Some Mondays are worse than others, but April 28 2025 was particularly bad for millions of people in Spain and Portugal. Starting just after noon, a number of significant grid oscillations occurred which would worsen over the course of minutes until both countries were plunged into a blackout. After a first substation tripped, in the span of only a few tens of seconds the effects cascaded across the Iberian peninsula as generators, substations, and transmission lines tripped and went offline. Only after the HVDC and AC transmission lines at the Spain-France border tripped did the cascade stop, but it had left practically the entirety of the peninsula without a functioning power grid. The event is estimated to have been the biggest blackout in Europe ever.

Following the blackout, grid operators in the affected regions scrambled to restore power, while the populace tried to make the best of being plummeted suddenly into a pre-electricity era. Yet even as power gradually came back online over the course of about ten hours, the question of what could cause such a complete grid collapse and whether it might happen again remained.

With recently a number of official investigation reports having been published, we have now finally some insight in how a big chunk of the European electrical grid suddenly tipped over.

Oscillations

Electrical grids are a rather marvelous system, with many generators cooperating across thousands of kilometers of transmission lines to feed potentially millions of consumers, generating just enough energy to meet the amount demanded without generating any more. Because physical generators turn more slowly when they are under heavier load, the frequency of the AC waveform has been the primary coordination mechanism across power plants. When a plant sees a lower grid frequency, it is fueled up to produce more power, and vice-versa. When the system works well, the frequency slowly corrects as more production comes online.

The greatest enemy of such an interconnected grid is an unstable frequency. When the frequency changes too quickly, plants can’t respond in time, and when it oscillates wildly, the maximum and minumum values can exceed thresholds that shut down or disconnect parts of the power grid.

In the case of the Iberian blackout, a number of very significant oscillations were observed in the Spanish and Portuguese grids that managed to also be observable across the entire European grid, as noted in an early analysis (PDF) by researchers at Germany’s Friedrich-Alexander-Universität (FAU).
European-wide grid oscillations prior to the Iberian peninsula blackout. (Credit: Linnert et al., FAU, 2025)
This is further detailed in the June 18th report (direct PDF link) by Spain’s Transmission System Operator (TSO) Red Eléctrica (REE). Much of that morning the grid was plagued by frequency oscillations, with voltage increases occurring in the process of damping said oscillations. None of this was out of the ordinary until a series of notable events, with the first occurring after 12:02 with an 0.6 Hz oscillation repeatedly forced by a photovoltaic (PV) solar plant in the province of Badajoz which was feeding in 250 MW at the time. After stabilizing this PV plant the oscillation ceased, but this was followed by the second event with an 0.2 Hz oscillation.

After this new oscillation was addressed through a couple of measures, the grid was suffering from low-voltage conditions caused by the oscillations, making it quite vulnerable. It was at this time that the third major event occurred just after 12:32, when a substation in Granada tripped. The speculation by REE being that its transformer tap settings had been incorrectly set, possibly due to the rapidly changing grid conditions outpacing its ability to adjust.

Subsequently more substations, solar- and wind farms began to go offline, mostly due to a loss of reactive power absorption causing power flow issues, as the cascade failure outpaced any isolation attempts and conventional generators also threw in the towel.

Reactive Power

Grid oscillations are a common manifestation in any power grid, but they are normally damped either with no or only minimal interaction required. As also noted in the earlier referenced REE report, a big issue with the addition of solar generators on the grid is that these use grid-following inverters. Unlike spinning generators that have intrinsic physical inertia, solar inverters can rapidly follow the grid voltage and thus do not dampen grid oscillations or absorb reactive power. Because they can turn on and off essentially instantaneously, these inverters can amplify oscillations and power fluctuations across the grid by boosting or injecting oscillations if the plants over-correct.

In alternating current (AC) power systems, there are a number of distinct ways to describe power flow, including real power (Watt), complex power (VA) and reactive power (var). To keep a grid stable, all of these have to be taken into account, with the reactive power management being essential for overall stability. With the majority of power at the time of the blackout being generated by PV solar farms without reactive power management, the grid fluctuations spun out of control.

Generally, capacitors are considered to create reactive power, while inductors absorb it. This is why transformer-like shunt reactors – a parallel switchyard reactor – are an integral part of any modern power grid, as are the alternators at conventional power plants which also absorb reactive power through their inertia. With insufficient reactive power absorption capacity, damping grid oscillations becomes much harder and increases the chance of a blackout.

Ultimately the cascade failure took the form of an increasing number of generators tripping, which raised the system voltage and dropped the frequency, consequently causing further generators and transmission capacity to trip, ad nauseam. Ultimately REE puts much of the blame at the lack of reactive power which could have prevented the destabilization of the grid, along with failures in voltage control. On this Monday PV solar in particular generated the brunt of grid power in Spain at nearly 60%.
Generating mix in Spain around the time of the blackout. (Credit: ENTSO-E)

Not The First Time

Despite the impression one might get, this wasn’t the first time that grid oscillations have resulted in a blackout. Both of the 1996 Western North America blackouts involved grid oscillations and a lack of reactive power absorption, and the need to dampen grid oscillations remains one of the highest priorities. This is also where much of the criticism directed towards the current Spanish grid comes from, as the amount of reactive power absorption in the system has been steadily dropping with the introduction of more variable renewable energy (VRE) generators that lack such grid-stabilizing features.

To compensate for this, wind and solar farms would have to switch to grid-forming inverters (GFCs) – as recommended by the ENTSO-E in a 2020 report – which would come with the negative effect of making VREs significantly less economically viable. Part of this is due to GFCs still being fairly new, while there is likely a strong need for grid-level storage to be added to any GFC in order to make especially Class 3 fully autonomous GFCs work.

It is telling that five years after the publication of this ENTSO-E report not much has changed, and GFCs have not yet made inroads as a necessity for stable grid operation. Although the ENTSO-E’s own investigation is still in progress with a final report not expected for a few more months at least, in light of the available information and expert reports, it would seem that we have a good idea of what caused the recent blackout.

The pertinent question is thus more likely to be what will be done about it. As Spain and Portugal move toward a power mix that relies more and more heavily on solar generation, it’s clear that these generators will need to pick up the slack in grid forming. The engineering solution is known, but it is expensive to retrofit inverters, and it’s possible that this problem will keep getting kicked down the road. Even if all of the reports are unanimous in their conclusion as to the cause, there are unfortunately strong existing incentives to push the responsibility of avoiding another blackout onto the transmission system operators, and rollout of modern grid-forming inverters in the solar industry will simply take time.

In other words, better get used to more blackouts and surviving a day or longer without power.

hackaday.com/2025/06/30/the-20…

Nel mese di aprile 2025, una valvola idraulica di una diga norvegese è stata forzatamente aperta da remoto per diverse ore, a seguito di un attacco informatico mirato. L’episodio, riportato solo di recente da Hackread, ha riacceso i riflettori sulla fragilità dei sistemi OT (Operational Technology), un ambito critico ma ancora troppo spesso trascurato nella cybersecurity moderna.

Secondo le prime ricostruzioni, ignoti attori sono riusciti a violare il sistema di controllo della diga forzando l’apertura di una valvola di scarico per quasi tre ore, causando un flusso d’acqua incontrollato. La polizia norvegese ha confermato la natura deliberata dell’azione, scartando fin da subito malfunzionamenti accidentali. Fortunatamente, l’attacco non ha provocato danni a persone o infrastrutture a valle, ma ha evidenziato quanto possa essere concreta e pericolosa una minaccia informatica nei confronti dei sistemi SCADA.

Gli attacchi a infrastrutture critiche non sono una novità. In passato, casi celebri come Stuxnet, il blackout ucraino del 2015 o le campagne mirate in Medio Oriente avevano già dimostrato quanto i sistemi ICS (Industrial Control Systems) fossero esposti. Tuttavia, ciò che cambia oggi è il livello di accessibilità a queste tecnologie e la mancanza di segregazione tra rete IT e rete OT.

Molti dispositivi SCADA, Programmable Logic Controller (PLC) e HMI (Human Machine Interface) sono esposti su Internet o malconfigurati, spesso privi di aggiornamenti o autenticazione robusta. Una condizione che può trasformare un semplice ricognitore OSINT in un attore capace di interagire con impianti fisici reali.

GhostSec: “Gli ICS sono come giocattoli nelle mani dei cyber attivisti”

Proprio su RedHot Cyber, poche settimane fa, abbiamo intervistato in esclusiva l’admin del gruppo hacktivista GhostSec. Nel dialogo, l’attore ha sottolineato come i sistemi industriali, e in particolare i dispositivi SCADA, siano da tempo nel mirino del gruppo:

Ciò che ci attira è l’impatto visibile. L’idea che un click possa spegnere una pompa dell’acqua o attivare un allarme industriale è molto potente. È simbolico.
(GhostSec, intervista RHC – giugno 2025)

Questa affermazione, ora più che mai, suona come un sinistro presagio. L’attacco alla diga norvegese potrebbe non essere un caso isolato ma un segnale d’allarme su un trend in crescita, dove gruppi ideologici o statali cercano visibilità tramite azioni dirette su infrastrutture critiche.

L’urgenza di proteggere il mondo OT

Il caso norvegese deve fungere da sveglia per i responsabili della sicurezza OT. Le misure di protezione – segmentazione di rete, aggiornamenti firmware, MFA, monitoraggio continuo e simulazioni di attacco – non possono più essere rimandate. È tempo di considerare i sistemi OT non più come entità isolate, ma come parte integrante del perimetro cyber aziendale.

Serve una strategia nazionale ed europea, un quadro normativo più rigido, e una cultura della sicurezza che coinvolga sia tecnici OT che specialisti IT, ancora troppo spesso scollegati nei processi decisionali.

Conclusioni

L’attacco informatico alla diga norvegese non è solo un atto di sabotaggio: è un campanello d’allarme globale. In un’epoca in cui l’interconnessione tra IT e OT è totale, l’illusione di sicurezza non basta più. Serve consapevolezza, collaborazione e azione.

Ne parleremo ancora, su RedHot Cyber.

Fonte: hackread.com/norwegian-dam-val…

L'articolo Cyberattack in Norvegia: apertura forzata della diga evidenzia la vulnerabilità dei sistemi OT/SCADA proviene da il blog della sicurezza informatica.

KIA ORA. IT'S MONDAY, AND THIS IS DIGITAL POLITICS. I'm Mark Scott, and this week's edition comes to you from New Zealand. I'm taking a couple weeks off, so the next newsletter will hit your inboxes on July 14.

I'm trying something different this week.

Ahead of the 2024 global megacycle of elections, I had the idea of explaining the links between the digital tactics that have now become all too common in how politicians get elected from Pakistan and Portugal to the United Kingdom and the United States.

Life, however, got in the way. (The best I did was this package around artificial intelligence, disinformation and elections.) So, I'm taking another crack at how we all now live in the Fake News Factory.

Let's get started:

digitalpolitics.co/newsletter0…

In the 1980s, there was a truly staggering amount of choice for a consumer looking to purchase a home computer. On the high end, something like an Apple Lisa, a business-class IBM PC, or a workstation from Sun Microsystems could easily range from $6,000 to $20,000 (not adjusted for inflation). For the time, these mind-blowing prices might have been worth the cost, but for those not willing to mortgage their homes for their computing needs, there were also some entry-level options. One of these was the Sinclair ZX-80, which was priced at an astounding $100, which caused RadioShack to have a bit of a panic and release this version of the TRS-80 computer to compete with it.

As [David] explains in his deep dive into this somewhat obscure machine, the TRS-80 MC-10 was a commercial failure, although not for want of features. It had a color display, a chicklet keyboard, and 4K of RAM, which were all things that the ZX-80 lacked.

Unfortunately, it also had a number of drawbacks compared to some of its other contemporaries that made consumers turn away. Other offerings by Commodore, Atari, Texas Instruments, and even RadioShack themselves were only marginally more expensive and had many more features, including larger memory and better storage and peripheral options, so most people chose these options instead.

The TRS-80 MC-10 is largely a relic of the saturated 80s home computer market. It’s drop in price to below $50, and the price competition between other PC manufacturers at the time was part of the reason for the video game crash of the 1980s, and even led to Steve Jobs getting fired from Apple. There’s not a huge retro scene for these machines either (although there’s at least one game developer you can see in the video below from [Spriteworx]). If you want to experiment with some of the standard TRS-80 software, there are emulators that have everything you need.

youtube.com/embed/YcUABR1f-yo?…

Thanks to [Stephen] for the tip!

hackaday.com/2025/06/30/behind…

E’ stata rilevata una nuova serie di attacchi informatici dai tecnici specialisti di ESET, che vede come protagonista il settore dei pagamenti contactless con tecnologia NFC. Inizialmente questo tipo di attacco era stato individuato fra i clienti delle banche della Repubblica Ceca, ma al momento risulta essere in rapida espansione su scala mondiale.

Secondo l’ultimo ESET Threat Report relativo al primo semestre del 2025, il numero di attacchi NFC è aumentato di 35 volte rispetto alla fine del 2024. Questo aumento allarmante dimostra la rapidità con cui i criminali stanno sfruttando le vulnerabilità della tecnologia alla base dei pagamenti contactless, che funziona trasmettendo dati a distanze di pochi centimetri tramite segnali radio.

Mentre il mercato NFC continua a crescere rapidamente (si prevede che le sue dimensioni aumenteranno da 21,69 miliardi di dollari nel 2024 a 30,55 miliardi di dollari entro il 2029), i meccanismi di sicurezza sviluppati in precedenza, come la crittografia e la tokenizzazione, stanno iniziando a cedere il passo ad aggressori sofisticati.

