Post #8809

⚠️ Attackers are abusing automation tools as delivery infrastructure. Cisco Talos found #n8n webhooks used for phishing, malware, and tracking, leveraging trusted *.n8n.cloud domains to bypass filters. email link → CAPTCHA → silent download → RMM-based persistence. 🔗 Read → https://thehackernews.com/2026/04/n8n-webhooks-abused-since-october-2025.html