Welcome to Security Lab Insights, your central hub for the latest email security intelligence. Here, you’ll find a comprehensive collection of in-depth analysis from Hornetsecurity’s Security Lab, specializing in forensic examinations of current and critical security threats. Designed for CISOs, Microsoft 365 admins, and all cybersecurity enthusiasts, this hub will keep you informed about the latest trends and best practices to safeguard your organization against evolving cyber threats. Explore our research library to discover valuable insights and stay ahead of the curve.

Threat Reports

22 April 2025

Monthly Threat Report April 2025

Generative AI is fueling a rise in low-effort, high-volume email attacks, making phishing campaigns easier to launch than ever. PDF, Archive, and HTML files dominated as the preferred payload carriers. Meanwhile, DocuSign, DHL, and PayPal remained the top targets for brand impersonation scams.

Threat Reports

14 March 2025

Monthly Threat Report March 2025

TD Bank faced a data breach from an ex-employee, while the Medusa group attacked HCRG Care Group without disrupting services. Microsoft patched major flaws, including a critical Outlook bug, and Apple removed iCloud’s Advanced Data Protection in the UK under government pressure.

Technical Reports

26 February 2025

Detection of Cyberthreats with Computer Vision (Part 2)

In our previous article, we explored how Computer Vision can be used to enhance cybersecurity by analyzing the visual representation of emails and webpages. We highlighted how this approach helps detect sophisticated attacks that traditional content analysis might miss. We concluded by introducing a Reverse Image Search system, which is responsible for identifying recurring malicious campaigns by comparing the screenshots of incoming emails with known threats. 

Threat Reports

14 February 2025

Monthly Threat Report February 2025: Changes in US Cybersecurity & a Busy Patch Tuesday

The U.S. Cyber Safety Review Board (CSRB) has been shut down. Leadership changes at CISA and more shifts likely. China’s DeepSeek LLM is gaining traction despite ongoing privacy and security concerns.

Technical Reports

28 January 2025

Detection of Cyberthreats with Computer Vision (Part 1)

Welcome to the first article of our four-part series on the topic of the detection of cyberthreats with Computer Vision. In this article, we will explain why Computer Vision can help to detect cyberthreats.

Technical Reports

20 January 2025

The Role of AI in Hornetsecurity’s Next Generation Email Security

Artificial intelligence (AI) has been in the spotlight for the last couple of years but has actually been around as an academic discipline since 1956. Everyone knows about ChatGPT and many, many people use it and all its cousins in their personal and business lives to generate text, images and even videos. But did you know that we here at Hornetsecurity have been using AI for many years in our products, and that it’s underpinning many of the features keeping bad messages out of your email inbox?

Threat Reports

20 January 2025

Monthly Threat Report January 2025: A New Year to Fend off New Attacks 

Email-based attacks rose in Q4 2024, with archives, PDFs, and HTML files being the most common payloads. The education sector became one of the top three targeted industries, alongside mining and entertainment. DocuSign was the most impersonated brand, with attacks on telecom sectors in the US and UK and Costa Rica’s critical infrastructure during December.

Technical Reports

22 November 2024

Subdomains Takeover: Universities as a Threat Vector

Threat Reports

13 November 2024

Monthly Threat Report November 2024: More Breaches and New EU Regulations

A security breach at the Internet Archive exposed data of 31 million users, increasing the risk of targeted cyber-attacks. The EU has adopted a new law to enhance IoT device security, potentially impacting all digital products; with the holidays and recent U.S. elections, expect a surge in brand impersonation and malicious communications.

Threat Reports

11 October 2024

Monthly Threat Report October 2024: Email Threats Trending Up for End of Year

In Q3 2024, email threats surged significantly, with PDF, archive, and HTML files being the top malicious attachments. The CUPS security incident drew special attention from Linux system admins, and Microsoft held a Windows Security Summit to strategize on preventing future breaches like CrowdStrike.

Threat Reports

17 September 2024

Monthly Threat Report September 2024: Another Month – Another Massive Data Breach

A massive data breach at National Public Data exposed 2.9 billion records, increasing the risk of spear-phishing attacks. U.S. authorities warn of RansomHub, insider threats, and rising cyber risks during the ongoing U.S. election campaign.

Threat Reports

13 August 2024

Monthly Threat Report August 2024: A Month of Global Impact

Widespread cyberattacks dominated July 2024, highlighted by the severe CrowdStrike incident that caused significant disruptions across multiple businesses. New vulnerabilities in VMware ESXi and increased DDoS attacks from Anonymous Sudan further compounded the threat landscape.