Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-h75c-f2xx-9vxv: OpenCMS Cross-Site Scripting vulnerability

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-3922-2r6r-r4fv: MCMS allows arbitrary file uploads in the ueditor component

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.

GHSA-7m3w-m5g3-cc88: OpenCMS cross-site scripting (XSS) vulnerability

An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.

GHSA-847x-x4jg-6gf4: croogo Host header injection

A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts.
The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

Morphisec discovers a new malware threat ResolverRAT, that combines advanced methods for running code directly in computer memory,…

Morphisec discovers a new malware threat ResolverRAT, that combines advanced methods for running code directly in computer memory, figuring out necessary system functions and resources as it runs, and employing multiple layers of techniques to avoid detection by security software.

A new and sophisticated piece of malware, dubbed ResolverRAT by Morphisec researchers, has been discovered actively targeting organisations within the healthcare and pharmaceutical sectors, with the most recent wave of attacks occurring around March 10, 2025.

Morphisec’s Threat Labs researchers dubbed it Resolver because of the malware’s high reliance on figuring things out and handling resources dynamically while running, making it much harder for traditional methods to detect it.

According to researchers, ResolverRAT is distributed via phishing emails designed to create a sense of urgency or fear, pressuring recipients to click on a malicious link. Once clicked, the link leads to a file that starts the ResolverRAT infection process.

This is a highly localised phishing attack as the emails are written in the native language of the targeted country and consistently use alarming subjects, such as legal investigations or copyright violations. This multi-language approach suggests a global operation aimed at maximising successful infections through personalised targeting.

Use of native language subject lines (Source: Morphisec)

ResolverRAT infections begin with DLL side-loading, a technique that involves placing a malicious DLL file alongside a legitimate, signed program, identified as ‘hpreader.exe‘ in this case. When ‘hpreader.exe’ is executed, it unknowingly loads the malicious DLL, triggering the malware’s execution.

Interestingly, the same executable was identified by CPR in a recent campaign distributing the Rhadamanthys malware, and Cisco Talos documented similar phishing techniques used to deliver Lumma information-stealing malware. This could suggest that the groups are reusing tools, sharing resources, or part of a coordinated effort or shared network of cybercriminal affiliates.

ResolverRAT employs multiple layers of evasion to avoid detection, including extensive code obfuscation and a custom protocol over standard ports to blend network traffic. It executes malicious code directly in the computer’s memory (in-memory execution) and dynamically identifies and uses necessary system functions as it runs (API resolution).

To stay on an infected system even after a reboot, ResolverRAT creates up to 20 entries in the Windows Registry, spread across various locations, and installs copies of itself in various locations.

Moreover, the malware uses a unique method of certificate validation and ‘.NET Resource Resolver Hijacking’ technique is a key element of its stealth. Additionally, it attempts to fingerprint analysis environments and can alter its behaviour when it detects it’s being examined.

It allows attackers to steal sensitive information like credentials and patient data, breaking large datasets into smaller chunks for easier transmission. ResolverRAT also has remote access capabilities, allowing attackers to execute commands, upload files, take screenshots, capture keystrokes, and potentially deploy further malware.

This sophisticated blend of in-memory execution, advanced evasion techniques, and resilient C2 infrastructure poses a substantial threat to sensitive sectors like healthcare and pharmaceuticals, highlighting the need for organisations to adopt proactive defence strategies to effectively counter these threats.

Native Language Phishing Spreads ResolverRAT to Healthcare

Government-backed hacking groups from North Korea (TA427), Iran (TA450), and Russia (UNK_RemoteRogue, TA422) are now using the ClickFix…

Government-backed hacking groups from North Korea (TA427), Iran (TA450), and Russia (UNK\_RemoteRogue, TA422) are now using the ClickFix technique in their espionage campaigns. Learn about Proofpoint’s insights into this new wave of attacks.

Proofpoint has recently discovered a concerning development related to the ClickFix attack, a dangerous social engineering method. Reportedly, government-backed hacking groups are now using this technique, exploiting users’ trust by presenting fake error messages or security alerts from the operating system or familiar applications.

Users are tricked into downloading and running a code in their computer’s command line interface, believing it is a solution to their problem. However, when run, this code executes malicious commands on the victim’s machine.

Last year, Hackread.com raised an alarm about the rising popularity of the ClickFix attack among cybercriminals starting in March 2024, after groups like TA571 and ClearFake used it. In October 2024, Sekoia observed a rise in ClickFix attacks involving fake Google Meet, Chrome, and Facebook pages tricking users into downloading malware.

The latest wave of ClickFix attacks was observed between July 2024 and early 2025, with North Korea, Iran, and Russia-backed hackers incorporating ClickFix into their usual operations.

Attacks Timeline (Source: Proofpoint)

****North Korea (TA427)****

In early 2025, TA427 (Kimsuky, Emerald Sleet) targeted individuals from 5 organisations in the think tank sector working on North Korea affairs. They used deceptive meeting requests and fake websites to trick them into running PowerShell commands. One successful attack involved impersonating a Japanese diplomat (Ambassador Shigeo Yamada) and led to the installation of QuasarRAT malware.

Malicious email (Source: Proofpoint)

****Iran (TA450)****

In November 2024, TA450 (MuddyWater, Mango Sandstorm) targeted 39 organisations, mainly finance and government sectors, in the Middle East with fake Microsoft security update emails. They used ClickFix to persuade users to run PowerShell commands that installed the Level RMM tool, which the attackers intended to use for espionage and data theft. No further use of ClickFix by this group was observed afterwards.

****Russia (UNK\_RemoteRogue and TA422)****

UNK\_RemoteRogue used ClickFix once in December 2024, targeting individuals in two prominent arms manufacturing firms in the defence industry, sending emails with a link to a fake Microsoft Office page with Russian instructions to copy/paste code that executed JavaScript and then PowerShell linked to the Empire framework.

TA422 (Sofacy, APT28) employed ClickFix in October 2024, targeting Ukrainian entities, sending phishing emails with a link mimicking a Google spreadsheet sent out by CERT-UA that led to a reCAPTCHA, which, upon clicking, provided a PowerShell command to create an SSH tunnel and run Metasploit.

These groups, however, are not completely changing their attack methods. Instead, they are using ClickFix to replace certain steps in how they initially infect a target’s computer and run malicious software. Also, according to Proofpoint’s blog post, they have not observed any Chinese government-backed groups using ClickFix, possibly due to limited visibility into their activities.

Even though ClickFix is not yet a standard tool for state-sponsored actors, its increasing popularity suggests that this technique could become more common in government-backed cyber espionage campaigns in the coming months, researchers conclude.

North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks

Dallas, United States, TX, 21st April 2025, CyberNewsWire

**Dallas, United States, TX, April 21st, 2025, CyberNewsWire**

Brings Automated Response to Your Assets, Identity, Vulnerabilities, Alerts, and More to Redefine Risk Prioritization.

For years, security teams have operated in reactive mode, contending with siloed tools, fragmented intelligence, and a never-ending backlog of alerts. Traditional Security Operations platforms were supposed to unify data and streamline response—but they often introduced their own complexity, requiring heavy customization and manual oversight. “Hyper automation” delivered much of the same empty promises, leaving most security teams firefighting today’s incidents with limited bandwidth to proactively manage tomorrow’s risks.

At the 2025 RSA Conference, StrikeReady is introducing its next-generation Security Command Center v2. This AI-powered platform is engineered to go beyond basic alert processing, offering integrated asset and identity visibility, comprehensive vulnerability management, and coordinated automated response capabilities—enabling organizations to address threats with a focus on effective risk resolution.

> “We built StrikeReady to help security teams escape the cycle of perpetual reactivity,” said Alex Lanstein, CTO at StrikeReady. “With our platform, you don’t just see threats faster—you control and reduce risk in real time, closing gaps before they’re exploited. It’s a complete shift from dousing fires to preventing them from igniting.”

**v2 Key Business Outcomes and Metrics**

**1\. Proactive Risk Visibility**

A consolidated risk view across your identities, assets, and vulnerabilities, validated in a single unified interface/command center. Enable informed, strategic planning, rather than being in constant firefighting mode.

**2\. Radical Time Reduction**

Validating risk with threat intelligence, like threat intelligence reports, is cut from four to six hours to four to six minutes.

Alert processing drops from one hour to one minute, freeing analysts to focus on hunting.

All alerts, from any source—high, medium, and low severity—are all processed without differentiation, and at machine speed and accuracy.

**3\. Better, Faster, and More Cost-Effective Deployments**

Automated workflows and capabilities can be live in as little as 60 minutes, unlike traditional automation systems that often require six to 18 months of customization and cost upwards of $1 million.

**4\. Lower Operational Expenses**

One of many examples is phishing alert backlogs cleared in minutes, reducing manual efforts and saving over $180,000 annually.

Analysts spend less time on foundational work, false positives, and repetitive tasks, slashing overhead and burnout.

**5\. Native Case Management, Collaboration, and Real-Time Validation**

Built-in case management means no external ticketing, and zero trust collaboration with any internal or external team, with auto-documentation as standard (auditable).

**6\. Validate Your Security Controls** 

Use prepackaged or custom live attack content across your endpoints, cloud, and network to assess your security posture, resolve risk, and report improvements to your business.

**7\. Moving from Alerts to Strategic Defense**

While many AI-based security solutions focus on short-term alert handling, StrikeReady frames cybersecurity as an end-to-end risk management process. The platform’s proprietary Large Action Model (LAM) goes beyond mere analysis—directly executing defensive actions across the environment based on user prompts. This proactive approach helps organizations:

**Optimize** existing security investments by centralizing management.

**Preemptively** counter sophisticated threats, rather than reacting after the fact.

**Continuously** improve security efficiency through automation and instant control validation.

> “Success in cybersecurity today isn’t about chasing the latest threat—it’s about operationalizing intelligence, standardizing incident resolution, and eliminating friction at every step,” said Adil Mufti, CISO at StrikeReady. “StrikeReady makes this shift possible by consolidating the entire security lifecycle under one roof.”

**Experience StrikeReady at RSA Conference**

At **RSA Conference 2025**, StrikeReady will demonstrate live how the platform unifies risk visibility, orchestrates proactive actions, and frees analysts to make strategic decisions. Attendees can learn how to lower mean time to respond (MTTR), reduce false positives, and transform their SOC from a reactive entity into a proactive defense powerhouse.

**About StrikeReady**

Founded in 2019, StrikeReady introduced the first unified, vendor-agnostic, AI-powered Security Command Center delivering full-spectrum risk visibility, intelligent threat management, and automated response from a single, integrated platform.

By unifying identities, assets, vulnerabilities, and advanced simulations in one place, StrikeReady empowers organizations to proactively defend against modern threats and stay ahead of an ever-shifting cyber landscape. Moving beyond conventional AI, StrikeReady leverages its Large Action Model (LAM) to automate actions across the tech stack, creating a force multiplier for security teams seeking truly proactive risk management.

Recognized by Gartner as the only Virtual Security Assistant in its Emerging Technologies report, StrikeReady is dedicated to reshaping the future of cybersecurity.

**For more information users can visit**: https://strikeready.com/

**To schedule a demo at RSA, users can contact:** 

Lee Weyers | \[email protected\] | +1 (702) 588-1131

**Contact**

**Director, Public Relations**  
**Cara Harbor**  
**StrikeReady**  
**\[email protected\]**

Industry First: StrikeReady AI Platform Moves Security Teams Beyond Basic, One-Dimensional AI-Driven Triage Solutions

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture. 

The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device

5 Reasons Device Management Isn't Device Trust​

Customs and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border.

Entering the United States has become more precarious since the start of the second Trump administration in January. There has been an apparent surge in both foreign visitors and US visa holders being detained, questioned, and even deported at the border. As the situation evolves, demand for flights from Canada and Europe has plummeted as people reevaluate their travel plans.

Many people, though, can’t avoid border crossings, whether they are returning home after traveling for work or visiting friends and family abroad. Regardless of the reason for travel, US Customs and Border Protection (CBP) officials have the authority to search people’s phones and other devices as they determine who is allowed to enter the country. Multiple travelers have reported being questioned or turned away at the US border in recent weeks in relation to content on their phones.

While not unique to the US border—other nations also have powers to inspect phones—the increasingly volatile nature of the Trump administration’s border policies is causing people to rethink the risks of carrying devices packed with personal information to and from the US. Canadian authorities have updated travel guidance to warn of phone searches and seizures, some corporate executives are reconsidering the devices they carry, some officials in Europe continue to receive burner phones for certain trips to the US, and the Committee to Protect Journalists has warned foreign reporters about device searches at the US border.

With this in mind, here’s the WIRED guide to planning for bringing a smartphone across the border. You should also use WIRED’s guide to entering the US with your digital privacy intact to get a broader view of how to minimize data and take precautions. But start here for everything smartphone.

**What Can CBP Access?**

Do CBP officials have the authority to search your phone at the border? The short answer is yes. Searches are either manual, with a border official looking through the device, or more advanced, involving forensic tools to extract data en masse. To get into your phone, border officials can ask for your PIN or biometric to unlock the phone. However, your legal status and right to enter the US will make a difference in what a search might look like at the border.

Generally, border zones—which includes US international airports—fall outside of Fourth Amendment protections that require a warrant for a device to be searched (though one federal court has ruled otherwise). As such, CBP has the power to search any traveler’s phone or other electronic devices, such as computers and cameras, when they’re entering the country. US citizens and green card holders can refuse a device search without being denied entry, but they may face additional questioning or temporary device seizure. And as the Trump administration pushes the norms of acceptable government conduct, it is possible that, in practice, green card holders could face new repercussions for declining a device search. US visa holders and foreign visitors can face detention and deportation for refusing a device search.

“Not everybody has the same risk profile,” says Molly Rose Freeman Cyr, a member of Amnesty International’s Security Lab. “A person’s legal status, the social media accounts that they use, the messaging apps that they use, and the contents of their chats” should all factor into their risk calculus and the decisions they make about border crossings, Cyr says.

If you feel safe refusing a search, make sure to disable biometrics used to unlock your device, like face or fingerprint scanners, which CBP officers can use to access your device. Instead, use only a PIN or an alphanumeric code (if available on your device). Make sure to keep your phone’s operating system up to date, which can make it hard to crack with forensic tools.

You should also consider factors like nationality, citizenship, profession, and geopolitical views in assessing whether you or someone you’re traveling with could be at higher risk of scrutiny during border crossings.

In short, you need to make some decisions before you travel about whether you would be prepared to refuse a device search and whether you want to make changes to your devices before your trips.

Keep in mind that there are simple steps anyone can take to keep your devices out of sight and, hopefully, out of mind during border crossings. It’s always a good idea to obtain a printed boarding pass or prepare other paper documents for review and then turn your phone off and store it in your bag before you approach a CBP agent.

**Traveling With an Alternate Phone**

There are two ways to approach device privacy for border crossings. One is to start with a clean slate, purchasing a phone for the purpose of traveling or wiping and repurposing your old phone—if it still receives software updates.

The device doesn’t need to be a true “burner” phone, in the sense that you will be carrying it with you as if nothing is out of the ordinary, so you don’t need to purchase it with cash or take other steps to ensure that it can’t be connected to you. The idea, though, is to build a sanitized version of your digital life on the travel phone, ideally with separate communication and social media accounts created specifically for travel. This way, if your device is searched, it won’t have the back catalog of data—old text messages, years of photos, forgotten apps, and access to many or all of your digital accounts—that exists on your primary phone and could reveal details of your political views, your associations, or your movements over time.

Starting with a clean slate makes it easy to practice “data minimization,” or reducing the data available to another person: Simply put the things you’ll need for a trip on the phone without anything you won’t need. You might make a travel email address, some alternate social media accounts, and a separate account for end-to-end encrypted communications using an app like Signal or WhatsApp. Ideally you would totally silo your real digital life from this travel life. But you can also include some of your regular personal apps, building back from the ground up while determining on a selective basis whether you have existing accounts that you feel comfortable potentially exposing. Perhaps, for example, you think that showing a connection to your employer or a community organization could be advantageous in a fraught situation.

Privacy and digital rights advocates largely prefer the approach of building a travel device from scratch, but they caution that a phone that is too squeaky clean, too much like a burner phone, can arouse suspicion.

“You have to ‘seed’ the device. Use the phone for a day or even for a few hours. It just can't be _clean_ clean. That’s weird,” says Matt Mitchell, founder of CryptoHarlem, a security and privacy training and advocacy nonprofit. “My recommendation is to make a finsta for travel, because if they ask you what your profile is, how are you gonna say ‘I don't use any social media’? Many people have a few accounts anyway. One ratchet, one wholesome—add one travel.”

Cyr, from Amnesty International, also points out that a true burner phone would be a “dumb” phone, which wouldn’t be able to run apps for encrypted communications. “The advantage that we all have with smartphones is that you can communicate in an encrypted way,” Cyr says. “People should be conscious that any nonencrypted communication is less secure than a phone call or a message on an application like Signal.”

While a travel device doesn’t need to use a prepaid SIM card bought with cash, it should not share your normal phone number, since this number is likely linked to most if not all of your key digital accounts. Buy a SIM card for your trip or only use the device on Wi-Fi.

**Traveling With Your Primary Phone**

The other approach you can take to protecting your device during border crossings is to modify your primary smartphone before travel. This involves removing old photos and messages and storing them somewhere else, cleaning out nonessential apps, and either removing some apps altogether or logging out of them with your main accounts and logging back in with travel accounts.

Mohammed Al-Maskati, digital security helpline director at the rights group Access Now, says that people should consider this type of clean-out before they travel. “I will look at my device and see what apps I need,” he says. “If I don't need the app, I just remove it.”

Al-Maskati adds that he suggests people particularly remember to remove dating apps and anything related to LGBTQI communities, especially if they consider themselves to be at higher risk of facing a device search. And generally, this approach is only safe if you are particularly diligent about removing every app that might expose you to risk.

You could use your own phone as a travel phone by backing it up, wiping it, building a travel device with only the apps you really need while traveling, going on your trip, and then restoring from the backup when you get home. This approach is doable but time consuming, and it creates more opportunities for operational security mistakes or what are known as “opsec fails.” If you try to delete all of your old, unwanted apps, but miss one, you could end up exposing an old social media account or other historic service that has forgotten data in it. Messaging apps can have easily searchable archives going back years and can automatically save photos and files without you realizing it. And if you back up all of your data to the cloud and take it off your device, but are still logged into the cloud account underpinning other services (like your main Google or Apple account), you could be asked to produce the data from the cloud for inspection.

Still, if you assess that you are at low risk of facing scrutiny during a border crossing or you don’t have access to an additional device for travel, modifying your main smartphone is a good option. Just be careful.

**What To Do, If Nothing Else**

Given all of this, you may be hyped up and ready to throw your phone in the ocean. Or you may be thinking there’s no way in hell that you’re ever going to take the time to deal with any of this. For those in the latter camp, you’ve come this far, so don’t click away just yet. If you don’t want to take the time to make a bunch of changes, and you don’t think you’re at particular risk during border crossings (though keep in mind that it’s possible your risk is higher than you realize), there are still a few easy things you can do to protect your digital privacy that are better than nothing.

First, as mentioned above, print a paper boarding pass and any other documents you might need. Even if you don’t turn your phone off and stow it in a bag for your entire entry or exit process, you can put it in your pocket and have your paper ticket and other documents ready while actually interacting with agents. And taking basic digital hygiene steps, like updating your phone and removing apps and data you no longer need, can go a long way.

“We all need to be recognizing that authorities may scrutinize your online presence, including social media activity and posts you’ve published,” says Danacea Vo, founder of Cyberlixir, a cybersecurity provider for nonprofits and vulnerable communities. “Since people have gotten more vocal on social media, they’re very worried about this. Some have even decided not to risk traveling to or from the US this year.”

Latest News