With the tight couplings between the power grid and communication networks, smart grid is vulnerable to cyber-physical attacks, which can inject imperceptive perturbations to cause cascading failures. Nevertheless, as a dynamic and evolving process, it remains challenging to precisely lock the susceptible components that initiate a cascading event. To address this issue, we formulate a bi-level optimization problem in the context of cyber-physical attacks to model the attacker-operator adversarial game and generate an optimal attack strategy for electricity vulnerability assessments. Specifically, we merge the electrical overloading, topological proximity and outage correlations to construct a dense overload subgraph, which is critical for cascading propagation, by making use of fractional program to capture the density of subgraph with maximum average degree. We then compute exact solutions by adopting multiple linearization techniques to convert this bi-level fractional program into a mixed-integer linear program. Numerical studies in IEEE different-scale power systems verify the effectiveness of our model in understanding the cascading risk for a smart grid.