A critical n8n flaw has been discovered - here's how to stay safe

A patch and workarounds are available.
The Hacker News

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Malicious npm packages posing as n8n community nodes were used to steal OAuth tokens by abusing trusted workflow integrations ...
CSO Online

Malicious npm packages target the n8n automation platform in a supply chain attack

Researchers discovered malicious npm packages posing as n8n integrations, exfiltrating OAuth tokens and API keys from ...

Max severity Ni8mare flaw impacts nearly 60,000 n8n instances

Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare." ...

Build Reliable n8n Assistants with Clear States, Validation & Escalation Paths

Learn two ways to manage workflow state on n8n, from canvas logic to tables that validate order numbers, for consistent ...
Infosecurity Magazine

Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers

A newly discovered vulnerability in authentication platform n8n could allow threat actors to take control of n8n servers ...

No Code Autonomous AI Research Assistant for Deep Web Research

Create a no-code AI researcher with two research modes and verifiable links, so you get quick answers and deeper findings ...
CSO Online

CrashFix attack hijacks browser failures to deliver ModelRAT malware via fake Chrome extension

A malicious extension impersonating an ad blocker forces repeated browser crashes before pushing victims to run ...
How-To Geek on MSN

I wish I'd never discovered the power of Notion and n8n

It's not like a needed another automation obsession.
heise online

Ruby 4.0: A lot of restructuring under the hood, few new features

The new major version with a new JIT compiler, a revised parallelization API, and a maturing type system paves the way for the next decade. On December 21, 2025, the Ruby language turned 30 years old ...