Cybercriminals abuse trusted Intel driver to gain kernel access and shut down Windows Defender, enabling undetected malware deployment since July 2025.