Hackers Are Exploiting a Critical PaperCut Flaw, What You Need to Know Now
If your organization uses PaperCut for print management, now’s the time to act fast. A serious security vulnerability (CVE-2023-2533) is actively being exploited by hackers, and it could let attackers take full control of your system remotely.
So, What’s Going On?
Researchers have discovered that threat actors are targeting a critical remote code execution (RCE) flaw in PaperCut’s MF and NG servers. This means hackers can run malicious code on affected systems without needing login credentials. All they need is access to the server, and from there, they can steal data, install malware, or even take over entire networks.
What’s worse? Some attacks are already happening in the wild. Microsoft and Huntress both confirmed that cybercriminals, including ransomware gangs, are jumping on this exploit.
Who’s Affected?
Anyone running PaperCut MF or NG versions before 20.1.7, 21.2.11, or 22.0.9 is vulnerable. That includes thousands of schools, offices, and enterprise environments worldwide.
How Are Hackers Getting In?
Security analysts have observed attackers using scripting tools like PowerShell to dig deeper into systems once they’re inside. Some are deploying remote management tools like Cobalt Strike and TrueBot malware, commonly used in ransomware operations.
What Should You Do?
Patch. Immediately. PaperCut released security updates to fix the issue, but many systems are still unpatched. If you’re unsure whether your server is safe, check your version and apply updates from the official PaperCut site.
Also:
- Monitor your logs for unusual activity
- Limit public access to your PaperCut servers
- Add extra authentication measures where possible
The Bottom Line
This isn’t just another tech bug, it’s a real-world threat. If you haven’t patched your system yet, you’re leaving the door wide open. Cybercriminals are watching, don’t wait until it’s too late.