Threat IntelligenceThe Hacker News
7.5 — HIGH
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Threat actors have exploited n8n, a workflow automation platform, to deliver malicious payloads via phishing emails, bypassing traditional security filters by leveraging trusted infrastructure.
⚙️Technical Details
Affected Systems
n8nEmail clients
Attack Vectors
Phishing emailsAutomated email sending
💥Impact Assessment
Severity: H
Who Is at Risk
Users of n8n and email clients, particularly those in productivity and automation roles.
🛡️Recommended Actions
1Implement additional security filters for automated workflows
2Verify email authenticity using DMARC or SPF records
3Regularly update and patch n8n and email client software
📦Affected Products
n8nEmail clients
Read the full article
This is a curated summary. The complete article is available at The Hacker News.