Energy

Besen EV Charger Vulnerability

A security vulnerability has been discovered in the Besen BS20 EV Charging Station, allowing for authentication bypass via capture-replay attacks on the BLE/WiFi component. This issue affects users of the Besen BS20 EV Charging Station, particularly those with local network access. Users should monitor for updates from Besen and consider implementing additional security measures to mitigate potential attacks.

Besen EV Charging Station Vulnerability

A vulnerability has been identified in the Besen BS20 EV Charging Station, allowing for improper authorization due to a weakness in the OTA Update Installation Handler. The vulnerability can be exploited remotely, but requires a high degree of complexity. Users of the affected charging stations should monitor for updates and follow best practices for secure configuration.

Bes

A security flaw has been discovered in the Besen BS20 EV Charging Station, affecting an unknown functionality of the Firmware Version Check component. This vulnerability allows for improper restriction of rendered UI layers and can be executed remotely, although exploitation is considered difficult due to a high complexity level. Users are advised to monitor for updates from Besen, as the company has acknowledged the issue and is reviewing it.

Besen EV Charger Vulnerability

A vulnerability has been discovered in the Besen BS20 EV Charging Station, affecting its Bluetooth Low Energy handler, which can lead to weak password requirements. The attack requires local network access and has high complexity. Users should monitor for updates from Besen and consider implementing additional security measures.

Besen EV Charging Station Vulnerability

A vulnerability in the Besen BS20 EV Charging Station allows for authentication bypass via BLE/WiFi replay attacks, affecting users of the charging station. The attack must be carried out from within the local network. Users should ensure their charging station is updated and monitor for suspicious activity.

EV Charging Station Vulnerability

A critical vulnerability was discovered in the Besen BS20 EV Charging Station, affecting its OTA Update Installation Handler, which can be exploited remotely. Users of the Besen BS20 EV Charging Station are advised to be cautious and monitor for

Untitled Security Alert

A vulnerability has been discovered in the Besen BS20 EV Charging Station, affecting its BLE/UDP component and potentially exposing credentials. The vulnerability can be exploited within a local network, and an exploit is available. Users are advised to monitor their systems and await a patch from the vendor.

Besen EV Charger Vulnerability

A vulnerability in the Besen BS20 EV Charging Station's Bluetooth Low Energy handler allows for weak password requirements, potentially affecting users with these charging stations. The vulnerability

OT Security Gap

A significant security gap exists in operational technology (OT) systems, where legacy devices and lack of monitoring hinder AI-driven security strategies. This gap affects various industries, including energy, automotive, and pharmaceuticals. Organizations should prioritize passive network monitoring and address the visibility gap to ensure effective security.

Turkiye Electricity App Vulnerability

A vulnerability was discovered in the Turkiye Electricity Transmission Corporation Mobile Application, allowing excessive authentication attempts. Users of the application are affected, and upgrading to a patched version is recommended. The vulnerability can be exploited remotely.

AI-Powered App Attacks Rise

A recent report by Digital.ai warns that AI-powered attacks on mobile apps are becoming faster, more frequent, and harder to stop, affecting all industries. These attacks can occur within hours of an app's release, erasing the distinction between emerging and primary targets. Users and developers should be vigilant and take proactive measures to secure their apps.

Vulnerability Exploitation Tops DBIR

According to the 2026 Verizon Data Breach Investigations Report, vulnerability exploitation has become the most common initial access vector, surpassing stolen credentials. This shift affects organizations of all sizes and industries, emphasizing the need for robust vulnerability management. To mitigate this risk, prioritize vulnerability patching and implement a comprehensive security strategy.

Nordex Wind Turbine SQL Injection

A high-severity SQL injection vulnerability has been discovered in the Nordex N149/4.0-4.5 Wind Turbine Web Server, allowing unauthenticated attackers to execute arbitrary SQL queries and bypass authentication mechanisms. Users of the affected wind turbine web server are advised to take immediate action to mitigate the vulnerability. Aff

Azerbaijani Oil Firm Hit by Microsoft Exchange Exploit

An Azerbaijani oil and gas company was targeted by a Chinese-affiliated threat actor in a multi-wave intrusion between December 2025 and February 2026. The attack, attributed to the FamousSparrow hacking group, exploited Microsoft Exchange vulnerabilities. Affected organizations should review their Exchange server security and apply patches.

China-Linked APT Targets Energy Firm

A China-linked advanced persistent threat (APT) group, known as FamousSparrow, has launched repeated attacks on an Azerbaijani oil

Ingecon EMS Board Vulnerability

A critical vulnerability has been discovered in the Ingecon Sun EMS Board, affecting its local SAT access functionality. The vulnerability allows for insecure generation of access credentials, potentially enabling privilege escalation attacks. Users of the Ingecon Sun EMS Board should take immediate action to secure their systems.

Lotus Wiper Malware Targets Energy

A recent analysis of the Lotus Wiper malware has revealed its use of sophisticated living-off-the-land (LotL) techniques to target Venezuelan energy firms and utilities, resulting in widespread data deletion. The malware's tactics, techniques, and procedures (TTPs) indicate a high level of planning and execution. Organizations in the energy sector should be vigilant and take proactive measures to protect against similar attacks.

Itron Cybersecurity Incident

Itron, a leading provider of energy and water management solutions, has experienced a cybersecurity incident involving unauthorized access to its systems, which was detected on April 13. This incident may have implications for the utilities and cities that rely on Itron's services. Affected parties are advised to exercise caution and monitor their systems for potential

Malware Threats Emerge

Multiple malware threats have been discovered, including a new spyware linked to IPS Intelligence and a wiper targeting the energy sector. These threats affect various industries and individuals, particularly those using iPhones and energy-related systems. Users are advised to exercise caution and implement security updates to protect against these emerging threats.

Lotus Wiper Malware

A new wiper malware, dubbed Lotus Wiper, has been discovered targeting the Venezuelan energy sector. The