Windows Defender Exploit & Defense Strategies

By Josh Young | August 21, 2025

1. Headline Spotlight: Akira Ransomware Exploits Windows Defender via Intel Driver Security researchers at GuidePoint Security have uncovered a sophisticated attack chain involving the Akira ransomware. Attackers exploit a legitimate Intel CPU tuning driver—rwdrv.sys (used by ThrottleStop)—to load a secondary malicious driver, hlpdrv.sys. This malicious driver then modifies the system registry to disable Microsoft Defender’s…

Read More