News

Critical GNU InetUtils telnetd Flaw Allows Remote Root Access via CVE-2026-24061

Luciano Ferrari

23 Jan 2026 — 2 min read

Friday, January 23, 2026

Top 5 Cybersecurity Stories You Should Know

Critical GNU InetUtils telnetd Flaw Allows Remote Root Access via CVE-2026-24061 — tl;dr: A critical vulnerability in GNU InetUtils telnet daemon (telnetd), tracked as CVE-2026-24061, allows remote authentication bypass, enabling attackers to gain root access to affected systems. This flaw has remained undetected for nearly 11 years and affects all versions from 1.9.3 to 2.7. Organizations using GNU InetUtils should prioritize patching this vulnerability to prevent unauthorized access and potential system compromise. It is crucial to review configurations and apply necessary updates to mitigate risks associated with this severe security issue.
↪ https://thehackernews.com/
Cisco Unified Communications Zero-Day Vulnerability Under Active Exploitation — tl;dr: A zero-day vulnerability in Cisco Unified Communications is currently being exploited by threat actors, posing significant risks to organizations using this software. This flaw could allow attackers to gain unauthorized access and potentially compromise sensitive communications. Cisco has acknowledged the issue and is working on a patch, but until it is released, users are advised to implement additional security measures, such as network segmentation and monitoring for unusual activity, to mitigate the risks associated with this vulnerability.
↪ https://www.bankinfosecurity.com/zero-day-flaw-in-cisco-unified-communications-being-targeted-a-30582
CVE-2026-20045: Critical RCE Vulnerability in Cisco Products Under Active Exploitation — tl;dr: Cisco has announced a critical remote code execution (RCE) vulnerability, CVE-2026-20045, affecting several of its unified communications products, including Unified CM and Webex Calling. This flaw allows attackers to execute malicious commands on the device's operating system by sending crafted HTTP requests. With in-the-wild exploitation already reported, Cisco urges immediate patch application, as no workarounds are available. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog, requiring federal agencies to update by February 11, 2026, to mitigate risks of further attacks.
↪ https://socprime.com/blog/cve-2026-20045-vulnerability/
Zero-Day Exploits Rise: 30% of Vulnerabilities Attacked Pre-Disclosure — tl;dr: A recent VulnCheck report reveals that nearly 30% of known exploited vulnerabilities (KEVs) were attacked before or on the day of their public disclosure in 2025, marking a significant increase from 23.6% in 2024. This trend indicates an alarming acceleration in cyber attackers' exploitation of unpatched vulnerabilities, particularly targeting network edge devices and operating systems. Organizations should prioritize timely patch management and vulnerability assessments to mitigate risks associated with these zero-day and one-day exploits, as the landscape of cyber threats continues to evolve rapidly.
↪ https://www.infosecurity-magazine.com/news/zeroday-exploits-surge-vulncheck/
Top 10 Ransomware Attacks of 2025: Major Disruptions Across Industries — tl;dr: In 2025, ransomware evolved into a systemic risk, affecting national supply chains and critical services. Notable attacks included the Salesforce Ecosystem breach and the Oracle E-Business Suite exploit, which highlighted vulnerabilities in supply chains and the education and healthcare sectors. Organizations like Jaguar Land Rover and Ingram Micro faced significant operational paralysis, with consequences that extended beyond ransom payments. Cybersecurity Ventures projects the global cost of ransomware could reach $275 billion annually by 2031. Companies are advised to strengthen their cybersecurity measures, focusing on credential security and supply chain resilience to mitigate future risks.
↪ https://cybersecurityventures.com/top-10-ransomware-attacks-over-the-past-year/