Solar Inverters Just Became a Power Grid Kill Switch

When green energy becomes your greatest vulnerability...

Researchers have discovered critical security flaws in the world's leading solar inverters that could allow attackers to orchestrate coordinated blackouts. Meanwhile, your employees are already deploying AI tools throughout your organization—not with IT's approval, but on their own—creating an unmanaged security blind spot that's growing by the day.

This issue is brought to you with support from HPE Aruba Networking.

Now, let's dive in...

Sunlight to Sabotage: How Your Solar Panels Could Take Down the Grid

Forescout's security research team has uncovered a staggering 46 new vulnerabilities across three of the world's top 10 solar inverter manufacturers: Sungrow, Growatt, and SMA. These critical flaws allow attackers to remotely commandeer solar power systems, manipulate energy output, and even trigger coordinated grid disruptions that could lead to widespread blackouts.

Why it matters: The collective impact of residential and commercial solar systems has reached a tipping point where security flaws can have cascading effects on entire power grids. When hospitals lose power to critical equipment, families go without heat or air conditioning during extreme weather, and businesses shut down, this isn't just a cybersecurity issue—it's a public safety crisis.

Between the lines: The most alarming aspect isn't just the number of vulnerabilities—it's their severity. Of the 93 previously disclosed vulnerabilities in solar power systems over the past three years, 80% were classified as high or critical severity. Nearly one-third had the highest possible CVSS scores (9.8–10), essentially giving attackers full control over affected systems. This pattern reveals systemic security failures across the entire solar ecosystem.

By the numbers:

• 46 new vulnerabilities discovered across just three major vendors

• 80% of previously disclosed solar system vulnerabilities classified as high or critical

• 53% of solar inverter manufacturers are based in China

• 58% of storage system providers originate from China

• 10 solar power system vulnerabilities are discovered on average each year

The bottom line: Your green energy investment might be keeping the environment safe, but without proper security measures, it's creating new attack vectors for critical infrastructure. In the rush to adopt renewable energy technologies, security has clearly been an afterthought.

What you should do:

• Implement strict security requirements when procuring solar equipment

• Ensure all solar inverter firmware is updated to the latest patched versions

• Segment solar systems into monitored sub-networks isolated from critical systems

• Conduct regular security assessments of all renewable energy components

• Enforce multi-factor authentication for all solar monitoring platforms

• Consider the geopolitical implications of your renewable energy supply chain

Shadow AI Enters the Chat: Your Employees Already Deployed It

You thought your AI strategy was in the planning phase? Your teams already hit "launch." Quietly. Without asking.

What's happening: According to Gartner, employees across nearly every industry are using generative AI tools like ChatGPT, Gemini, and Claude to write emails, summarize docs, code scripts, and make decisions. Not with IT's approval—on their own. It's a growing trend Gartner calls "Shadow AI." And just like Shadow IT before it, it's now an unmanaged, unmonitored security and compliance risk.

The big picture: Shadow AI isn't just risky because of what it can do—it's risky because you don't know it's doing it. Employees are connecting AI tools to internal data, uploading customer files, even letting browser agents take actions—all without oversight. Some orgs are already seeing data leakage and compliance violations traced back to "helpful" AI plug-ins.

Yes, but: Banning AI tools outright won't work. Gartner makes it clear: employees won't stop using AI—they'll just hide it better. The smart move? Shift from prohibition to governance. Offer sanctioned tools, create usage guidelines, and surface activity before it becomes a breach.

The bottom line: If you don't have a BYOAI policy yet, stop and fix it. Shadow AI isn't theoretical—it's deployed, distributed, and growing. You don't need to panic, but you do need to start treating AI like the powerful, risky tool it is.

Quick wins:

• Audit browser extensions and VPN logs for unauthorized AI usage

• Launch a "safe list" of approved AI tools and clear guidelines for use

• Offer employees a formal way to request AI tools and use cases

• Run workshops on what not to do with generative AI (e.g., uploading sensitive data)

1. Oracle Cloud Breach Escalates as Hacker Threatens to Sell Data

The threat actor claiming responsibility for the Oracle Cloud breach is now threatening to release or sell stolen data affecting an estimated 140,000 cloud tenants. Security researchers from multiple firms, including Trustwave SpiderLabs and CloudSEK, have provided evidence supporting the breach claims, potentially linked to CVE-2021-35587, a critical vulnerability in Oracle Access Manager with a CVSS score of 9.8.

Our take: Oracle's initial denial and subsequent silence represent a case study in how not to handle breach communications. The incident demonstrates how cloud providers' security issues can cascade to affect thousands of downstream customers, underscoring the importance of third-party risk management for cloud services.

2. EU Commits $1.4 Billion to AI, Cybersecurity and Digital Skills

The European Commission announced a substantial 1.3 billion euro ($1.4 billion) investment in artificial intelligence, cybersecurity, and digital skills through its Digital Europe Programme for 2025 to 2027. European Commission digital chief Henna Virkkunen emphasized that "securing European tech sovereignty starts with investing in advanced technologies."

Our take: The EU continues to position itself as a regulatory and investment leader in AI governance. This funding signals Europe's strategic intent to develop sovereign technological capabilities rather than relying solely on innovations from the US and China.

3. Threat Actor Leaks 270,000 Samsung Customer Records

A hacker operating under the name 'GHNA' has published approximately 270,000 customer records allegedly stolen from Samsung Germany's ticketing system. The breach occurred using credentials from a third-party vendor (Spectos GmbH) that were compromised in 2021 but never rotated. The leaked data includes names, addresses, email addresses, transaction information, and support interactions.

Our take: This breach highlights the critical danger of "credential debt" – compromised access that remains valid for years after the initial theft. Organizations must implement credential rotation policies and regularly audit third-party access, especially for dormant accounts.

I collect what's free but sell what's essential,
I convert one form to another without losing potential.
When healthy, I'm invisible, but when compromised, cities can fall.
I'm increasingly distributed, yet central to all.

What am I?

Think you know the answer? Reply with your guess! We'll reveal the solution in our next issue. (Hint: This week's Signal Boost section might point you in the right direction).

Last week's answer: Lateral movement! Just like a cybercriminal who arrives quickly in your network (in 51 seconds!), moves sideways rather than forward, and borrows legitimate credentials to avoid detection, lateral movement techniques can take months to fully detect and remediate.

That's a wrap for this edition of The Packet Pulse. If you found value in these insights, forward this to a colleague who still thinks "But it's a green energy solution!" is an adequate security posture.

In cybersecurity, yesterday's innovations become tomorrow's vulnerabilities when security isn't designed in from the start.

Stay connected,
The Packet Pulse Team