Coordinated Brute Force Activity Targets Apache Tomcat Manager Interfaces

On June 5, 2025, the threat intelligence company GreyNoise reported coordinated brute force activity targeting Apache Tomcat Manager interfaces. This increase in login attempts and brute force efforts indicates deliberate efforts to identify and access exposed Tomcat services on a large scale. 295 unique IP addresses were involved in this activity.