More than 1,700 sensitive documents were inadvertently shared publicly via ANY.RUN after Microsoft Defender mistakenly identified legitimate Adobe Acrobat Cloud links as malicious.
ANY.RUN is an interactive online sandbox that allows users to analyze and detect malware by running suspicious files or links in a controlled environment.
The firm warns free-plan users that any files uploaded to the platform are public.
“We saw a sudden inflow of Adobe Acrobat Cloud links being uploaded to ANYRUN's sandbox. After research, we've discovered that Microsoft Defender XDR mistakenly flagged acrobat[.]adobe[.]com/id/urn:aaid:sc: as malicious,” ANY.RUN said in a statement.
“This caused free-plan users to upload more than a thousand Adobe files with sensitive corporate data of hundreds of companies for analysis in public mode.”
ANY.RUN made all these analyses private to prevent leaks, yet users continue to share confidential documents publicly. It warns users to use commercial licences for work-related tasks to ensure privacy and compliance.
🚨 Important: False positive from MS Defender XDR has led to 1,700+ sensitive docs being shared publicly via #ANYRUN alone.
undefined ANY.RUN (@anyrun_app) April 24, 2025
A couple of hours ago we saw a sudden inflow of Adobe Acrobat Cloud links being uploaded to ANYRUN's sandbox.
After research, we've discovered that… pic.twitter.com/v66AHFMsJN
Over 1,700 private sensitive documents have been publicly shared via ANY.RUN alone. Other platforms for malware analysis, like VirusTotal, also allow users to upload suspicious files, potentially leading to inadvertent exposure.
However, the cybersecurity community is expressing frustration over what they view as misleading messaging from ANY.RUN.
Some Reddit users noted an ANY.RUN statement on the platform’s homepage, encouraging users to “Create a free account” while claiming they can “keep your uploads and analyses private.”
“Huh, I wonder what could lead free account holders to think their uploads were private,” a user posted.
“You can snark at users all you like for missing this seemingly obvious warning while they are worried about malware, but if it was that obvious, then so many users wouldn’t have missed it,” another user added.
To avoid inadvertently exposing sensitive data, users should always verify the privacy policy and settings of their chosen malware analysis platform or refrain from uploading any sensitive or confidential data altogether.
Your email address will not be published. Required fields are markedmarked