Tag
CVE-2026-46840 - Oracle REST Data Services Takeover Vulnerability
2 rules 1 CVECVE-2026-46840 is a critical vulnerability in Oracle REST Data Services (ORDS) that allows an unauthenticated attacker with network access to achieve complete takeover of the service, potentially impacting additional products due to scope change.
AWS RDS DB Snapshot Shared with Another Account
2 rules 1 TTPAn AWS RDS DB snapshot is shared with another AWS account or made public, potentially enabling unauthorized access, offline analysis, or data exfiltration by allowing adversaries to restore the snapshot in their controlled infrastructure.
AWS RDS DB Instance or Cluster Deletion Protection Disabled
2 rules 2 TTPsAn adversary may disable deletion protection on an AWS RDS DB instance or cluster as a precursor to destructive actions, such as deleting databases containing sensitive data.
AWS RDS Snapshot Deletion Detected
3 rules 2 TTPsThe deletion of AWS RDS DB snapshots or disabling backups via configuration changes can inhibit recovery, destroy forensic evidence, and prepare for destructive actions by adversaries.
AWS RDS DB Instance Made Public
2 rules 3 TTPsAn attacker with compromised AWS credentials may modify an Amazon RDS DB instance or cluster to be publicly accessible for persistence, data exfiltration, or to bypass network restrictions.
AWS RDS DB Instance or Cluster Password Modification
2 rules 3 TTPsThe modification of the master password for an AWS RDS DB instance or cluster can indicate malicious activity used for persistence, privilege escalation, or defense evasion.
AWS RDS DB Instance Restored for Defense Evasion or Data Collection
3 rules 3 TTPsDetection of AWS RDS database instance restoration from a snapshot or S3 backup, potentially indicating unauthorized data access, defense evasion, or data collection by adversaries recreating database environments to bypass controls or exfiltrate sensitive data.
AWS RDS Snapshot Export to S3 for Potential Data Exfiltration
2 rules 1 TTPAn adversary may export RDS snapshots to Amazon S3 to exfiltrate sensitive data outside of RDS-managed storage, potentially bypassing database access controls and leading to unauthorized data theft.
AWS RDS DB Instance or Cluster Deleted
2 rules 1 TTPAn adversary with sufficient permissions may delete RDS resources such as DB instances or clusters to impede recovery, destroy evidence, or inflict operational impact on the environment.
AWS RDS Master User Password Reset Detection
2 rules 2 TTPsDetection of unauthorized master user password resets for Amazon RDS DB instances via AWS CloudTrail logs, potentially leading to sensitive data access and data breaches.