n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are exploiting n8n, a legitimate AI workflow automation platform, to conduct sophisticated phishing campaigns since October 2025. By weaponizing trusted infrastructure, attackers bypass traditional security filters and deliver malicious payloads or perform device fingerprinting through automated emails. This technique leverages the credibility of established platforms to increase the success rate of phishing attempts. Organizations should monitor for suspicious n8n webhook activity, implement email filtering rules that flag automated workflow emails, and educate users about increasingly sophisticated phishing delivery mechanisms that abuse legitimate services.

Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery

Threat actors are exploiting n8n, a legitimate AI workflow automation platform, to conduct sophisticated phishing campaigns since October 2025. By weaponizing trusted infrastructure, attackers bypass traditional security filters and deliver malicious payloads or perform device fingerprinting through automated emails. This technique leverages the credibility of established platforms to increase the success rate of phishing attempts. Organizations should monitor for suspicious n8n webhook activity, implement email filtering rules that flag automated workflow emails, and educate users about increasingly sophisticated phishing delivery mechanisms that abuse legitimate services. Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery