Dataminr Highlights Early Warning Capabilities on Emerging n8n Cyber Exploit

According to a recent LinkedIn post from Dataminr, the company’s cyber intelligence team is monitoring a multi-vector campaign, dubbed “Ni8mare,” that targets the n8n automation platform through a chained exploit involving CVE-2026-21858 and CVE-2025-68613. The post suggests that successful exploitation could enable full system takeover and access to centralized credential vaults.

The company’s LinkedIn post highlights that Dataminr provided customers with what it characterizes as an 82-day lead time on CVE-2025-68613, positioning its offering as an early-warning capability relative to later public notifications such as CISA KEV listings. The post also flags supply chain risks, noting reports of malicious npm packages impersonating “Google Ads” nodes to exfiltrate OAuth tokens and API keys.

As shared in the post, n8n is described as frequently acting as a credential hub for SaaS platforms including Salesforce and Stripe, implying that a compromise could expose broad access across an organization’s digital ecosystem. For investors, this emphasis on early detection of emerging threats and supply chain exploits may underscore Dataminr’s value proposition in high-stakes cybersecurity use cases and could support demand from enterprise and government customers seeking proactive risk intelligence.

If Dataminr’s intelligence on campaigns like Ni8mare proves timely and actionable for its clients, it could strengthen customer retention and support pricing power within the competitive cyber threat intelligence segment. The post’s focus on AI-enabled cyber intelligence and integration with widely used SaaS platforms may also signal strategic alignment with growing budgets for automation security and third-party risk management, factors that could be relevant for assessing the company’s long-term growth trajectory.