Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

An old PaperCut bug is now being actively exploited by hackers

CISA has not released specific details concerning current attacks but has incorporated CVE-2023-2533 into its Known Exploited Vulnerabilities Catalog.

byEmre Çıtak
July 29, 2025
in Cybersecurity, News

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding active exploitation of a high-severity vulnerability, CVE-2023-2533, within PaperCut NG/MF print management software, urging immediate patching for over 100 million users across 70,000 organizations.

CVE-2023-2533, a cross-site request forgery (CSRF) vulnerability patched in June 2023, enables remote code execution. Exploitation requires an attacker to trick an administrator, possessing a current login session, into clicking a maliciously crafted link, which can lead to altered security settings or arbitrary code execution. CISA has not released specific details concerning current attacks but has incorporated CVE-2023-2533 into its Known Exploited Vulnerabilities Catalog.

Federal Civilian Executive Branch (FCEB) agencies are mandated by the November 2021 Binding Operational Directive (BOD) 22-01 to patch this vulnerability by August 18. CISA advises all organizations, including those in the private sector, to prioritize patching, stating that such vulnerabilities are frequent attack vectors for malicious cyber actors and present significant risks to the federal enterprise.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.


Microsoft finds a major privacy flaw in Apple’s Spotlight search


Shadowserver, a non-profit security organization, currently identifies over 1,100 PaperCut MF and NG servers exposed online. Not all these servers are susceptible to CVE-2023-2533 attacks. While CISA has no evidence directly linking CVE-2023-2533 to ransomware attacks, PaperCut servers have been compromised by ransomware groups earlier in 2023. These prior breaches leveraged CVE-2023-27350, a critical unauthenticated remote code execution vulnerability, and CVE-2023-27351, a high-severity information disclosure flaw.

In April 2023, Microsoft associated attacks on PaperCut servers with the LockBit and Clop ransomware gangs, who utilized their access to steal corporate data. Approximately two weeks thereafter, Microsoft reported that Iranian state-backed hacking groups, identified as Muddywater and APT35, had also engaged in these attacks. These threat actors exploited the ‘Print Archiving‘ feature, which is designed to save documents routed through PaperCut printing servers.

CISA included CVE-2023-27350 in its catalog of actively exploited vulnerabilities on April 21, 2023, requiring U.S. federal agencies to secure their servers by May 12, 2023. One month later, CISA and the FBI jointly issued an advisory, indicating that the Bl00dy Ransomware gang had also commenced exploiting the CVE-2023-27350 RCE vulnerability to gain initial access to educational organizations’ networks.


Featured image credit

Tags: papercut

Related Posts

ChatGPT reportedly reduces reliance on Reddit as a data source

ChatGPT reportedly reduces reliance on Reddit as a data source

October 3, 2025
Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

October 3, 2025
Light-powered chip makes AI computation 100 times more efficient

Light-powered chip makes AI computation 100 times more efficient

October 3, 2025
Free and effective anti-robocall tools are now available

Free and effective anti-robocall tools are now available

October 3, 2025
Choosing the right Web3 server: OVHcloud options for startups to enterprises

Choosing the right Web3 server: OVHcloud options for startups to enterprises

October 3, 2025
Z.AI GLM-4.6 boosts context window to 200K tokens

Z.AI GLM-4.6 boosts context window to 200K tokens

October 2, 2025

LATEST NEWS

ChatGPT reportedly reduces reliance on Reddit as a data source

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Light-powered chip makes AI computation 100 times more efficient

Free and effective anti-robocall tools are now available

Choosing the right Web3 server: OVHcloud options for startups to enterprises

Z.AI GLM-4.6 boosts context window to 200K tokens

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.