PaperCut MF and NG print management servers are actively exploited by Storm-1175 via CVE-2023-27350 and CVE-2023-27351 as part of the ransomware campaign’s initial access chain against education and critical infrastructure sectors. Vendor patches are available. Organizations should verify PaperCut instances are patched per PaperCut’s advisories and review web server access logs for exploit-pattern URIs associated with these CVEs.