Cybersecurity researchers have discovered a way to exploit a critical flaw in PaperCut servers (CVE-2023-27350) that bypasses current detections. On March 8, 2023, the vulnerability was patched by the Australian company, however it has since been weaponized by multiple threat groups. VulnCheck has now released a proof-of-concept exploit that utilizes the “User/Group Sync” feature to execute arbitrary code with SYSTEM privileges without being detected. The exploit can launch a Python reverse shell on Linux or download a custom reverse shell hosted on a remote server in Windows.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.