SCA stories

Sonatype flags 21,764 malicious open-source packages in Q1 2026, with npm hit hardest as attackers used trusted workflows to steal secrets.

Open source malware advisories jumped in 2025 as Endor Labs warned that firms are under-prepared and budgets lag the threat.

AppOmni upgrades Heisenberg to help teams trace GitHub Actions and spot tainted dependencies after the LiteLLM supply chain breach.

NetRise unveils Provenance, a tool to trace open source maintainers and stop risky dependencies before they spread through software.

Fime's EMEA lab wins EMVCo nod to test fingerprint sensors for biometric cards, supporting global roll-out of trusted contactless payments.

Sonatype says smaller AI tied to live software data can outsecure larger models on dependency upgrades, slashing risk and cost.

Veracode unveils an AI-driven tool that automatically fixes open-source vulnerabilities, tackling mounting security debt in software supply chains.

Harness has launched AI Security and Secure AI Coding tools to spot and block vulnerabilities in AI-powered apps and AI-generated code.

ActiveState launches Curated Catalog, a private, pre-vetted open source repository to tighten software supply chain security for enterprises.

Manifest unveils SBOM generator for unmanaged C and C++ code, tackling critical supply chain blind spots in embedded and safety systems.

RateGain and Juspay unveil RG Pay, an embedded payments layer to boost cross-border checkout performance for global travel brands.

ActiveState appoints seasoned open source leader Abby Kearns as Chief Executive, sharpening its focus on managed open source security.

Appdome's new Threat-Memory tool stores on-device threat histories and AI scores to counter repeat mobile fraud and account takeovers.

Endor Labs unveils AURI, a security intelligence platform embedding reachability-led checks into AI coding assistants and CI/CD pipelines.

Manifest research reveals executives overestimate AI security readiness, as AppSec teams warn of unmanaged tools, blind spots and rising risk.

Security debt hits 82% of organisations as legacy flaws linger over a year, with third-party code driving most critical vulnerabilities.

Ecommpay launches a free fraud guide for online retailers as UK payment fraud hits GBP £1.17 billion and AI-driven scams rapidly escalate.

Rapid AI and cloud adoption is fuelling a new wave of cyber risk, as Tenable warns of exposed software supply chains and “ghost” identities.

ActiveState launches a 79m-component secure open source catalogue to centralise software supply chains and cut enterprise vulnerability risk.

FDATA names Sumsub policy lead Kat Cloud to its board, signalling a sharper focus on identity, fraud and security in North American open finance.