Cisco Talos researchers have documented a sustained campaign in which threat actors abuse the n8n AI workflow automation platform to deliver malware and harvest device intelligence through enterprise phishing emails, with attack volume rising sharply since late 2025.
Between October 2025 and March 2026, security analysts observed a sharp surge in phishing emails that weaponized n8n-generated webhooks to deliver malicious payloads and collect device fingerprints under the guise of trusted infrastructure. The volume of malicious emails in March 2026 was approximately 686% higher than in January 2025. The threat actors behind the campaign are primarily financially motivated cybercriminals rather than state-sponsored advanced persistent threat (APT) groups.
Background
n8n is a low-code workflow automation platform that enables developers to connect applications, APIs, and services through customizable workflow chains. Users can register a developer account at no cost to access a managed cloud-hosted service and run automation workflows, with each account assigned a unique subdomain in the format <account name>.app.n8n.cloud. The platform also supports webhook creation to receive data from apps and services when specific events are triggered.
The platform has over 100 million Docker pulls and millions of users, with 100,000 servers potentially exposed, according to security vendor Cyera. Because n8n plays a central role in enterprise automation-connecting to services such as Google Drive, Salesforce, OpenAI, CI/CD pipelines, and payment processors-the blast radius of a compromised server can be extensive.
The n8n abuse is the latest example of a broader trend in which legitimate productivity and low-code platforms, including Zapier and Softr.io, are weaponized for phishing and malware delivery. Separately, Resecurity disclosed CVE-2025-68613, a critical remote code execution (RCE) vulnerability in n8n's server-side expression evaluation engine with a CVSS score of 9.9, while Cyera documented a second maximum-severity flaw, CVE-2026-21858, rated CVSS 10.0, that enables unauthenticated attackers to read arbitrary files, forge session cookies, and achieve arbitrary code execution.
Attack Chain Details
Since October 2025, cybercriminals have actively exploited n8n's webhook functionality to deliver malware and conduct advanced phishing campaigns, leveraging the platform's trusted cloud infrastructure to bypass traditional email security controls and automate malicious payload delivery.
Because webhooks mask the source of the data they deliver, they can serve payloads from untrusted sources while appearing to originate from a trusted domain. Webhooks can also dynamically serve different data streams based on triggering events-such as request header information-allowing phishing operators to tailor payloads by user-agent header. In practice, an iOS user and a Windows user who click the same link may receive entirely different content.
Phishing emails frequently masquerade as notifications about shared documents, invoices, or security alerts. Upon clicking, victims are directed to n8n-hosted pages that may present a CAPTCHA or other decoy content before prompting a file download-typically a trojanized remote monitoring and management (RMM) installer. One payload, protected by the Armadillo anti-analysis packer, deployed a modified version of the ITarian Endpoint Management RMM tool, which acts as a backdoor while running Python modules to exfiltrate information from the target's system.
A secondary technique embeds invisible tracking pixels hosted on n8n webhook URLs within phishing emails. When the message is opened, the email client automatically sends an HTTP GET request to the n8n URL along with tracking parameters-including the victim's email address-enabling attackers to profile active targets for future exploitation.
Campaigns have targeted a broad spectrum of organizations, focusing on sectors that rely heavily on email communication and SaaS platforms, including finance, healthcare, education, and government.
Defensive Outlook
Because several AI automation platforms are inherently designed to be flexible and trusted, the security community must move beyond simple static analysis to counter their abuse. Rather than blocking entire domains-which would disrupt legitimate business workflows-security researchers recommend behavioral detection approaches.
Organizations should treat third-party workflow automation endpoints as high-risk, review allowlists, tighten account registration controls, and add webhook monitoring to email security and threat-hunting processes. Exploitation of CVE-2025-68613, for instance, results in complete loss of trust boundaries within n8n, enabling attackers to operate with the same authority as the automation platform itself. Because n8n frequently serves as a central orchestration layer connecting internal systems, cloud services, and third-party APIs, the impact of compromise often cascades across the entire organization. Users running self-hosted instances should upgrade to patched versions immediately and apply zero-trust network controls around automation runtime environments.
