Our team is tracking in-the-wild exploitation of zero-day vulnerabilities against PaperCut MF/NG which allow for unauthenticated remote code execution due to an authentication bypass.
UPDATE: A new statement(Opens in a new window) from MSI says users should avoid downloading firmware and BIOS updates from third-party sources, and instead only obtain such software from the company's official website.
The statement suggests MSI is worried hackers could circulate malicious versions of the company's BIOS software when the ransomware gang, Money Message, claims it stole the PC maker's source code.