E’ stato ESET a evidenziare che il nuovo schema unisce tecniche tradizionali di ingegneria sociale, malware Android e phishing a uno strumento inizialmente progettato per la ricerca universitaria, noto come NFCGate. Gli studenti dell’Università Tecnica di Darmstadt avevano originariamente creato questo progetto per testare in modo sicuro la tecnologia NFC, tuttavia è stato ben presto adottato dai criminali con il nome di NGate.

L’attacco inizia con l’invio di SMS con link di phishing a falsi siti web bancari. Tramite questi, alla vittima viene chiesto di installare un’applicazione web progressiva (PWA), che bypassa i controlli dell’app store e viene installata senza avvisi di sicurezza. Dopo aver inserito login e password, i truffatori ottengono l’accesso al conto bancario e contattano telefonicamente la vittima, fingendosi impiegati di banca. Con questo pretesto, la vittima viene convinta a installare il malware NGate, presumibilmente per proteggere il conto.

Questo virus utilizza NFCGate per intercettare i dati della carta di credito quando la vittima la avvicina al proprio smartphone. Le informazioni ottenute consentono agli aggressori di emulare la carta sul proprio dispositivo ed effettuare pagamenti o prelevare contanti senza lasciare traccia.

In seguito è comparsa anche una variante dell’attacco, chiamata Ghost Tap. In questo caso, i dati delle carte rubate e i codici di conferma monouso vengono collegati ai portafogli elettronici degli aggressori, come Apple Pay o Google Pay. Ciò consente loro di organizzare transazioni fraudolente di massa tramite pagamenti contactless. Come sottolineano gli esperti, tali schemi possono essere implementati utilizzando intere farm di dispositivi Android, dove i dati compromessi vengono caricati in massa.

Nonostante l’elevata complessità degli attacchi, gli utenti possono ridurre significativamente il rischio adottando semplici precauzioni. ESET sottolinea l’importanza di non cliccare su link sospetti o di installare applicazioni da fonti dubbie. Si raccomanda inoltre di impostare limiti minimi per i pagamenti contactless e di utilizzare custodie protettive o carte con funzione di blocco RFID per impedire la lettura non autorizzata dei dati.

L'articolo Aumentano gli attacchi informatici ai pagamenti contactless NFC, nuova minaccia globale proviene da il blog della sicurezza informatica.

NUNATAK numero 75 (Inverno 2024-2025) è una rivista che affronta tematiche legati ai territori montani con un approccio critico e anti-capitalista. Il filo conduttore del numero sono le "cicatrici" - segni indelebili lasciati sui territori alpini dallo sfruttamento turistico, edilizio e industriale, ma anche ferite nella memoria collettiva delle comunità montane. #rivista #iyezine #inyoureyesezine #iyezine.com #Nunatak
#Cicatrici
#TerritoriMontani
#CriticaSociale
#Anticapitalismo
#Olimpiadi2026
#ImpattoAmbientale
#ResistenzaComunitaria
#SaperiTradizionali
#LotteIndigene
#AlpiItaliane
#TurismoSostenibile
#MemoriaCollettiva
#AlternativeAlModelloDominante

iyezine.com/nunatak-numero-75

NUNATAK numero 75 - In Your Eyes ezine

NUNATAK numero 75 esplora le cicatrici dei territori montani, criticando il turismo e proponendo resistenza e alleanze per un futuro sostenibile.

^{Simone Benerecetti (In Your Eyes ezine)}

For those of us who aren’t blessed with a green thumb and who are perhaps a bit forgetful, plants can be surprisingly difficult to keep alive. In those cases, some kind of automation, such as [Justin Buchanan]’s Oasis smart terrarium, is a good way to keep our plants from suffering too much.

The Oasis has an ultrasonic mister to water the plants from a built-in tank, LED grow lights, fans to control airflow, and a temperature and humidity sensor. It connects to the local WiFi network and can set up recurring watering and lighting schedules based on network time. Most of the terrarium is 3D-printed, with a section of acrylic tubing providing the clear walls. Before installing the electronics, it’s a good idea to waterproof the printed parts with low-viscosity epoxy, particularly since the water tank is located at the top of the terrarium, where a leak would drip directly onto the control electronics.

An ESP32-C3 controls the terrarium; it uses a MOSFET circuit to drive the ultrasonic mister, an SHT30 sensor to measure humidity and temperature, and a PWM driver circuit to control the LEDs. Conveniently, [Justin] also wrote a piece of command-line client software that can find online terrariums on the local network, configure WiFi, set the terrarium’s schedule, control its hardware, and retrieve data from its sensors. Besides this, Oasis also exposes a web interface that performs the same functions as the command-line client.

This isn’t the first automated terrarium we’ve seen, though it is the most aesthetically refined. They aren’t just for plants, either; we’ve seen a system to keep geckos comfortable.

hackaday.com/2025/06/30/preser…