The rapid expansion of electric vehicle (EV) charging infrastructure introduces complex cybersecurity challenges across hardware, software, network, and cloud layers. This review paper synthesizes existing research, standards, and documented incidents to identify critical vulnerabilities and propose layered mitigation strategies. We present a structured threat taxonomy based on the STRIDE model, enriched with real-world attack vectors and mapped to mitigation controls. Our analysis spans physical tampering, insecure firmware updates, protocol-level flaws in OCPP and ISO 15118, and cloud misconfigurations. While prior studies often focus on isolated domains, this work unifies fragmented insights into a cohesive framework. We highlight gaps in current literature, such as inconsistent adoption of secure protocols and limited validation of EVSE identity formats. By aligning threats with industry standards (SAE J3061, NIST CSF, IEC 62443) and scoring risks using CVSS v3.1, we offer a practical roadmap for manufacturers, operators, and policymakers. The paper concludes with recommendations for future research, including experimental validation, blockchain-based audit trails, and AI-driven anomaly detection.