Threat intelligence firm GreyNoise has warned of a « coordinated brute-force activity » targeting Apache Tomcat Manager interfaces.
The company said it observed a surge in brute-force and login attempts on June 5, 2025, an indication that they could be deliberate efforts to « identify and access exposed Tomcat services at scale. »
To that end, 295 unique IP addresses have been found to be engaged
