The n8n OverDoS disclosure is worth reading even if you are not running n8n. The mechanism is a database fill attack that denies service to any attacker-reachable deployment, alongside an open redirect that creates a path to user phishing. Around 70,000 instances were potentially exposed. The pattern does not seem unusual. Automation and workflow tooling often sits adjacent to production infrastructure, touches sensitive data, and has direct API access to internal systems. But it frequently gets scoped out of AppSec reviews because it is not a customer-facing application in the traditional sense. Dependencies your developers pull into CI pipelines and automation layers have the same attack surface as application code. They just get reviewed less frequently. Why does this keep happening, and how are other orgs making sure their automation infrastructure gets the same security scrutiny as customer-facing applications? submitted by /u/Logical-Professor35 [link] [comments]