TelcoNews New Zealand - Telecommunications news for ICT decision-makers
New Zealand

Composition Analysis Stories

Global Stories

Composition Analysis stories

Sonatype warns of surge in trusted open-source malware
Application Security

Sonatype warns of surge in trusted open-source malware

Attackers hid malware in familiar package workflows, prompting Sonatype to log 21,764 malicious open-source packages in the quarter.

By Shannon Williams 4 min read Last month
Cloudsmith survey finds SBOM gaps before cyber law
DevOps

Cloudsmith survey finds SBOM gaps before cyber law

Most engineering teams could struggle to meet EU Cyber Resilience Act reporting deadlines, with many still handling SBOMs manually or only after incidents.

By Catherine Knowles 4 min read Last month
Malware surge in open source software alarms firms
Malware

Malware surge in open source software alarms firms

Organisations remain exposed as malware in open-source packages surged in 2025, with most advisories and account takeovers reported last year.

By Kaleah Salmon 4 min read Last month
AppOmni adds Heisenberg mode after LiteLLM supply attack
Virtualisation

AppOmni adds Heisenberg mode after LiteLLM supply attack

The malicious packages could leave build systems and Kubernetes clusters exposed, prompting checks across CI/CD pipelines and AI frameworks.

By Sean Mitchell 4 min read Fri, 27th Mar 2026
NetRise launches Provenance to trace open source risk
DevOps

NetRise launches Provenance to trace open source risk

Enterprises could spot compromised maintainers sooner, as the new tool maps open-source contributors, dependencies and policy breaches across builds.

By Sean Mitchell 5 min read Thu, 26th Mar 2026
Sonatype finds live data beats larger AI models on upgrades
DevOps

Sonatype finds live data beats larger AI models on upgrades

Sonatype says smaller AI tied to live software data can outsecure larger models on dependency upgrades, slashing risk and cost.

By Shannon Williams 4 min read Wed, 25th Mar 2026
Cloudsmith adds controls to block risky dependencies
DevOps

Cloudsmith adds controls to block risky dependencies

Cloudsmith adds automated controls to quarantine and block risky dependencies, tightening enforcement on software supply chain security.

By Joseph Gabriel Lagonsin 4 min read Tue, 24th Mar 2026
Veracode launches Fix for open-source vulnerability repair
DevOps

Veracode launches Fix for open-source vulnerability repair

Veracode unveils an AI-driven tool that automatically fixes open-source vulnerabilities, tackling mounting security debt in software supply chains.

By Sean Mitchell 4 min read Tue, 24th Mar 2026
Keysight unveils SBOM Manager to meet new cyber rules
Application Security

Keysight unveils SBOM Manager to meet new cyber rules

Keysight debuts SBOM Manager to automate software bills of materials as EU and US cyber rules tighten transparency and compliance demands.

By Shannon Williams 4 min read Fri, 20th Mar 2026
Harness unveils AI Security & coding tools for DevSecOps
DevOps

Harness unveils AI Security & coding tools for DevSecOps

Harness has launched AI Security and Secure AI Coding tools to spot and block vulnerabilities in AI-powered apps and AI-generated code.

By Sean Mitchell 5 min read Thu, 19th Mar 2026
ActiveState unveils Curated Catalog for safer code
Application Security

ActiveState unveils Curated Catalog for safer code

ActiveState launches Curated Catalog, a private, pre-vetted open source repository to tighten software supply chain security for enterprises.

By Joseph Gabriel Lagonsin 4 min read Wed, 18th Mar 2026
Manifest tool boosts SBOMs for critical C & C++ code
Application Security

Manifest tool boosts SBOMs for critical C & C++ code

Manifest unveils SBOM generator for unmanaged C and C++ code, tackling critical supply chain blind spots in embedded and safety systems.

By Mark Tarre 4 min read Sat, 14th Mar 2026
ActiveState names Abby Kearns as new Chief Executive
Digital Transformation

ActiveState names Abby Kearns as new Chief Executive

ActiveState appoints seasoned open source leader Abby Kearns as Chief Executive, sharpening its focus on managed open source security.

By Joseph Gabriel Lagonsin 3 min read Thu, 12th Mar 2026
Open source dependencies leave apps dangerously exposed
Unified Communications

Open source dependencies leave apps dangerously exposed

Secure.com warns most apps hide critical flaws in open source components, as unpatched dependencies and licence risks leave firms exposed.

By Shannon Williams 4 min read Thu, 12th Mar 2026
Endor Labs launches AURI to secure AI-driven coding
Digital Transformation

Endor Labs launches AURI to secure AI-driven coding

Endor Labs unveils AURI, a security intelligence platform embedding reachability-led checks into AI coding assistants and CI/CD pipelines.

By Sean Mitchell 5 min read Sat, 7th Mar 2026
Manifest flags AI readiness gap between execs & AppSec
Digital Transformation

Manifest flags AI readiness gap between execs & AppSec

Manifest research reveals executives overestimate AI security readiness, as AppSec teams warn of unmanaged tools, blind spots and rising risk.

By Shannon Williams 4 min read Thu, 5th Mar 2026

Stories from Other Regions

Composition Analysis stories

Avocado warns on code repository supply chain attacks
Cloud Security

Avocado warns on code repository supply chain attacks

Australian organisations face fresh risk of cloud and identity compromise as the cyber watchdog reissues its alert on repository attacks.

By Mark Tarre 4 min read Last month
Backslash adds cross-tool governance for AI coding Skills
Cloud Security

Backslash adds cross-tool governance for AI coding Skills

Backslash adds cross-tool governance to discover, vet and monitor 'Skills' powering AI coding assistants like Cursor, Claude Code and Copilot.

By Shannon Williams 4 min read Thu, 19th Mar 2026