惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog
C
Check Point Blog
The GitHub Blog
The GitHub Blog
Y
Y Combinator Blog
SecWiki News
SecWiki News
有赞技术团队
有赞技术团队
Latest news
Latest news
D
DataBreaches.Net
Blog — PlanetScale
Blog — PlanetScale
Project Zero
Project Zero
H
Help Net Security
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
G
GRAHAM CLULEY
Engineering at Meta
Engineering at Meta
T
Threat Research - Cisco Blogs
腾讯CDC
P
Proofpoint News Feed
L
LINUX DO - 热门话题
C
Cisco Blogs
P
Palo Alto Networks Blog
Vercel News
Vercel News
P
Privacy International News Feed
爱范儿
爱范儿
Scott Helme
Scott Helme
L
Lohrmann on Cybersecurity
MyScale Blog
MyScale Blog
K
Kaspersky official blog
B
Blog RSS Feed
美团技术团队
Microsoft Security Blog
Microsoft Security Blog
O
OpenAI News
博客园 - 叶小钗
量子位
T
Tenable Blog
C
Cybersecurity and Infrastructure Security Agency CISA
J
Java Code Geeks
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hacker News: Ask HN
Hacker News: Ask HN
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
L
LINUX DO - 最新话题
F
Fortinet All Blogs
N
News | PayPal Newsroom
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
博客园 - 【当耐特】
N
News and Events Feed by Topic
V
Visual Studio Blog
Google DeepMind News
Google DeepMind News
Last Week in AI
Last Week in AI

