Were telcos tipped off to *that* ancient Telnet bug? Cyber pros say the signs stack up

GreyNoise researchers observed a sudden, large drop in global Telnet (port 23) sessions on January 14—six days before public advisories for CVE-2026-24061, a decade-old GNU InetUtils telnetd vulnerability with a 9.8 CVSS rating that allows trivial root access. The timing and pattern of the drop (many ISPs going from hundreds of thousands of sessions to near zero, while major cloud providers were largely unaffected) led GreyNoise to hypothesize that one or more Tier 1 transit/backbone providers implemented port 23 filtering prior to disclosure, possibly due to advance notification; GreyNoise notes this is unproven but worth documenting given the severity and subsequent CISA KEV listing.