Threats Tagged 'webhook abuse'
View all threats tagged with 'webhook abuse'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'webhook abuse'
Click on any threat for detailed analysis and mitigation recommendations
The n8n n8mare: How threat actors are misusing AI workflow automation 0 Investigation reveals widespread abuse of n8n, an AI workflow automation platform, in sophisticated phishing campaigns from October 2025 through March 2026. Attackers exploit the platform's webhook functionality to deliver malware and fingerprint devices while bypassing security filters through trusted infrastructure. Email volume containing n8n webhook URLs increased by 686% between January 2025 and March 2026. Observed campaigns utilize CAPTCHA-protected pages to deliver remote access tools including modified Datto RMM and ITarian Endpoint Management software. The webhooks mask malicious payload sources behind legitimate n8n domains. Additional abuse cases involve tracking pixels embedded in emails for device fingerprinting. These attacks demonstrate how legitimate productivity and automation platforms can be weaponized, requiring behavioral detection approaches rather than simple domain blocking to protect organizational workflows. Join the discussion | AlienVault OTX General | 04/15/2026, 15:08:21 UTC Added: 04/15/2026, 17:32:23 UTC |
Showing 1 to 1 of 1 result