According to a recent LinkedIn post from Dataminr, the company’s cyber intelligence team is tracking a multi-vector campaign dubbed “Ni8mare” that targets the n8n automation platform. The post describes an exploit chain combining an unauthenticated file-read vulnerability, referenced as CVE-2026-21858, with an authenticated remote code execution flaw, CVE-2025-68613, enabling potential full system takeover and access to centralized credential vaults.
Claim 55% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The company’s LinkedIn post highlights that Dataminr reportedly provided customers with an 82-day lead time on CVE-2025-68613 before a related CISA Known Exploited Vulnerabilities notification. This early-warning capability may signal competitive strength in proactive threat detection, which could support customer retention and pricing power in the crowded cybersecurity and threat-intelligence market.
The post also suggests notable supply-chain risk, citing malicious npm packages disguised as “Google Ads” nodes that are allegedly designed to exfiltrate OAuth tokens and API keys. Given that n8n can act as a credential hub for SaaS platforms such as Salesforce and Stripe, Dataminr’s focus on this campaign indicates a strategic emphasis on securing integration workflows that underpin enterprise digital operations.
For investors, the emphasis on complex exploit chains and software supply-chain risk underscores growing demand for real-time, AI-driven threat intelligence solutions. If Dataminr can consistently deliver early detection on high-impact vulnerabilities and communicate this value to enterprises, the capability described in the post could help underpin long-term growth prospects and reinforce its positioning against both traditional security vendors and newer AI-native rivals.