Infosecurity Magazine

Critical Zero-Click Flaw in n8n Allows Full Server Compromise

The critical vulnerability affecting both cloud and self-hosted n8n instances requires no authentication or even n8n account ...

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.