Welcome to Security Lab Insights, your central hub for the latest email security intelligence. Here, you’ll find a comprehensive collection of in-depth analysis from Hornetsecurity’s Security Lab, specializing in forensic examinations of current and critical security threats. Designed for CISOs, Microsoft 365 admins, and all cybersecurity enthusiasts, this hub will keep you informed about the latest trends and best practices to safeguard your organization against evolving cyber threats. Explore our research library to discover valuable insights and stay ahead of the curve.

Technical Reports

20 April 2026

From a Deceptive Purchase Order to Remcos RAT

Since November 2025, our teams have repeatedly observed email-borne intrusion chains culminating in the delivery of Remcos, suggesting sustained operational activity around this malware family. In that context, this case is not an isolated event, but part of a broader pattern worth tracking closely. The following sections walk through the full attack chain, the payload recovery process, and the evidence linking the final stage to Remcos RAT, while also highlighting the limits of attribution when public artifacts and reused tooling overlap.

Email Security, Technical Reports

14 April 2026

Phishing, Affiliate Marketing, and Investment Fraud: Analysis of a Large-Scale Lead Generation Campaign

At the end of February 2026, a large-scale phishing campaign targeting French internet users was identified. The operation promotes an investment opportunity presented as being linked to Amazon, based on deceptive elements and not corresponding to any known official offer. The objective of this campaign appears to go beyond the simple collection of personal information. The observed elements suggest that it may be part of a lead generation mechanism tied to deceptive investment offers. 

Threat Reports

09 April 2026

Monthly Threat Report April 2026

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on industry events from the month of March 2026. 

Technical Reports

20 March 2026

Multi-Layer Open Redirect Abuse Leveraging Google Meet to Deliver a Phishing Attack

In this article, we provide a step-by-step breakdown of an attack chain exploiting a Google Meet mechanism. From the initial phishing email to the CAPTCHA-protected landing page and the final credential harvesting infrastructure.

Threat Reports

16 March 2026

Monthly Threat Report March 2026

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on industry events from the month of February 2026. 

Technical Reports

10 February 2026

Inside the Email Threat Landscape: How Hornetsecurity Uncovers Real-World Attacks

At Hornetsecurity, our Threat Research and Response activities continuously analyze real-world email attacks observed across global customer environments. This article shares what we see from the front lines, based on months of investigation.

Threat Reports

10 February 2026

Monthly Threat Report February 2026

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data and industry events from the month of January 2026.

Threat Reports

13 January 2026

Monthly Threat Report January 2026

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of December 2025.

Threat Reports

11 December 2025

Monthly Threat Report December 2025

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data and industry events from the month of November 2025.

Threat Reports

05 November 2025

Monthly Threat Report November 2025

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on industry occurrences from the month of October 2025.

Threat Reports

10 October 2025

Monthly Threat Report October 2025

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.

Threat Reports

09 September 2025

Monthly Threat Report September 2025

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on industry events and content from the month of August 2025.