Resources

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers’ OAuth credentials.
One such package, named “n8n-nodes-hfgjf-irtuinvcm-lasdqewriit,” mimics a Google Ads integration, and prompts users to link their advertising account in a seemingly legitimate form and then

Related resources

26 November 2025

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team […]

21 March 2026

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number […]

24 February 2026

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven […]

Year in Review 2025: The major headlines and moments from Sophos this year

Laughter in the dark: Tales of absurdity from the cyber frontline and what they taught us

Resources

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Related resources

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

Links

Enterprise Solutions

SMB Solutions

Contact Us

Follow Us