""By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery vehicles for persistent remote access," Cisco Talos researchers Sean Gallagher and Omid Mirzaei said in an analysis published today."
""A webhook, often referred to as a 'reverse API,' allows one application to provide real-time information to another. These URLs register an application as a 'listener' to receive data, which can include programmatically pulled HTML content," Talos explained."
""When the URL receives a request, the subsequent workflow steps are triggered, returning results as an HTTP data stream to the requesting application. If the URL is accessed via email, the recipient's browser acts...""
Threat actors are exploiting n8n, an AI workflow automation platform, to enhance phishing campaigns and deliver malicious payloads. By utilizing trusted infrastructure, attackers can bypass traditional security measures. N8n allows users to automate tasks and connect various applications, but its webhook feature has been particularly targeted. These webhooks, which expose unique URLs, have been used in phishing attacks since October 2025, enabling attackers to trigger workflows and send malicious content through automated emails.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]