#FactCheck: Viral AI video claims Iran has destroyed Israel in an airstrike

Executive Summary:

A new threat being uncovered in today’s threat landscape is that while threat actors took an average of one hour and seven minutes to leverage Proof-of-Concept(PoC) exploits after they went public, now the time is at a record low of 22 minutes. This incredibly fast exploitation means that there is very limited time for organizations’ IT departments to address these issues and close the leaks before they are exploited. Cloudflare released the Application Security report which shows that the attack percentage is more often higher than the rate at which individuals invent and develop security countermeasures like the WAF rules and software patches. In one case, Cloudflare noted an attacker using a PoC-based attack within a mere 22 minutes from the moment it was released, leaving almost no time for a remediation window. 

Despite the constant growth of vulnerabilities in various applications and systems, the share of exploited vulnerabilities, which are accompanied by some level of public exploit or PoC code, has remained relatively stable over the past several years and fluctuates around 50%. These vulnerabilities with publicly known exploit code, 41% was initially attacked in the zero-day mode while of those with no known code, 84% was first attacked in the same mode. 

Modus Operandi:

The modus operandi of the attack involving the rapid weaponization of proof-of-concept (PoC) exploits is characterized by the following steps:

• Vulnerability Identification: Threat actors bring together the exploitation of a system vulnerability that may be in the software or hardware of the system; this may be a code error, design failure, or a configuration error. This is normally achieved using vulnerability scanners and test procedures that have to be performed manually. 

• Vulnerability Analysis: After the vulnerability is identified, the attackers study how it operates to determine when and how it can be triggered and what consequences that action will have. This means that one needs to analyze the details of the PoC code or system to find out the connection sequence that leads to vulnerability exploitation. 

• Exploit Code Development: Being aware of the weakness, the attackers develop a small program or script denoted as the PoC that addresses exclusively the identified vulnerability and manipulates it in a moderated manner. This particular code is meant to be utilized in showing a particular penalty, which could be unauthorized access or alteration of data. 

• Public Disclosure and Weaponization: The PoC exploit is released which is frequently done shortly after the vulnerability has been announced to the public. This makes it easier for the attackers to exploit it while waiting for the software developer to release the patch. To illustrate, Cloudflare has spotted an attacker using the PoC-based exploit 22 minutes after the publication only. 

• Attack Execution: The attackers then use the weaponized PoC exploit to attack systems which are known to be vulnerable to it. Some of the actions that are tried in this context are attempts at running remote code, unauthorized access and so on. The pace at which it happens is often much faster than the pace at which humans put in place proper security defense mechanisms, such as the WAF rules or software application fixes. 

• Targeted Operations: Sometimes, they act as if it’s a planned operation, where the attackers are selective in the system or organization to attack. For example, exploitation of CVE-2022-47966 in ManageEngine software was used during the espionage subprocess, where to perform such activity, the attackers used the mentioned vulnerability to install tools and malware connected with espionage. 

Precautions: Mitigation

Following are the mitigating measures against the PoC Exploits: 

1. Fast Patching and New Vulnerability Handling 

• Introduce proper patching procedures to address quickly the security released updates and disclosed vulnerabilities. 

• Focus should be made on the patching of those vulnerabilities that are observed to be having available PoC exploits, which often risks being exploited almost immediately.

• It is necessary to frequently check for the new vulnerability disclosures and PoC releases and have a prepared incident response plan for this purpose. 

2. Leverage AI-Powered Security Tools 

•  Employ intelligent security applications which can easily generate desirable protection rules and signatures as attackers ramp up the weaponization of PoC exploits. 

• Step up use of artificial intelligence (AI) - fueled endpoint detection and response (EDR) applications to quickly detect and mitigate the attempts. 

• Integrate Artificial Intelligence based SIEM tools to Detect & analyze Indicators of compromise to form faster reaction. 

