Surge in Open Redirect Scans and New Telnet Vulnerability Reported

On February 25, 2026, the Internet Storm Center reported a surge in scans for open redirect vulnerabilities, primarily originating from a single IP address linked to IP Volume, a bulletproof hosting provider known for ignoring abuse requests. Open redirects occur when web applications redirect users to unvalidated URLs, often exploited in OAuth 2.0 flows to hijack credentials by swapping legitimate redirect URIs with malicious ones. Mozilla’s Firefox team introduced support for the setHTML API, part of the Sanitizer API standard, to mitigate DOM-based cross-site scripting (XSS) by blocking unsafe JavaScript insertion while allowing benign HTML markup. The API is currently supported in Firefox and Chrome but not Safari, limiting its widespread adoption. A new Telnet vulnerability was also disclosed, enabling privilege escalation by manipulating environment variables like CREDENTIALS_DIRECTORY to bypass authentication, with a recommended workaround restricting allowed variables to a predefined whitelist. The transcript noted that earlier Telnet flaws involved command-line parameter injection, while this variant leverages environment variable manipulation.