Low-Code Webhooks Turn n8n Into a Malware Delivery Vector for Phishing

April 16, 2026 at 05:06 PM

•

1 min read

Low-Code Webhooks Turn n8n Into a Malware Delivery Vector for Phishing — Photo: The Hacker News

TL;DR Summary

Threat actors are abusing exposed n8n webhooks to run phishing campaigns, delivering malware via CAPTCHA-triggered downloads and fingerprinting victims, enabling persistence through modified RMM tools and C2 communication.

Topics:technology #cybersecurity #malware #n8n #phishing #security #webhooks

Share this article

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails The Hacker News
The n8n n8mare: How threat actors are misusing AI workflow automation Cisco Talos Blog
AI workflow platform n8n abused for phishing and device fingerprinting SC Media
Malware Delivered Through Trusted Webhooks In New n8n Abuse Campaign cyberpress.org
Hackers Abuse n8n AI Workflow Automation to Deliver Malware Through Trusted Webhooks CyberSecurityNews

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

96%

623 → 28 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights