The Containment Era is here. →Explore

aviatrix logoAviatrix
Under Active Attack
Industry Category

Building Materials

Breach intelligence, attack campaigns, and threat reports targeting the Building Materials sector.

4 threat reports
Page 1 of 1

Explore Other Sectors

Accounting
Aerospace/Aviation
Agriculture
Airlines/Aviation
Animation
Apparel/Fashion
Architecture/Planning
Artificial Intelligence
Artificial Intelligence/Machine Learning
Arts/Crafts
Automotive
Aviation/Aerospace
Banking/Mortgage
Biotechnology/Greentech
Blockchain/Cryptocurrency
Broadcast Media
Broadcasting Media
Broadcasting/Media
Building Materials
Business Supplies/Equipment
Capital Markets/Hedge Fund/Private Equity
Chemical
Chemicals
Civic/Social Organization
Civil Engineering
Cloud Computing
Cloud Computing/SaaS
Cloud Services
Commercial Facilities
Commercial Real Estate
Computer Games
Computer Hardware
Computer Networking
Computer Software/Engineering
Computer/Network Security
Construction
Consulting
Consumer Electronics
Consumer Goods
Consumer Services
Cosmetics
Cosmetics
Critical Manufacturing
Cryptocurrencies
Customer Services
Cybersecurity
Dairy
Dating/Personal Services
Defense/Space
Design
E-Learning
Education Management
Electrical/Electronic Manufacturing
Emergency Services
Energy
Energy/Oil/Solar/Greentech
Entertainment/Movie Production
Environmental Services
Events Services
Facilities Services
Farming
Fashion/Apparel
Financial Services
Fine Art
Fishery
Food Production
Food/Beverages
Fortune 500 companies
Franchising
Fundraising
Gambling/Casinos
Gaming
Gaming/Casinos
Government Administration
Government Facilities
Government Relations
Graphic Design/Web Design
Health Care / Life Sciences
Higher Education/Acadamia
Hospitality
Human Resources/HR
Import/Export
Individual/Family Services
Industrial Automation
Information Services
Information Technology/IT
Insurance
International Affairs
International Trade/Development
Internet
Investment Banking/Venture
Investment Management/Hedge Fund/Private Equity
Judiciary
Law Enforcement
Law Practice/Law Firms
Legal Services
Legislative Office
Leisure/Travel
Logistics/Procurement
Luxury Goods/Jewelry
Machinery
Management Consulting
Manufacturing
Maritime
Marketing/Advertising/Sales
Mechanical or Industrial Engineering
Media Production
Medical Equipment
Medical Practice
Military Industry
Mining/Metals
Mobile
Museums/Institutions
Music
Newspapers/Journalism
Non-Profit/Volunteering
Oil/Energy/Solar/Greentech
Online Publishing
Outsourcing/Offshoring
Package/Freight Delivery
Parking
Pharmaceuticals
Philanthropy
Photography
Plastics
Political Organization
Primary/Secondary Education
Professional Training
Public Relations/PR
Public Safety
Publishing Industry
Railroad Manufacture
Real Estate/Mortgage
Recreational Facilities/Services
Religious Institutions
Renewables/Environment
Research Industry
Restaurants
Retail Industry
Robotics
Rural Healthcare
Security/Investigations
Semiconductors
Sporting Goods
Sports
Staffing/Recruiting
Supermarkets
Technology
Technology/IT
Telecommunications
Think Tanks
Toys and Games
Transportation
Travel/Tourism
Trucking/Freight
Utilities
Venture Capital/VC
Warehousing
Water and Wastewater
Water and Wastewater Systems
Water and Wastewater Treatment
Water, Waste, Steam, and Air Conditioning Services
Water/Wastewater Management
Water/Wastewater/Utilities
Wholesale
Wireless

Building Materials Threat Reports

Showing 14 / 4 reports
Schneider Electric's EcoStruxure Machine Expert HVAC Vulnerability: CVE-2026-6332
Impact· HIGH
Utilities

Schneider Electric's EcoStruxure Machine Expert HVAC Vulnerability: CVE-2026-6332

In May 2026, Schneider Electric disclosed a vulnerability (CVE-2026-6332) in its EcoStruxure Machine Expert HVAC software versions prior to 1.10.0. This flaw involves the cleartext storage of sensitive information, potentially exposing protected source code when accessed by authorized users for editing or compiling. Such exposure could lead to a loss of confidentiality and unauthorized disclosure of proprietary logic and operational details. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2026-6332?utm_source=openai)) This incident underscores the critical importance of securing engineering workstations and programming environments in industrial settings. As industrial control systems become increasingly interconnected, ensuring the confidentiality and integrity of source code is paramount to prevent potential reconnaissance and exploitation by malicious actors.

3 weeks ago

Kill Chain

IC
Initial Compromise(medium)
PE
Privilege Escalation(medium)
LM
Lateral Movement(low)
C&C
Command & Control(low)
E
Exfiltration(medium)
I
Impact(medium)
Read Report
ManoMano Data Breach 2026: Lessons in Third-Party Risk Management
Impact· HIGH
Retail Industry

ManoMano Data Breach 2026: Lessons in Third-Party Risk Management

In January 2026, French DIY e-commerce giant ManoMano experienced a significant data breach affecting approximately 38 million customers. The breach occurred when hackers compromised a third-party customer service provider, leading to unauthorized access to personal data, including full names, email addresses, phone numbers, and customer service communications. Notably, account passwords and financial information remained secure, as they were not stored with the subcontractor. Upon discovery, ManoMano promptly disabled the compromised account, initiated an internal investigation, and notified relevant authorities, including CNIL and ANSSI. The company also established a dedicated helpline for affected customers and issued warnings about potential phishing attempts leveraging the stolen data. This incident underscores the critical importance of securing third-party service providers, as supply chain vulnerabilities can lead to substantial data breaches. Organizations must rigorously assess and monitor the security practices of their subcontractors to prevent similar incidents. Additionally, customers are advised to remain vigilant against phishing attempts and verify the authenticity of communications purportedly from ManoMano or its partners.

3 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(medium)
E
Exfiltration(high)
I
Impact(high)
Read Report
Shelly Pro 4PM 2025 Vulnerability: Unchecked Resource Allocation Triggers Industrial DoS
Impact· high
Critical Manufacturing

Shelly Pro 4PM 2025 Vulnerability: Unchecked Resource Allocation Triggers Industrial DoS

In November 2025, a significant vulnerability (CVE-2025-11243) was disclosed in Shelly Pro 4PM, a smart DIN rail switch commonly used in critical manufacturing environments worldwide. The flaw, arising from improper resource allocation and lack of input bounds checking, allowed an attacker on the local network to trigger a denial-of-service condition by sending specially crafted RPC requests. This caused the device to overallocate memory and reboot, risking loss of control or downtime in industrial settings. No exploitation has been reported publicly, but affected firmware versions prior to 1.6 remain at risk until patched. This incident underscores the persistent risk of denial-of-service vulnerabilities in IoT and industrial devices, especially as connected manufacturing assets proliferate. The failure in secure resource management highlights the growing regulatory and operational focus on robust device security amid expanding threat surfaces.

5 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(high)
LM
Lateral Movement(low)
C&C
Command & Control(low)
E
Exfiltration(high)
I
Impact(high)
Read Report
2025 Shelly Pro 3EM ICS Flaw Exposes Modbus Devices to DoS
Impact· high
Utilities

2025 Shelly Pro 3EM ICS Flaw Exposes Modbus Devices to DoS

In November 2025, a critical Out-of-Bounds Read vulnerability (CVE-2025-12056) was disclosed in the Shelly Pro 3EM, a smart DIN rail switch used in industrial control systems worldwide. Security researchers revealed that a specially crafted Modbus request allows attackers on the adjacent network to trigger an illegal memory access, causing a denial-of-service condition by repeatedly rebooting the device. All versions of the Pro 3EM are affected, including deployments across critical manufacturing sectors. Shelly did not issue an official response, leaving users to rely on CISA defensive guidance. This incident exemplifies the growing risk of targeted vulnerabilities in widely deployed OT (operational technology) and industrial IoT devices. As criminals and nation-state actors increasingly focus on ICS and critical infrastructure, maintaining robust segmentation, access controls, and secure outbound communications is more relevant than ever.

5 months ago

Kill Chain

IC
Initial Compromise(medium)
PE
Privilege Escalation(high)
LM
Lateral Movement(medium)
C&C
Command & Control(low)
E
Exfiltration(high)
I
Impact(high)
Read Report
[ INCIDENT RESPONSE // UNDER ATTACK? ]

Stop Active Cloud Data Exfiltration

Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.

Under Attack

Looking for threats in a different sector?

Browse All Threat Reports