Ground.News
Malicious npm Packages Exploit n8n Workflow Automation Platform
First seen 13 Jan 2026, 00:53 UTC
•
•83% similarity
•55.1
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Threat actors have targeted the n8n workflow automation platform by uploading malicious npm packages disguised as legitimate integrations. These packages lure developers into revealing their OAuth credentials, potentially compromising thousands of instances of the widely used open-source platform. The attack was discovered by Endor Labs and represents a significant supply chain risk for users of n8n.
ThreatCluster AI