Post #8192

@thehackernews

The Hacker News

Views11,100Post view count

PostedJan 1201/12/2026, 04:43 PM

Post content

🚨 Attackers uploaded fake n8n community nodes to npm to steal OAuth tokens from live workflows. The packages mimicked real integrations, ran with full n8n access, decrypted credentials during execution, and exfiltrated them. Eight were removed, but activity appears ongoing. 🔗 Read about it here → https://thehackernews.com/2026/01/n8n-supply-chain-attack-abuses.html