Security Affairs
Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets|A cyberattack hit Nichirei, one of Japan’s largest food companies|New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets|A cyberattack hit Nichirei, one of Japan’s largest food companies|New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CISA compiled a list of free cybersecurity tools and services

The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced this week that it has compiled a list of free cybersecurity tools and services that can help organizations to reduce cybersecurity risk and increase resilience. The […]

CISA BlueHammer (CVE-2026-33825)

The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced this week that it has compiled a list of free cybersecurity tools and services that can help organizations to reduce cybersecurity risk and increase resilience.

The list is part of an ongoing project, it will be continuously updated by CISA that also plans to allow third parties to propose their resources to include in the list.

The list includes open source tools and free resources provided by government organizations and private cybersecurity firms.

The tools cover a broad range of activities normally conducted by defenders, from incident response to threat detection.

“As part of our continuing mission to reduce cybersecurity risk across U.S. critical infrastructure partners and state, local, tribal, and territorial governments, CISA has compiled a list of free cybersecurity tools and services to help organizations further advance their security capabilities. This living repository includes cybersecurity services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community. CISA will implement a process for organizations to submit additional free tools and services for inclusion on this list in the future.” reads the announcement published by CISA. “The list is not comprehensive and is subject to change pending future additions.”

The US agency proposed the following categorization according to the four goals outlined in CISA Insights: Implement Cybersecurity Measures Now to Protect Against Critical Threats:

  1. Reducing the likelihood of a damaging cyber incident;
  2. Detecting malicious activity quickly;
  3. Responding effectively to confirmed incidents; and
  4. Maximizing resilience.

The list already includes cybersecurity tools and services from major IT and cybersecurity firms, including ones provided by CISA, AT&T Cybersecurity, Cloudflare, Cisco, Center for Internet Security, CrowdStrike, Google, IBM, Microsoft, Mandiant, Splunk, SANS, Secureworks, Tenable, and Palo Alto Networks. The list also includes tens of tools are open source.

CISA pointed out that it does not endorse any commercial product or service.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

[adrotate banner=”5″]

[adrotate banner=”13″]