GreyNoise Intelligence recently observed a sudden and sustained global drop in Telnet scanning on 14 January 2026. Multiple ASNs went quiet overnight. Days later, a critical telnetd authentication bypass — CVE-2026-24061 — was disclosed.
Yes, Telnet has always been insecure. Plaintext credentials were never a good idea. That's not the point.
The real takeaway
Insecure defaults have a half-life measured in decades. Legacy services linger in embedded systems, appliances, and forgotten management interfaces long after we assume they're gone. The fact that Telnet scanning was still significant enough to produce a visible, measurable global drop tells you everything about how slowly these things actually disappear.
Every network has dark corners — services nobody remembers enabling, management ports on hardware that's been racked and forgotten, default credentials on appliances that "we'll get to eventually." This is what attackers scan for, and it's what they find.
The protocol is old. The lesson is current.
Source: GreyNoise — Telnet falls silent.
← All filings