Malicious npm Packages Exploit n8n Workflow Automation Platform

Malicious npm Packages Exploit n8n Workflow Automation Platform

First seen 13 Jan 2026, 00:53 UTC CsoonlineGround.News 83% similarity 55.1

Article Content

Browse articles
ThreatCluster

Threat actors have targeted the n8n workflow automation platform by uploading malicious npm packages disguised as legitimate integrations. These packages lure developers into revealing their OAuth credentials, potentially compromising thousands of instances of the widely used open-source platform. The attack was discovered by Endor Labs and represents a significant supply chain risk for users of n8n.

ThreatCluster AI

Community

Browse all →