with Checkmarx, we’re delivering a seamless layer of security that protects enterprise systems, decentralized applications, and smart contracts with the same rigor and intelligence.”

**The partnership will focus on:**

*   Comprehensive security coverage for decentralized applications, smart contracts, and wallets
*   AI-assisted vulnerability detection and manual audits powered by CredShields’ proprietary systems
*   Joint contributions to global security frameworks, including OWASP Smart Contract Security Standards and Smart Contract Top 10
*   Enterprise enablement to integrate Web3 security into existing DevSecOps pipelines

> “As enterprises extend their digital footprint into Web3, new attack surfaces emerge,” said **Scott Sieper**, Director of Product Management at Checkmarx. “Partnering with CredShields enables us to bring our deep AppSec expertise to blockchain environments and help organizations innovate with confidence while maintaining the same rigorous security standards they expect from Checkmarx.”

Checkmarx and CredShields aim to redefine enterprise application security for the decentralized era, ensuring that innovation and security evolve in parallel as organizations adopt blockchain at scale.

For more information about securing code at the speed of AI and the Checkmarx One platform, users can visit the website.

**About CredShields**

CredShields is a Web3 security firm specializing in manual smart contract audits, AI-powered vulnerability detection, and security automation across blockchain ecosystems. A contributor to the OWASP Smart Contract Top 10, CredShields protects leading protocols and enterprises through full-spectrum decentralized security solutions.

Users can watch the demo: https://lnk.credshields.com/checkmarx-demo

**Contact**

**CredShields**  
**marketing@credshields.com**

Source

HackRead