 3. Network Segmentation and Hardening 

• Use strong networking segregation to prevent the attacker’s movement across the network and also restrict the effects of successful attacks. 

• Secure any that are accessible from the internet, and service or protocols such as RDP, CIFS, or Active directory. 

• Limit the usage of native scripting applications as much as possible because cyber attackers may exploit them. 

4. Vulnerability Disclosure and PoC Management 

• Inform the vendors of the bugs and PoC exploits and make sure there is a common understanding of when they are reported, to ensure fast response and mitigation. 

• It is suggested to incorporate mechanisms like digital signing and encryption for managing and distributing PoC exploits to prevent them from being accessed by unauthorized persons. 

• Exploits used in PoC should be simple and independent with clear and meaningful variable and function names that help reduce time spent on triage and remediation. 

5. Risk Assessment and Response to Incidents 

• Maintain constant supervision of the environment with an intention of identifying signs of a compromise, as well as, attempts of exploitation. 

• Support a frequent detection, analysis and fighting of threats, which use PoC exploits into the system and its components. 

• Regularly communicate with security researchers and vendors to understand the existing threats and how to prevent them.

Conclusion:

The rapid process of monetization of Proof of Concept (POC) exploits is one of the most innovative and constantly expanding global threats to cybersecurity at the present moment. Cyber security experts must react quickly while applying a patch, incorporate AI to their security tools, efficiently subdivide their networks and always heed their vulnerability announcements. Stronger incident response plan would aid in handling these kinds of menaces. Hence, applying measures mentioned above, the organizations will be able to prevent the acceleration of turning PoC exploits into weapons and the probability of neutral affecting cyber attacks. 

Reference:

https://www.mayrhofer.eu.org/post/vulnerability-disclosure-is-positive/

https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware

https://www.balbix.com/insights/attack-vectors-and-breach-methods/

https://blog.cloudflare.com/application-security-report-2024-update

‍

Introduction 

In recent years, the online gaming sector has seen tremendous growth and is one of the fastest-growing components of the creative economy, contributing significantly to innovation, employment generation and export earnings. India possesses a large pool of skilled young professionals, strong technological capabilities and a rapidly growing domestic market, which together provide an opportunity for the country to assume a leadership role in the global value chain of online gaming. With this, the online gaming industry has also faced an environment of exploitation, abuse, with notable cases of fraud, money laundering, and other emerging cybercrimes. In order to protect the interests of players, ensure fair play and competition, safe and secure online gaming environment, the need for introducing and establishing dedicated gaming regulation was a need of the hour. 

On 20 August 2025, the Union government introduced a new bill, ‘Promotion and Regulation of Online Gaming Bill, 2025’ in Lok Sabha that seeks to prohibit online money gaming, including advertisements and financial transactions related to such platforms. From the introduction, the said bill was passed at 5 PM on the same date. Further, the upper house of parliament (Rajya Sabha) passed the bill on 21st August 2025. The bill can be seen as a progressive step towards building safer online gaming spaces for everyone, especially for our youth and combating the emerging cybercrime threats present in the online gaming landscape.

Key Highlights of the Bill

The Bill extends to the whole of India. It also applies to any online money gaming service offered within India or operated from outside the country but accessible in India.

‍

1. Definition of E-sports:

Section 2(1)(c) of the Bill defines e-sports as:-

(i)  is played as part of multi-sports events; 

(ii) involves organised competitive events between individuals or teams, conducted in multiplayer formats governed by predefined rules; 

(iii) is duly recognised under the National Sports Governance Act, 2025, and registered with the Authority or agency under section 3; 

(iv) has outcome determined solely by factors such as physical dexterity, mental agility, strategic thinking or other similar skills of users as players; 

(v) may include payment of registration or participation fees solely for the purpose of entering the competition or covering administrative costs and may include performance-based prize money by the player; and 

(vi)shall not involve the placing of bets, wagers or any other stakes by any person, whether or not such person is a participant, including any winning out of such bets, wagers or any other stakes; 

