#FactCheck - Debunking the AI-Generated Image of an Alleged Israeli Army Dog Attack

Introduction

‍

Raksha Bandhan is a cherished festival which is celebrated every year on the full moon day of the Hindu month of Shravan. It is a festival that represents the love, care, and protection that siblings share. This year, Raksha Bandhan falls on 09th August 2025. On this day, sisters tie a sacred thread known as Rakhi on their brothers' wrists as a symbol of love and protection, and in return, brothers promise to safeguard them in all walks of life. The origin of this festival traces back to the Mahabharata, when lord Krishna injured his finger. To bandage the wound, Draupadi, also known as Panchali, tore a piece of her saree and tied it on Krishna's finger. Krishna was touched by her selfless gesture and promised to always protect her, a promise he fulfilled during Drapadi’s time of greatest need. 

Today, in the evolving world driven by technology in all aspects of life, the nature of threats has evolved. In this digital age, physical safety alone is no longer enough. Alongside the traditional vow, there is now a growing need for another promise, the promise of Cyber Raksha (Cyber Safety). As we celebrate the spirit of Raksha Bandhan, this year also take the pledge of offering and taking care of the Cyber Suraksha of your sibling. 

‍

Ek Vaada Cyber Raksha ka 

‍

All the brothers and sisters share the bond of mutual care and responsibility. In the evolving threats of cybercrimes, they must understand the vulnerabilities they might face and the cyber safety tips they should be aware of to protect themselves. You must promise to guide, protect each other from online dangers, and help understand the importance of digital safety.  Hence, this Raksha Bandhan, let’s also tie a knot of cyber awareness, responsibility, and digital protection,  because true raksha in today’s age is not only about protection in the offline world, it is about protection in both the offline and online world. 

CyberPeace has curated the following best practices for you to consider in your life and also to share with your sisters and brothers.

‍

Password Security

‍

‍It is most important to realise that cybercrooks mostly have their eyes on your passwords to target and gain access to your accounts or information. Scammers try multiple ways to get access to your passwords by way of various methods such as OTP frauds, Fake login pages (spoofing), Social engineering, Credential stuffing, Brute-force attacks, phishing, etc. 

‍

Quick Tips 

‍

• Use strong passwords.
• Regularly update passwords.
• Use separate passwords for different accounts.
• Use secure & trusted password managers.
• Use two-factor authentication for an extra layer of security.
• Make sure not to save passwords on random devices.

‍

Social Media Security

‍

‍There are endless cyber scams that take place through social media, such as identity theft, cyberbullying, cyber stalking, online harassment, data leaks, suspicious links leading to phishing and malware, exposure to inappropriate content, etc. It becomes important for netizens to protect their accounts, data, and online presence on social media platforms from the growing cyber threats.

‍

Quick Tips

‍

• Review app permissions and do not give any unnecessary app permissions.
• Keep your account private or customise your privacy settings as per your needs.
• Be cautious while interacting with strangers.
• Do not click on any suspicious or unknown links.
• Make sure to log out in case you have to log in to your social media on an unfamiliar device, and update your password to prevent unauthorised access.
• Always use Two-Factor authentication for your social media accounts.
• Avoid sharing too much of your personal information on the public story or public posts. This can be used by cybercriminals for social engineering.
• Use the report & block function to protect yourself from spam accounts and unwanted interactions.
• If you encounter any issue, report it to the ‘Platform’s reporting mechanism at the ‘Help Centre’.
• One can also reach out to the platform’s grievance officer.

‍

Device Security

‍

In today’s world, the interconnectedness is unavoidable, your devices, be it smartphones, tablets, laptops are not just tools, they are digital extensions of yourself. They contain your discussions, recollections, private information, and frequently your financial and professional information. Safeguarding your devices in the digital world can be equated with safeguarding your physical possessions against undesirable encroachments. Just like a sibling would never let anyone invade your privacy, you too must promise to keep your devices secured against malicious threats like malware, spyware, ransomware, and unauthorized access.

‍

Quick Tips

‍

• Update your apps, browsers, and operating systems frequently; these updates frequently contain security vulnerabilities.
• Install reliable anti-virus and anti-malware software, then perform routine device scans.
• Do not download files or apps from unidentified sources.
• Avoid using open or unprotected public Wi-Fi for private activities like email or banking. 
• Employ screen locks (passwords, biometrics, or PINs) to stop unwanted physical access.
• Enable remote wipe or ‘find my Device’ functions in case your device is lost or stolen.

‍

Digital Payments Security

‍

‍Rakshabandhan is all about giving, but let’s not make it easy for cyber fraudsters to take! Convenience can come at a great cost. It often comes with a danger of fraud, phishing, and money-stealing schemes, as evidenced by the rise in digital payments and UPI transactions. But by being cautious, one can avoid being defrauded.  Whether you’re gifting a sibling online or shopping for festive deals, promise yourself and your loved ones that you’ll transact wisely and safely.

‍

Quick Tips

‍

• Never give out your bank credentials, CVV, OTP, or UPI PIN to anyone, even if they seem trustworthy before extensively verifying their credentials.
• Before completing a transaction, confirm the account information or UPI ID.
• Refund or payment links sent by WhatsApp accounts or unknown numbers should not be clicked. 
• Use only trusted apps (like BHIM, PhonePe, Google Pay, etc.) downloaded from official app stores.

‍

Email Security

‍

Your email serves as a key to your digital kingdom and serves as more than just a tool for communication. Your email frequently connects everything, from banking to social networking. Scammers use phishing assaults, malware attachments, and impersonation frauds to target it first.  Just like a sibling watches your back, watch your inbox. Make a vow not to fall for the digital bait.

‍

Quick tips

‍

• Never open attachments or links in emails that seem strange or suspicious.
• Subject lines that evoke fear, such as “Account Suspended,” “Urgent Action Required” should be avoided. 
• Verify the sender’s email address at all times because scammers frequently use little misspellings to deceive you.
• Set up two-factor authentication and create a secure, one of a kind password for your email accounts.
• Avoid using unprotected Wi-Fi networks or public computers to check your email.
• Avoid responding to spam emails or unsubscribing through dubious links as this could give the attacker your address. 

‍

Common scams to watch out for

‍

Festive deals scams

‍

As the festive season sales surge in India, so does the risk of cyber scams. Cyber crooks exploit the victims and urge them to share OTPs under the guise of preventing fraudulent activity, sharing malicious links to get sensitive information. 

‍

Mis-disinformation 

‍

The spread of mis-disinformation has surged on social media platforms. It spreads like wildfire across the digital landscape, and the need for effective strategies to counteract these challenges has grown exponentially in a very short period. ‘Prebunking’ and ‘Debunking’ are two approaches for countering the growing spread of misinformation online.

‍

Deepfake and Voice cloning scams

‍

By using the Deepfake technology, cybercriminals manipulate audio and video content which looks very realistic but, in actuality, is fake. Voice cloning is also a part of deepfake. To create a voice clone of anyone's, audio can be deepfaked too, which closely resembles a real one but, in actuality, is a fake voice created through deepfake technology. 

‍

Juice Jacking

‍

Cybercriminals can hack your phone using or exploiting some public charging stations, such as at airports, Malls, hotel rooms, etc. When you plug your cell phone into a USB  power charger, you may be plugging into a hacker. Juice jacking poses a security threat commonly at places that provide free charging stations for mobile devices. 

‍

Suspicious links & downloads

‍

Suspicious links & downloads can lead you to a phishing site or install malware into your system, which can even lead to compromise your device, expose sensitive data, and cause financial losses.

‍

Conclusion

‍

This Rakhi, ensure your and your sibling’s online safety and security by being cybersafe and smart. You can seek assistance from the CyberPeace Helpline at helpline@cyberpeace.net

‍

‍

Introduction

‍

Recently, in April 2025, security researchers at Oligo Security exposed a substantial and wide-ranging threat impacting Apple's AirPlay protocol and its use via third-party Software Development Kit (SDK). According to the research, the recently discovered set of vulnerabilities titled "AirBorne" had the potential to enable remote code execution, escape permissions, and leak private data across many different Apple and third-party AirPlay-compatible devices. With well over 2.35 billion active Apple devices globally and tens of millions of third-party products that incorporate the AirPlay SDK, the scope of the problem is enormous. Those wireless-based vulnerabilities pose not only a technical threat but also increasingly an enterprise- and consumer-level security concern.

‍

Understanding AirBorne: What’s at Stake?

‍

AirBorne is the title given to a set of 23 vulnerabilities identified in the AirPlay communication protocol and its related SDK utilised by third-party vendors. Seventeen have been given official CVE designations. The most severe among them permit Remote Code Execution (RCE) with zero or limited user interaction. This provides hackers the ability to penetrate home networks, business environments, and even cars with CarPlay technology onboard.

‍

Types of Vulnerabilities Identified

AirBorne vulnerabilities support a range of attack types, including:

‍

• Zero-Click and One-Click RCE
• Access Control List (ACL) bypass
• User interaction bypass
• Local arbitrary file read
• Sensitive data disclosure
• Man-in-the-middle (MITM) attacks
• Denial of Service (DoS)

‍

Each vulnerability can be used individually or chained together to escalate access and broaden the attack surface.

‍

Remote Code Execution (RCE): Key Attack Scenarios

‍

‍

1. MacOS – Zero-Click RCE (CVE-2025-24252 & CVE-2025-24206) These weaknesses enable attackers to run code on a MacOS system without any user action, as long as the AirPlay receiver is enabled and configured to accept connections from anyone on the same network. The threat of wormable malware propagating via corporate or public Wi-Fi networks is especially concerning.
2. MacOS – One-Click RCE (CVE-2025-24271 & CVE-2025-24137) If AirPlay is set to "Current User," attackers can exploit these CVEs to deploy malicious code with one click by the user. This raises the level of threat in shared office or home networks.
3. AirPlay SDK Devices – Zero-Click RCE (CVE-2025-24132) Third-party speakers and receivers through the AirPlay SDK are particularly susceptible, where exploitation requires no user intervention. Upon compromise, the attackers have the potential to play unauthorised media, turn microphones on, or monitor intimate spaces.
4. CarPlay Devices – RCE Over Wi-Fi, Bluetooth, or USB CVE-2025-24132 also affects CarPlay-enabled systems. Under certain circumstances, the perpetrators around can take advantage of predictable Wi-Fi credentials, intercept Bluetooth PINs, or utilise USB connections to take over dashboard features, which may distract drivers or listen in on in-car conversations.

‍

Other Exploits Beyond RCE

‍

AirBorne also opens the door for:

‍

• Sensitive Information Disclosure: Exposing private logs or user metadata over local networks (CVE-2025-24270).
• Local Arbitrary File Access: Letting attackers read restricted files on a device (CVE-2025-24270 group).
• DoS Attacks: Exploiting NULL pointer dereferences or misformatted data to crash processes like the AirPlay receiver or WindowServer, forcing user logouts or system instability (CVE-2025-24129, CVE-2025-24177, etc.).

‍

How the Attack Works: A Technical Breakdown

‍

AirPlay sends on port 7000 via HTTP and RTSP, typically encoded in Apple's own plist (property list) form. Exploits result from incorrect treatment of these plists, especially when skipping type checking or assuming invalid data will be valid. For instance, CVE-2025-24129 illustrates how a broken plist can produce type confusion to crash or execute code based on configuration.

A hacker must be within the same Wi-Fi network as the targeted device. This connection might be through a hacked laptop, public wireless with shared access, or an insecure corporate connection. Once in proximity, the hacker has the ability to use AirBorne bugs to hijack AirPlay-enabled devices. There, bad code can be released to spy, gain long-term network access, or spread control to other devices on the network, perhaps creating a botnet or stealing critical data.

‍

The Espionage Angle

‍

Most third-party AirPlay-compatible devices, including smart speakers, contain built-in microphones. In theory, that leaves the door open for such devices to become eavesdropping tools. While Oligo did not show a functional exploit for the purposes of espionage, the risk suggests the gravity of the situation.

‍

The CarPlay Risk Factor

‍

Besides smart home appliances, vulnerabilities in AirBorne have also been found for Apple CarPlay by Oligo. Those vulnerabilities, when exploited, may enable attackers to take over an automobile's entertainment system. Fortunately, the attacks would need pairing directly through USB or Bluetooth and are much less practical. Even so, it illustrates how networks of connected components remain at risk in various situations, ranging from residences to automobiles.

‍

How to Protect Yourself and Your Organisation

‍

1. Immediate Actions:

• Update Devices: Ensure all Apple devices and third-party gadgets are upgraded to the latest software version.
• Disable AirPlay Receiver: If AirPlay is not in use, disable it in system settings.
• Restrict AirPlay Access: Use firewalls to block port 7000 from untrusted IPs.
• Set AirPlay to “Current User” to limit network-based attack.

2. Organisational Recommendations:

• Communicate the patch urgency to employees and stakeholders.
• Inventory all AirPlay-enabled hardware, including in meeting rooms and vehicles.
• Isolate vulnerable devices on segmented networks until updated.

‍

Conclusion

‍

The AirBorne vulnerabilities illustrate that even mature systems such as Apple's are not immune from foundational security weaknesses. The extensive deployment of AirPlay across devices, industries, and ecosystems makes these vulnerabilities a systemic threat. Oligo's discovery has served to catalyse immediate response from Apple, but since third-party devices remain vulnerable, responsibility falls to users and organisations to install patches, implement robust configurations, and compartmentalise possible attack surfaces. Effective proactive cybersecurity hygiene, network segmentation, and timely patches are the strongest defences to avoid these kinds of wormable, scalable attacks from becoming large-scale breaches.

‍

References

‍

• https://www.oligo.security/blog/airborne
• https://www.wired.com/story/airborne-airplay-flaws/
• https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html
• https://www.securityweek.com/airplay-vulnerabilities-expose-apple-devices-to-zero-click-takeover/
• https://www.pcmag.com/news/airborne-flaw-exposes-airplay-devices-to-hacking-how-to-protect-yourself
• https://cyberguy.com/security/hackers-breaking-into-apple-devices-through-airplay/

‍

Executive Summary:

A viral online video claims to show a Syrian prisoner experiencing sunlight for the first time in 13 years. However, the CyberPeace Research Team has confirmed that the video is a deep fake, created using AI technology to manipulate the prisoner’s facial expressions and surroundings. The original footage is unrelated to the claim that the prisoner has been held in solitary confinement for 13 years. The assertion that this video depicts a Syrian prisoner seeing sunlight for the first time is false and misleading.

Claim A viral video falsely claims that a Syrian prisoner is seeing sunlight for the first time in 13 years.

‍

Factcheck:

‍

Upon receiving the viral posts, we conducted a Google Lens search on keyframes from the video. The search led us to various legitimate sources featuring real reports about Syrian prisoners, but none of them included any mention of such an incident. The viral video exhibited several signs of digital manipulation, prompting further investigation.

‍

We used AI detection tools, such as TrueMedia, to analyze the video. The analysis confirmed with 97.0% confidence that the video was a deepfake. The tools identified “substantial evidence of manipulation,” particularly in the prisoner’s facial movements and the lighting conditions, both of which appeared artificially generated.

‍

Additionally, a thorough review of news sources and official reports related to Syrian prisoners revealed no evidence of a prisoner being released from solitary confinement after 13 years, or experiencing sunlight for the first time in such a manner. No credible reports supported the viral video’s claim, further confirming its inauthenticity.

Conclusion:

The viral video claiming that a Syrian prisoner is seeing sunlight for the first time in 13 years is a deep fake. Investigations using tools like Hive AI  detection confirm that the video was digitally manipulated using AI technology. Furthermore, there is no supporting information in any reliable sources. The CyberPeace Research Team confirms that the video was fabricated, and the claim is false and misleading.

• Claim: Syrian prisoner sees sunlight for the first time in 13 years, viral on social media.
• Claimed on: Facebook and X(Formerly Twitter)
• Fact Check: False & Misleading