PYMNTS.com

Treasury Calls for Programmable Financial Enforcement Across Crypto DeepSeek Seeks $20 Billion Valuation as Tech Giants Weigh Investment Google Accelerates Agentic AI Shift With New Enterprise Platform OpenAI Begins Briefing Governments on Cybersecurity Capabilities DeFi Security Suffers New Blow With $3 Million Volo Exploit Uninvited Users Access Anthropic’s Mythos AI Model Block and Uber Expand Partnership Across Several Global Markets OpenAI Pledges $1.5 Billion to PE Enterprise AI Project Podcast: Inside the $9 Billion DeFi Hack That’s Shaking Crypto’s Foundations Synchrony CFO Flags Momentum in Spending and Credit Banks Risk Slowing the Emerging Middle Market Firms Driving Growth Paysafe Expands Digital Wallet Availability Across 18 European Markets Bad Data Can Break Good AI in Payments 50% More Digital Shopping Days Put Parents at the Center of Retail’s Shift 65% Call Insurance Essential. Why Most Spending Isn’t So Clear-Cut Amazon Recasts Marketplace Fraud as a Broader Trust Problem Capital One’s Q1 Shifts Attention From Spending to Strategy Lawmakers Question JetBlue About Surveillance Pricing Allegations Small Businesses Stop Chasing Amazon on Delivery Speed Google Embeds AI Into Chrome for 3.5 Billion Users Adobe Plans Outcome-Based Pricing for New AI Product Suite UnitedHealth Spends $1.5 Billion on AI and Wants Double Back MiCA Forces Crypto Firms to Get Licensed or Get Out Prediction Market Kalshi Targets Crypto Perpetuals New York Sues Coinbase and Gemini Over Prediction Markets Amazon and Anthropic Deepen Ties With Investment and Hardware Pact Agentic B2B Is Here. Are Your Contracts and Invoices Ready? Apple Hardware Leader John Ternus to Succeed CEO Tim Cook The Web Is Gaslighting AI Agents and Nobody Can Tell OCC Enters the Interchange Fight and Raises the Stakes Amazon Dismisses New Evidence in California Antitrust Suit AI Finds Its Best Customer on Main Street Coinbase Opens Services Marketplace for Agentic Commerce Feds Start Processing $127 Billion in Tariff Refunds for Importers Payments Modernization Is Insurance’s Next Big Margin Engine How Visa Is Rewiring Bank Infrastructure for the AI Era Instant Payments Grow but the Real Barrier Is Human The Old-School Card Product Banks May Need Most 43% of SMBs Would Pay to Make Purchases in Installments The Real AI Edge in Payments Comes From Better Judgment In the Age of Agentic AI, Data Control Is Power Verizon’s Dan Schulman Tells CEOs to Be Open About AI Job Cuts Walmart Eyes Stores as Warehouse Space for Same-Day Delivery France’s CB Payments Network Aims to Take on Visa/Mastercard in EU QVC Was TikTok Shop Before TikTok Shop Loop Raises $95 Million to Bridge Supply Chain Data Gap Cursor Eyes $50 Billion Valuation as AI Coding Demand Surges Commercial Lending Rescues Regional Banks From Consumer Slowdown Anthropic and White House Aim to Make Peace in Friday Meeting Home Depot Buys SIMPL Automation to Support Same-Day Delivery The Riskiest Words in B2B: This Is How We’ve Always Done It France Urges Euro Stablecoins to Break Dollar Dependency Importers Prep for Monday Opening of Tariff Refund Portal Permitting Hurdles and Labor Shortages Threaten AI Data Center Timelines Token Freezes Force CFOs to Rethink Stablecoin Risk X Money Tests Whether Social Commerce Can Hold Consumer Deposits Anthropic Briefs EU Regulators on Mythos Cybersecurity Concerns Welcome to Vibe Ordering, ChatGPT Is Taking Your Order Now Nvidia Says AI Can Finally Make Quantum Computing Work QVC Files Chapter 11 to Slash Debt and Pursue Growth Uber Eats Lets Customers Return Their Retail Purchases Financial Officials Sound Alarm About Anthropic’s Banking Risk 71% of Billion-Dollar Firms Face Agent Identity Threats OpenAI Targets Pharma Giants With Purpose-Built AI Model California Claims Amazon Punishes Sellers for Lower Prices on Other Sites CFTC Chairman Says AI Helps Agency Run More Like a Business Global Finance Chiefs Call for Mythos Information Sharing Big Bank Earnings Show Digital Activity Drives Deposits OCC Clears JPMorgan Chase After Trade Surveillance Program Upgrade Accounts Receivable Gets an AI Upgrade BNY’s AI Strategy Signals a New Era of Platform Banking Bank of England Probes AI Threats to UK Financial Stability Rising AI Adoption Is Driving Up Enterprise Costs Google Faces EU Order to Share Search Data With Rivals Delivery Robots Lead Grab’s AI Expansion Circle Chief Says China Could Issue Stablecoin in 3 to 5 Years Amex Acquires Hyper to Boost AI and Expense Management Offerings Anthropic Ready to Offer Mythos to British Banks Issuers Face a New Reality as Credit Goes Real Time How Payments Gaps Are Limiting Deposit Growth at Community Banks AI May Run Payments but Humans Still Own the Risk 90% of Millennials Feel Pressure at the Grocery Store The New Checkout Is Where the Best Offer Wins Apple Pushes Siri Programmers to Adopt AI Coding Tools Amazon Sellers Protest Policy Changes With One-Day Ad Boycott FanDuel and DraftKings Fund $41 Million Lobbying Effort by Super PAC Live Nation Loses Antitrust Case Brought by 33 States Fed Beige Book Finds Tax Refund Relief Running Into Higher Gas Prices Anthropic’s New Design Tool Rivals Adobe and Figma Goldman Sachs Seeks SEC Approval for New Bitcoin ETF What AI-Driven Attack Chains Mean for CFOs and CISOs Healthcare’s AI Boom Moves From Bedside to Back Office Accel Prepares to Pour $5 Billion Into Global AI Breakouts Nearly 4 in 10 Financially Stressed Shoppers Choose Walmart Over Amazon Synchrony Bets on Teachers to Fix Financial Literacy Mastercard’s Mark Barnett Says the Real Currency for SMBs Is Payment Timing SoFi Uses Galileo to Power Real-Time FedNow Transfers Palo Alto Founder Eyes Liberty Bank for AI Banking Experiment Surcharge Surge Hits Consumers as Fee Fatigue Sets In Walmart CFO Says Marketplace Revenue Up 20% Over 2025
Smart Firms Treat Vendor Risk Like Their Own
PYMNTS · 2026-04-29 · via PYMNTS.com

Artificial intelligence has opened up Pandora’s box for enterprise cybersecurity. And what it found was that the modern enterprise is no longer a closed system. It is a web of dependencies, stitched together by software vendors, cloud providers, and outsourced engineering partners.

