Hackers Exploiting telnetd Vulnerability for Root Access – Public PoC Released

**Active exploitation of CVE-2026-24061:** A critical authentication-bypass in GNU InetUtils telnetd (affecting versions 1.9.3–2.7) allows attackers to pass a crafted USER environment value (eg. "-f root") during Telnet negotiation to invoke /usr/bin/login and obtain a root shell; Grey Noise observed ~60 attempts from 18 IPs with follow-on activity including SSH key injection and delivery of a Python payload (apps.py) from http://67.220.95.16:8000.