This paper presents a synchrophasor‐based real‐time cyber‐physical power system testbed with a novel security evaluation tool, pySynphasor, that can emulate different real attack scenarios on the phasor measurement unit (PMU). The testbed focuses on real‐time cyber‐security emulation using different components, including a real‐time digital simulator, virtual machines (VM), a communication network emulator, and a packet manipulation tool. The script‐based VM deployment and software‐defined network emulation facilitate a highly scalable cyber‐physical testbed, which enables emulations of a real power system under different attack scenarios such as address resolution protocol (ARP) poisoning attack, man‐in‐the‐middle (MITM) attack, false data injection attack (FDIA), and eavesdropping attack. An open‐source pySynphasor module has been implemented to analyse the security vulnerabilities of the IEEE C37.118.2 protocol. The paper also presents an interactive framework for injecting false data into a realistic system utilising the pySynphasor module, which can dissect and reconstruct the C37.118.2 packets. Therefore, it expands the potential of testing and developing PMU‐based systems and analysing their security vulnerabilities, benefiting the power industry and academia. A case study demonstrating the FDIA attack on the PMU measurements and the bad‐data detection technique is presented as an example of the testbed capability.