n8n Hack: Malware and Phishing via Webhooks
Malicious actors are exploiting the n8n platform to send phishing emails and distribute malware, bypassing traditional security filters.

n8n Webhooks: The New Frontier of Automated Hacking and Phishing
Cybersecurity faces an emerging challenge: the weaponization of the n8n platform, an AI-powered workflow automation tool. Since October 2025, cybercriminals have been observed using its webhooks to orchestrate sophisticated phishing campaigns, successfully delivering malware or even performing device fingerprinting through automated emails.
Exploiting Trusted Infrastructure
The primary tactic of these attackers lies in leveraging n8n's infrastructure, which is often perceived as legitimate and trustworthy. By doing so, they manage to evade traditional security filters that monitor suspicious emails or malicious links. This transforms a tool designed for productivity into a vector for threat distribution.
"By leveraging trusted infrastructure, these attackers evade traditional security filters, turning productivity tools into delivery vectors."
Security Implications and Attack Types
The observed attacks range from sending phishing emails designed to trick users into revealing credentials, to the direct delivery of malware, including ransomware variants. Device fingerprinting, on the other hand, allows attackers to gather technical information about victims' systems, paving the way for more targeted and personalized attacks. This inherent vulnerability in how the platform is abused opens the door to countless risky scenarios.
The Evolution of Attack Tactics
This method underscores a worrying trend in the cybercrime landscape: the adaptation and reuse of legitimate tools for malicious purposes. While n8n itself is not a vulnerability, its design and how it can be configured by attackers make it a powerful weapon. The automation that n8n offers, when it falls into the wrong hands, allows for efficient scaling of attacks.
These types of attacks, which exploit trust in known tools, are reminiscent of other previously observed tactics, such as the **APT37 hack exploiting Facebook for infiltration**, demonstrating the constant innovation of threat actors.
Recommendations and Mitigation
To counter these threats, organizations must implement a multi-layered cybersecurity strategy. This includes:
- Advanced network and email monitoring: Detecting unusual traffic patterns or emails, even if they originate from seemingly legitimate sources.
- User awareness and training: Educating staff on the latest phishing tactics and the importance of verifying the authenticity of emails and links.
- Network segmentation: Limiting the potential scope of a hack if a part of the network is compromised.
- Constant security software updates: Keeping antivirus, firewall, and intrusion detection systems up-to-date. Vigilance against new threats is crucial, similar to warnings about critical vulnerabilities in Fortinet and Microsoft.
The fight against cybercrime requires continuous adaptation, and understanding how tools like n8n are being abused is fundamental to strengthening our defenses.
Related articles
11 de julio de 2026
Condemna històrica: membre de la banda Ryuk ransomware admet la seva culpabilitat
Un ciutadà armeni es declara culpable als EUA pel desplegament de ransomware Ryuk, afrontant una possible sentència de 15 anys de presó.
11 de julio de 2026
Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt
An Armenian national pleads guilty in the U.S. for deploying Ryuk ransomware and faces a potential 15-year prison sentence.
11 de julio de 2026
Condena histórica: miembro de la banda Ryuk ransomware admite su culpa
Un ciudadano armenio se declara culpable en EE. UU. por el despliegue de ransomware Ryuk, enfrentando una posible sentencia de 15 años de prisión.
10 de julio de 2026
Hackers exploten Microsoft Entra: Nova vulnerabilitat en passkeys
Un grup d'actors maliciosos utilitza enginyeria social per comprometre comptes de Microsoft 365 mitjançant falsos registres de passkeys a Entra.
Loading comments...