Threat actors have been observed uploading a set of eight
packages on the npm registry that masqueraded as integrations
targeting the n8n workflow automation platform to steal developers'
OAuth credentials. One such package, named
"n8n-nodes-hfgjf-irtuinvcm-lasdqewriit," mimics a Google Ads
integration, and prompts users to link their advertising account in
a seemingly legitimate form and then
Read more https://thehackernews.com/2026/01/n8n-supply-chain-attack-abuses.html
