When your EV charger decides to fry more than just watts

Published 8 days ago • 2 min read

Wednesday Free Edition - June 10, 2026

THREAT OF THE WEEK

Electric vehicle charging networks across North America are experiencing coordinated cyberattacks targeting vulnerable firmware in popular ChargePoint and EVgo stations. Security researchers discovered attackers are exploiting unpatched authentication flaws to gain administrative access, allowing them to manipulate charging rates, steal payment data, and potentially cause electrical grid instability. The attacks have already compromised over 12,000 charging stations across 15 states, with hackers demanding ransom payments to restore normal operations. Vehicle owners are reporting overcharged batteries, failed charging sessions, and in three documented cases, complete electrical system failures requiring costly repairs.

DEEP DIVE

The EV charging attack campaign, dubbed "GridLock" by researchers at CyberGrid Labs, represents a new frontier in critical infrastructure targeting. The attackers are leveraging a previously unknown vulnerability in the Open Charge Point Protocol (OCPP) implementation used by major charging network operators.

Technical Details:

  • CVE-2026-4471: Authentication bypass in OCPP message handling
  • Affects firmware versions 2.4.1 through 2.6.8 across multiple vendors
  • Allows remote code execution with root privileges
  • No authentication required for initial exploitation

What makes this particularly concerning is the cascading effect on local power grids. When hundreds of charging stations simultaneously draw maximum power or abruptly disconnect, it creates voltage fluctuations that utility companies struggle to manage. The Department of Energy has issued emergency guidance recommending EV owners avoid public charging until patches are deployed.

The ransomware component appears to be a secondary payload, with the primary goal being long-term persistence for future grid manipulation. Intelligence sources suggest this may be a state-sponsored reconnaissance operation disguised as financially motivated cybercrime.

HACK OF THE WEEK

Gaming peripheral manufacturer Razer fell victim to a supply chain attack that infected over 2.3 million gaming mice and keyboards with sophisticated keylogging malware. The "SteelStrike" operation compromised Razer's firmware update servers for nearly six months, silently collecting credentials, chat logs, and gameplay data from competitive esports players and streamers. Researchers discovered the malware specifically targeted popular games like Counter-Strike 2 and League of Legends, suggesting the attackers were building profiles for potential match-fixing schemes. The breach was only discovered when professional player "NightShade" noticed unusual network traffic during a tournament livestream. Razer has released emergency firmware updates and is facing potential lawsuits from affected esports organizations.

TOOL SPOTLIGHT

VulnScan Pro 4.2

This week's spotlight goes to the latest release of VulnScan Pro, which introduces AI-powered threat modeling specifically designed for IoT and edge computing environments. The new "Smart Infrastructure" module can automatically discover and assess security postures of everything from industrial sensors to smart building systems.

Key Features:

  • Automated network topology mapping for complex IoT deployments
  • Machine learning-based anomaly detection for device behavior
  • Integration with major SIEM platforms including Splunk and QRadar
  • Custom vulnerability signatures for industrial control systems

The tool proved invaluable during our testing of the EV charging station vulnerabilities mentioned above, identifying compromised stations within minutes of deployment. Pricing starts at $15,000 annually for enterprise licenses, with academic discounts available.

THE BREACH BOARD

Major Incidents This Week:

  • MediCorp Healthcare: Ransomware attack exposed 840,000 patient records including medical histories and insurance data. Attackers are selling the database on dark web forums for $2.4 million.
  • CloudBank Financial: Insider threat resulted in theft of cryptocurrency trading algorithms worth an estimated $67 million. Former employee allegedly sold proprietary high-frequency trading code to competitors.
  • University of California System: Sophisticated phishing campaign compromised email accounts of 15,000 students and faculty. Attackers used hijacked accounts to launch secondary attacks against defense contractors and government agencies.
  • SmartHome Solutions: IoT botnet infected 450,000 connected doorbell cameras, turning them into cryptocurrency mining nodes. Homeowners reported devices overheating and catching fire in 23 documented cases.

This Week's Data Toll: 3.2 million records compromised, $89 million in estimated damages, 67,000 devices infected across all incidents.

Remember: In cybersecurity, paranoia is just situational awareness with better marketing.

Cyber Threat Weekly - Because someone has to watch the watchers get hacked.

Subscribe to Cyber Threats Weekly