2. Prohibition of Online Money Gaming and Advertisement thereof
   The Bill prohibits the offering of online money games and online money gaming services. It also bans all forms of advertisements or promotions connected to online money games. This includes endorsements by individuals or entities.
3. Financial Transactions
   Banks, financial institutions, and other intermediaries are barred from facilitating transactions related to online money gaming services.
4. Criminal Liability
   Violation of the provisions on online money gaming can result in imprisonment for up to three years, or a fine of up to ₹1 crore, or both. Repeat offenders face stricter punishment with higher fines and longer jail terms.
5. Cognizable and Non-Bailable Offences
   Offences relating to offering online money gaming services and facilitating financial transactions for such games are categorised as cognizable and non-bailable. This gives law enforcement agencies greater power to act without requiring prior approval.

‍

In conversation with CyberPeace ~

Shailendra Vikram Singh, Former Deputy Secretary (Cyber & Information Security), Ministry of Home Affairs, GOI . He highlighted that

"The passage of the Promotion and Regulation of Online Gaming Bill, 2025 in the Lok Sabha highlights the government’s growing priority on national security, public safety, and health in digital regulation. Unfortunately, the real money gaming industry, despite its growth and promise, did not take proactive steps to address these concerns. The absence of safeguards and engagement left the government with no choice but to adopt a blanket ban."Having worked on this issue from both the government and industry side, the clear lesson is that in sensitive digital sectors, early regulatory alignment and constructive dialogue are not optional but essential. Going forward, collaboration is the only way to achieve a balance between innovation and responsibility.”

‍

CyberPeace Outlook

The Promotion and Regulation of Online Gaming Bill, 2025, marks a decisive policy shift by simultaneously fostering the growth of e-sports, educational and social gaming, and imposing an absolute prohibition on online money games. By recognising e-sports as legitimate, skill-based competitive sports under the National Sports Governance Act, 2025, and establishing a central Authority for oversight, registration, and regulation, the Bill creates an institutional framework for safe and responsible development of the sector.  The Bill completely bans real money games (RMGs), regardless of whether they are skill-based or chance-based or both, hence it poses significant questions on RMG companies' legal standing, upon which the gaming industry has raised its conundrum. Further, it addresses urgent threats such as cybercrime, gaming addiction, online betting, money laundering, and the misuse of gaming platforms for illicit activities. The move reflects a balanced approach, encouraging innovation and digital skill-building, while safeguarding public order, consumer interests, and financial integrity.

References

1. https://prsindia.org/files/bills_acts/bills_parliament/2025/Bill_Text-Online_Gaming_Bill_2025.pdf
2. https://prsindia.org/billtrack/the-promotion-and-regulation-of-online-gaming-bill-2025
3. https://www.hindustantimes.com/india-news/rajya-sabha-clears-online-gaming-bill-a-day-after-lok-sabha-approval-101755766847840.html

‍

‍

Introduction 
‍

Freedom of speech and expression is fundamental to democracy and is constitutionally entrenched in Article 19(1)(a) of the Indian Constitution. The explosion of online spaces, brought about by the digital age, in the form of social media, blogs, and messaging apps, has reinterpreted how information is authored, disseminated, and consumed. This digital revolution has galvanised individuals to engage further inclusively in public debate, but has also fanatically magnified the risks of misinformation, hate speech, and threats to public order. Against this background, the judiciary is increasingly called upon to determine the limits of free speech, primarily where state regulation seeks to infringe upon constitutional protection.
‍

