Akira ransomware abuses CPU tuning tool to disable Microsoft Defender

Threat Score:
53
BleepingComputer
4 days ago
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender

Overview

Akira ransomware abuses CPU tuning tool to disable Microsoft Defender Bill Toulas August 6, 2025 04:15 PM 0 Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines. The abused driver is 'rwdrv.sys' (used by ThrottleStop), which the threat actors register as a service to gain kernel-level access. This driver is likely used to load a second driver, 'hlpdrv.sys,' a malicious tool that manipula...

Related Articles

5 articles
1

Google confirms Salesforce CRM breach, faces extortion threat

Security Affairs 4 hours ago

Google disclosed a Salesforce Customer Relationship Management (CRM) breach exposing data of some prospective Google Ads customers. Google confirmed a breach in a Salesforce CRM instance affecting the data of prospective Google Ads customers. The website Databreaches.net reported that the attackers have sent an extortion demand to the Tech giant. Google Threat Intelligence Group confirmed that […]

Score
87
Read more
2

Google Hacked – Approx 2.5 Million Records of Google Ads Customer Data Leaked

GB Hackers 2 hours ago

Google Hacked – Approx 2.5 Million Records of Google Ads Customer Data Leaked Google has disclosed a significant data breach involving one of its corporate Salesforce instances, compromising customer data tied to its Google Ads platform. Google has not revealed the exact number of people impacted, but according to ShinyHunters,who spoke with Cyber Security News, the breach exposed around 2.5 million records (Approx). Whether some of these entries are duplicates is still unknown. The incident, de

Score
85
Read more
4

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

The Hacker News 2 hours ago

A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct power distributed denial-of-service (DDoS) attacks. The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and Shahak Morag, whopresentedtheir findings at the DEF CON 33 security conference today. "As we explored the intricacies of the Windows LDAP client code, we discovered a significant flaw that allowed us to

Score
82
Read more
5

Hackers Found Backdoor in High-Security Safes—Opens in Seconds

Spybusters 6 hours ago

Security researchers found two techniques to crack at least eight brands of electronic safes—used to secure everything from guns to narcotics. James Rowley and Mark Omo got curious a scandal in the world of electronic safes... In the process, they'd find something far bigger: another form of backdoor intended to let authorized locksmiths open not just Liberty Safe devices, but the high-security Securam Prologic locks used in many of Liberty’s safes and those of at least seven other brands.  More

Score
76
Read more