Intel

Multiple vulnerabilities in the Intel NPU Driver allow a local attacker to escalate privileges and cause a denial of service.

Dell published security advisories between May 11 and 17, 2026, addressing vulnerabilities in Dell Enterprise Sonic Distribution, Dell Live Optics Collector, Intel 800 Series Ethernet Adapters, Dell PowerEdge with AMD Graphics, and PowerScale InsightIQ, prompting users to apply necessary updates.

CVE-2026-40618 describes a vulnerability in F5 BIG-IP Virtual Edition (VE) where specific traffic can cause the Traffic Management Microkernel (TMM) to terminate when an SSL profile is configured without Intel QuickAssist Technology (QAT) or with crypto.hwacceleration disabled, potentially leading to a denial-of-service.

A local attacker can exploit a vulnerability in Intel Server Firmware Update Utility Software to escalate their privileges on the targeted system.

Intel released security advisories addressing vulnerabilities in Display Virtualization for Windows OS driver software, Intel EMA software, AI Playground software, and Intel Vision software, requiring users to update to the latest versions.

Multiple vulnerabilities in Intel Firmware allow a local attacker to escalate privileges, cause a denial-of-service condition, or disclose sensitive information.

This rule detects the execution of PowerShell, PowerShell ISE, or Cmd spawned from Windows Script Host or MSHTA, indicating potential abuse of scripting interpreters to execute malicious commands or scripts on Windows systems.

Adversaries may establish persistence by abusing the Windows Installer (msiexec.exe) to create scheduled tasks or modify registry run keys, allowing for malicious code execution upon system startup or user logon.

Adversaries may execute processes from unusual default Windows directories to masquerade malware and evade defenses by blending in with trusted paths, making malicious activity harder to detect.

Detection of unsigned or untrusted DLLs being loaded into the LSASS process, which is indicative of credential access attempts by adversaries aiming to steal sensitive information such as user passwords.

Detection of LSASS loading an unsigned or untrusted DLL, which can indicate credential access attempts by malicious actors targeting sensitive information stored in the LSASS process.