VulnHub

Real-time Cybersecurity News

Cyberattacks Disrupt Communications at Wind, Solar, and Heat Facilities in Poland

Security Affairs
Actively Exploited
Critical

Overview

On December 29, 2025, Poland experienced a wave of cyberattacks that targeted more than 30 wind and solar farms, a manufacturing facility, and a significant combined heat and power (CHP) plant. This CHP plant is crucial as it supplies heat to nearly 500,000 residents. CERT Polska reported that these coordinated attacks disrupted operations, raising concerns about the security of renewable energy sources and critical infrastructure. The impact of these attacks could have far-reaching consequences, not only affecting energy supply but also potentially leading to economic losses and undermining public trust in energy providers. As the world moves towards greener energy solutions, safeguarding these facilities from cyber threats is increasingly important.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Wind farms, solar farms, manufacturing company, combined heat and power plant
  • Timeline: Newly disclosed

Original Article Summary

CERT Polska said cyberattacks hit 30+ wind and solar farms, a manufacturer, and a major CHP plant supplying heat to nearly 500,000 people. On December 29, 2025, Poland faced coordinated cyberattacks targeting over 30 wind and solar farms, a manufacturing company, and a major heat and power plant serving nearly 500,000 people, CERT Polska reported. […]

Impact

Wind farms, solar farms, manufacturing company, combined heat and power plant

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos

SecurityWeek

360 Digital Security Group, a Chinese cybersecurity firm, claims to have identified 1,000 vulnerabilities using artificial intelligence. This includes findings from the Tianfu Cup hacking contest, which is known for showcasing talent in cybersecurity. The firm's assertion raises eyebrows as it draws comparisons to previous claims made by Claude Mythos, a controversial figure in the cybersecurity space. The significance of these findings lies in the potential implications for software and systems security, as vulnerabilities can be exploited by malicious actors. Companies and developers should take note of these claims and assess their products for the identified vulnerabilities to bolster their defenses.

Apr 23, 2026

If cyber espionage via HDMI worries you, NCSC built a device to stop it

Help Net Security

The National Cyber Security Centre (NCSC) has introduced a new device called SilentGlass, aimed at preventing cyber espionage through HDMI and DisplayPort connections. This plug-and-play tool addresses concerns that monitors can be exploited by attackers to access sensitive data, as they often process and store such information. By securing these display links, SilentGlass provides a protective measure for governments and businesses against potential cyber threats. The NCSC emphasizes the need for enhanced security in this area, given the increasing risks posed by malicious activities targeting display devices. This development is particularly relevant as organizations look for effective ways to safeguard their data from evolving cyber threats.

Apr 23, 2026

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

SecurityWeek

Recent research from Abnormal AI indicates a shift in how cyber attackers operate. Instead of relying on technical exploits, they are now targeting established workflows and the trust that exists within organizations. This means that attackers are using social engineering tactics to manipulate employees into compromise, effectively weaponizing the very relationships that businesses rely on. This trend raises concerns for companies as it highlights the vulnerability of internal processes and trust dynamics. Organizations need to reassess their security measures to address this evolving threat, as traditional defenses may not be sufficient to combat these new tactics.

Apr 23, 2026

AI-driven attacks target governments, cloud agents, supply chains

SCM feed for Latest

Recent research from OWASP reveals that AI-driven attacks are increasingly targeting critical sectors, including government agencies, cloud service providers, and supply chains. These sophisticated attacks leverage artificial intelligence to automate and enhance their effectiveness, making them harder to detect and prevent. The impact of these attacks is significant, as they can compromise sensitive data and disrupt essential services. Organizations in the affected sectors need to be vigilant and adopt stronger security measures to defend against these evolving threats. As AI technology continues to advance, the risk of such attacks is likely to grow, necessitating a proactive approach to cybersecurity.

Apr 23, 2026

Cyber-Attacks Surge 63% Annually in Education Sector

Infosecurity Magazine

According to a report from Quorum Cyber, educational institutions, both higher and further education, have seen a significant rise in cyber-attacks, with incidents increasing by 63% over the past year. This surge in attacks poses serious risks to the sensitive data of students and staff, as well as the integrity of educational operations. Cybercriminals are increasingly targeting schools and universities, exploiting vulnerabilities that may arise from outdated systems or inadequate security measures. The findings serve as a wake-up call for educational institutions to bolster their cybersecurity defenses and protect against potential breaches. As these attacks grow more frequent, the need for proactive security measures becomes even more urgent.

Apr 23, 2026

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

SecurityWeek

Researchers at Palo Alto Networks have introduced a new tool named Zealot, designed for penetration testing in cloud environments. This AI-driven system can perform tasks such as reconnaissance, exploitation, and data exfiltration with minimal human intervention. The implications of this technology are significant, as it could potentially enable attackers to automate hacking processes, making it easier for them to compromise cloud systems. Companies that rely on cloud infrastructure should be aware of this development, as it raises concerns about the security of their data and systems. The ability of AI to autonomously conduct cyberattacks underscores the need for enhanced security measures and vigilance in cloud environments.

Apr 23, 2026