"Researchers at Cisco Talos report that since at least October 2025, attackers have been abusing n8n workflows to bypass traditional security defenses. By leveraging the platform's legitimate infrastructure and strong reputation, these campaigns can deliver tailored malware, establish persistent access, and fingerprint victims while evading detection."
"What makes this tactic especially dangerous is how convincingly it blends into normal business activity. And because the attack adapts in real time to each victim, the same phishing link can lead to very different outcomes depending on who clicks it."
"According to a threat spotlight report by Cisco Talos, emails containing n8n webhooks (automated flows) rose 686% in March this year compared to January 2025."
n8n, a workflow automation platform, has been misused by attackers to deliver malware since October 2025. By leveraging its legitimate infrastructure, attackers can bypass security defenses and deliver tailored malware. The platform's integration capabilities make it appealing for automation, but its trusted reputation allows phishing emails to evade spam filters. A significant increase in emails containing n8n webhooks was reported, indicating a rise in malicious activity. The adaptability of these attacks makes them particularly dangerous, as outcomes vary based on the victim.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]