G
We observed a 65% drop in global telnet traffic in a single hour on Jan 14, settling into a sustained 59% reduction. 18 ASNs went silent, 5 countries disappeared, but cloud providers were unaffected.
Our analysis of 51.2M sessions points to backbone-level port 23 filtering by a North American Tier 1 transit provider.
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
83% of observed Ivanti EPMM exploitation (CVE-2026-1281) traces to one bulletproof IP that isn't on any published IOC list. The IPs that are? VPN exits with zero Ivanti activity. We broke down who's actually doing this 
️ https://www.greynoise.io/blog/active-ivanti-exploitation
Attackers are operating at machine speed + so should defenders. 
Check out the Government Technology Insider article, where our Principal Intelligence Liaison, Shawn Smagh, shares what we’re seeing in the data and 4️⃣ steps to get to active defense at machine speed.
https://governmenttechnologyinsider.com/the-ai-accelerated-threat-landscape-four-steps-toward-active-defense-at-machine-speed/
