Hey everyone,
I’ve just published a new custom n8n node: n8n-nodes-ransomware-live 
This node integrates live ransomware data feeds directly into your n8n workflows. The goal is to make it easier for automation flows to consume threat intelligence data in real time — whether you want to:
-
Monitor ransomware groups’ activity,
-
Enrich your internal threat intelligence pipelines,
-
Push updates into Slack/Teams/Discord,
-
Or trigger automated alerts and tickets in your systems.
Links:
It’s available on npm and GitHub, and can be installed like any other n8n community node. Feedback, contributions, and ideas for improvements are more than welcome! 
If anyone here has use cases in CTI, SOC automation, or simply wants to test it out, I’d love to hear what you think.