The Internet Storm Center’s daily Stormcast for April 2 recorded a sharp rise in unsolicited probes of SSH (port 22) and Telnet (port 23) across multiple continents. Compared with the prior 24‑hour period, scanning activity jumped roughly 40 %, with several regions reporting sustained bursts of connection attempts from previously unseen IP ranges.

Defenders must treat this surge as a warning sign: increased reconnaissance typically precedes credential‑stuffing attacks or exploitation of misconfigured services. Harden exposed SSH/Telnet endpoints by enforcing key‑based authentication, deploying multi‑factor authentication, limiting login attempts, and implementing strict network segmentation and logging. Continuous monitoring of scan sources and rapid response to anomalous login activity will reduce the risk of successful intrusion during these heightened threat windows.