SCA stories

payabl. adds Visa Click to Pay across Europe, aiming to cut checkout friction, lift authorisations and reduce fraud for merchants.

Sonatype flags 21,764 malicious open-source packages in Q1 2026, with npm hit hardest as attackers used trusted workflows to steal secrets.

Cloudsmith survey finds most engineering teams still lack automated SBOM checks, leaving many unready for fast EU Cyber Resilience Act audits.

Open source malware advisories jumped in 2025 as Endor Labs warned that firms are under-prepared and budgets lag the threat.

AppOmni upgrades Heisenberg to help teams trace GitHub Actions and spot tainted dependencies after the LiteLLM supply chain breach.

NetRise unveils Provenance, a tool to trace open source maintainers and stop risky dependencies before they spread through software.

Fime's EMEA lab wins EMVCo nod to test fingerprint sensors for biometric cards, supporting global roll-out of trusted contactless payments.

Sonatype says smaller AI tied to live software data can outsecure larger models on dependency upgrades, slashing risk and cost.

Veracode unveils an AI-driven tool that automatically fixes open-source vulnerabilities, tackling mounting security debt in software supply chains.

Backslash adds cross-tool governance to discover, vet and monitor 'Skills' powering AI coding assistants like Cursor, Claude Code and Copilot.

Token.io launches Account on File to make Pay by Bank a near one-tap checkout, cutting steps and boosting conversion for UK and EU merchants.

Harness has launched AI Security and Secure AI Coding tools to spot and block vulnerabilities in AI-powered apps and AI-generated code.

Ditto launches cryptographic digital ID platform for EU, promising reusable wallet-based identities and less personal data exposure.

ActiveState launches Curated Catalog, a private, pre-vetted open source repository to tighten software supply chain security for enterprises.

Ecommpay clinches Anti-fraud Solution and Financial Inclusion titles at the FSTech Awards 2026, underscoring its payments innovation.

Manifest unveils SBOM generator for unmanaged C and C++ code, tackling critical supply chain blind spots in embedded and safety systems.

RateGain and Juspay unveil RG Pay, an embedded payments layer to boost cross-border checkout performance for global travel brands.

BioCatch launches DeviceIQ to scan mobile and web devices before login, spotting AI-driven fraud and compromised handsets in milliseconds.

ActiveState appoints seasoned open source leader Abby Kearns as Chief Executive, sharpening its focus on managed open source security.

Appdome's new Threat-Memory tool stores on-device threat histories and AI scores to counter repeat mobile fraud and account takeovers.