Remote execution exploit chain in CUPS: Overview, detection, and remediation

Datadog Security Labs describes a chained set of CUPS vulnerabilities that can cause CUPS to bind to all interfaces and accept attacker-controlled printer definitions over UDP port 631, enabling remote code execution when a user initiates a print job; the disclosure includes PoCs, observed scanning and exploitation attempts with IoCs (IP addresses and printer URLs), and recommended mitigations such as updating, disabling cups-browsed, and blocking UDP/631 from untrusted networks.