Constitutional and Statutory Framework related to Freedom of Speech 
‍

The judiciary plays an integral role in balancing the fundamental right of freedom of speech with the regulation of online content, especially during the fast-paced evolution of the digital world. In India, with Article 19(1)(a) of the Constitution guaranteeing the freedom of speech, the courts bear the critical responsibility of protecting this liberty while recognising the State's legitimate interests in restricting harmful or unlawful content on a digital scale. This adjudicatory dilemma is even trickier because the said right has been held by the Supreme Court not to be an absolute one and is subject to "reasonable restrictions" as in Article 19(2), which recognises restrictions in the interest of sovereignty, security, public order, decency, and morality.  Freedom of speech, being the cornerstone of democracy in India, does have an umbrella of reasonable restrictions under which the state can regulate any form of speech that infringes upon other equally compelling societal interests. However, with the coming of the internet and other digital communication arrangements, there was a need to develop new statutory instruments, i.e., Information Technology Act, 2000 (IT Act) and Rules made thereunder, including Information Technology (Intermediary Guidelines) and Digital Media Ethics Code Rules, 2021. These enactments attempt to regulate digital content, confronting issues such as hate speech, misinformation, and content that threatens public order. The judiciary's mandate is to interpret the enactments within the constitutional precincts, thus ensuring that the arbitrariness of State action is not aggravated or that the regulation is not overbroad. Judicial Landmark Decisions Affirming Balance The judiciary has played a front-ranking role in elaborating a jurisprudence protecting free speech in delineating legitimate regulation thereof. The Supreme Court judgment in Shreya Singhal v. Union of India, 2015, is seminal. Section 66A of the IT Act was struck down as it was vague and overly broad, causing a chilling effect on online speech. The Court has emphasised that any limitation on speech must be precise and fall strictly within the parameters laid down in Article 19(2). While the Court recognises that harmful online content needs to be addressed, the remedy must not encroach upon free political debate, satire, and criticism vital for democracy. 

Following this, the Anuradha Bhasin case clarified the convergence of free speech and online access. The court held that the right to free speech had a vital medium in the form of the internet and that it would have to be an inevitable, proportionate shutdown, and transparent for challenge before the judiciary for any shutdown of the internet. This reaffirmed that restrictions on online speech must be rigorously tested.

Subsequent cases involve limitations on the 2021 IT Rules, whereby such government bodies can demand that “fake” or “misleading” material be taken off the internet. Courts move with circumspection, recognising the government's interest in fighting bogus information but remaining vigilant against over-regulation that can be code for pre-emptive censorship and threatening healthy discourses. 

The virtual world raises particular and deeper questions: the viral nature of online speech multiplies its impact, distributing both democratic ideas and abusive material instantaneously. The courts recognise this twinning. While pressurising the legislature and executive to formulate clearer, more precise rules, courts simultaneously act as constitutional Guardians, avoiding breaches of the right with executive excess or vague laws. There is a strain between judicial activism, which promotes constitutional rights aggressively, and the fear of judicial paternalism, courts overreaching into policy arenas. But there is a need for vigilance by the judiciary due to the rapidly changing nature of digital technologies and threats to the freedoms of democracy. The judiciary continues to give contours to free speech and online regulation. There are enforcement issues, such as ongoing abuse of struck-down provisions, such as Section 66A, that the court counters with reaffirmation of constitutional directives. The evolving jurisprudence balances on thin stilts, upholding the democratic spirit of India by securing speech on online spaces and sanctioning reasonable, transparent moderation of harmful speech.

‍

Conclusion
‍

The Indian judiciary's leadership in balancing online content regulation with the freedom of speech is central and refined. The courts continually emphasise that speech on the digital medium is highly constitutionally protected and that restrictions must be legally valid, specific, essential, and proportionate. By classical decisions and constant review of new regulating actions, courts safeguard democratic participation in the digital public domain from unmeritorious censorship. Concurrently, the courts recognize the responsibility of the state in regulating digital ills such as mis recipe and hate speech, demanding parameters that uphold constitutional freedoms and the due process. The balancing act of the judiciary continues to be fundamental in defining India's digital democracy so that free speech can thrive even as the state upholds public order and human dignity in the digital communication age.

‍