Q1 2026 Cyber Risk Report: Insights from 2.1 Million Malware and Phishing Investigations 

ANY.RUN’s Q1 2026 Cyber Risk report synthesizes 2.1 million malware and phishing investigations to reveal key trends: large increases in loader-based attacks (+98.3%), credential theft (+14.7%), and LOLBAS usage (+58.4%), with median times to persistence and LOTL execution measured in seconds—underscoring shrinking detection windows and the need for faster, behavior-based detection, enterprise malware analysis, and improved SOC investigation workflows.