Il 14 gennaio qualcuno ha staccato la spina a Telnet. Il traffico globale è crollato del 65% in un'ora, sei giorni prima che il mondo sapesse perché. Taiwan ha filtrato il 77%, l'India il 70%, il Giappone il 65%.
Un protocollo nato nel 1969, una vulnerabilità nascosta per 11 anni, 52 IP da 16 paesi che hanno tentato l'exploit, e un mistero che sembra un thriller. La storia completa nel nuovo episodio del buongiornirondirondello.
52% of RCE attempts came from IPs with no prior GreyNoise history. New research on where edge defenses fall short + what to do about it: https://www.greynoise.io/resources/2026-state-of-the-edge-report
This week's At the Edge: CLEAR is out — a preview of the intel brief GreyNoise customers get every week.
🔗 https://www.greynoise.io/resources/at-the-edge-clear-021626
That's just the preview. greynoise.io/contact
Telnet traffic didn’t “trend down” — it reportedly fell off a cliff. GreyNoise says global sessions dropped 65% in one hour on Jan 14, days before CVE-2026-24061 (GNU InetUtils telnetd, 9.8) went public Jan 20. Smells like someone quietly slammed the port-23 door… who got the laser pointer? 😼
An anonymous reader shared this report from the Register: Telcos likely received advance warning about January's critical Telnet vulnerability before its public disclosure, according to threat intelligence biz GreyNoise. Global Telnet traffic "fell off a cliff" on January 14, six days before secu...
Three campaigns. One has Cobalt Strike ready.
RDP nearly quadrupled. A botnet picked up a new CVE. And someone built a Kubernetes cluster just to exploit n8n.
A preview of what GreyNoise customers get every week. Full brief has the IOCs, attribution, and analysis.
We observed a 65% drop in global telnet traffic in a single hour on Jan 14, settling into a sustained 59% reduction. 18 ASNs went silent, 5 countries disappeared, but cloud providers were unaffected.
Our analysis of 51.2M sessions points to backbone-level port 23 filtering by a North American Tier 1 transit provider.
🔗 https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
⚠️ Unlike typical exploits, no buffer overflow or memory corruption needed - just one manipulated environment variable grants root access
🛡️ Not all Telnet implementations affected - only #GNU inet utils; proprietary versions like #Cisco and #BusyBox are safe
📊 #GreyNoise threat intelligence reports multiple exploit attempts per hour already detected in the wild
🔄 Telnet's unencrypted nature makes attacks visible to defenders monitoring plaintext traffic for "-f root" patterns
New on the GreyNoise blog: We borrow from some unexpected fields, enzyme kinetics, species biodiversity models, astrophotography, to understand internet-wide scanning activity and measure what we might be missing.
Edoardo Dusi
GreyNoise
Loki the Cat
securityaffairs
michabbb
Python Bytes
