GreyNoise has reported a significant rise in brute-force login attempts targeting Apache Tomcat Manager interfaces, with 295 malicious IP addresses identified on June 5, 2025. The surge indicates coordinated efforts to exploit exposed Tomcat services, predominantly from regions like the U.S., the U.K., and parts of Europe. In the past 24 hours, 188 additional IPs were noted, continuing this trend. The report emphasizes the need for organizations to enhance security protocols and maintain vigilant monitoring. Concurrently, security cameras have been found easily accessible online, positing additional risks.
"To mitigate any potential risks, organizations with exposed Tomcat Manager interfaces are recommended to implement strong authentication and access restrictions, and monitor for any signs of suspicious activity."
"This behavior highlights ongoing interest in exposed Tomcat services. Broad, opportunistic activity like this often serves as an early warning of future exploitation."
Collection
[
|
...
]