Increasingly, this means the weakest link isn’t one that’s found inside the organization at all but instead resides across the long tail of third-party software that keeps operations running. That may be old news to some in the C-suite, but what’s new news is how fast latent vulnerabilities across a corporate supply chain can be surfaced, thanks in large part to emerging frontier AI models, like both Anthropic’s Mythos and OpenAI’s GPT 5.4 cyber model, and their user-agnostic capabilities for cyber exploitation.

In response to today’s dynamic and evolving threat landscape, Microsoft recently (April 14) patched over 167 existing security vulnerabilities in its Windows operating systems and related software with new updates.

Vulnerabilities that might once have lingered undetected for months are now surfaced in days, sometimes hours. In parallel, attackers are becoming more opportunistic, scanning not just primary targets but their extended ecosystems for entry points.

But in a world of interconnected systems, patch discipline is only as strong as the weakest vendor.

See also: What AI-Driven Attack Chains Mean for CFOs and CISOs 

Advertisement: Scroll to Continue

Race to Protect Soft Spots AI Unearths

Cybersecurity has always been described as a moving target. What distinguishes the current moment is how quickly yesterday’s best practices are becoming today’s minimum requirements. Patch discipline, vendor audits, and incident response planning are no longer differentiators; they are table stakes.

PYMNTS covered Monday (April 27) how hackers have reportedly begun impersonating Microsoft Teams help desk workers to dupe victims into installing data-stealing malware. These attacks are part of a larger trend PYMNTS covered last week, one that sees hackers “logging in” rather than breaking in.

The result is a paradox: even as internal defenses improve, overall risk can increase because the attack surface has expanded beyond direct control. A vendor’s delayed patch cycle or misconfigured system can become the enterprise’s problem overnight.

For CFOs, this introduces a category of risk that is both material and difficult to quantify. Unlike traditional operational risks, third-party vulnerabilities are often opaque, buried in contractual relationships that may have been primarily negotiated for cost efficiency or speed rather than cyber resilience.

The PYMNTS Intelligence report “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms” found that hackers are increasingly going after middle market firms, which depend on third-party cloud providers, software-as-a-service platforms, managed service and logistics providers, which can leave them vulnerable to attack.

As a result, the predictable rhythms of enterprise IT maintenance are increasingly misaligned with the pace of modern threats. Vulnerabilities disclosed today can be weaponized tomorrow. If a vendor takes weeks to deploy a fix, that lag becomes a window of exposure not just for them, but for every client connected to their systems.

See also: FBI Warns: Internal Risk May Outpace Cyber Threats 

New Cybersecurity Table Stakes

Third-party risk is no longer a niche compliance concern. It is becoming the frontline of defense.

As cybersecurity becomes more intertwined with enterprise value, the CFO’s role is expanding. This does not mean becoming a technical expert. It does mean asking sharper questions. How quickly do our critical vendors patch known vulnerabilities? What visibility do we have into their security practices? How are we prioritizing investments in vendor risk management relative to other initiatives?

Data, in this environment, is becoming critical to powering real-time visibility. CFOs can embrace strategies such as automated scanning, continuous monitoring, and predictive analytics to provide a more dynamic view of a partner’s security posture.

“The lagging organizations treat the data as a storage problem while the leading organizations actually treat it as a decisioning system,” Max Spivakovsky, senior director of global payments risk management at Galileo, told PYMNTS in an interview posted this month for the “What’s Next in Payments” series.

See also: Cybersecurity’s Hottest New Job Is Negotiating With Hackers

But perhaps the most profound shift is a conceptual one. Third-party risk management is moving from a periodic, compliance-driven exercise to a continuous process. Annual audits and questionnaires are no longer sufficient in a landscape where vulnerabilities can emerge and evolve rapidly.

After all, AI isn’t the only vulnerability high-value enterprise firms and institutions are facing. In other cybersecurity news, PYMNTS wrote earlier about the way Quantum Day — the moment when commercially available quantum computers can crack widely used cryptographic systems — has ceased being a distant hypothetical.

“As a result of the shrinking strategic horizon, what was once a theoretical, deep-tech risk is instead now being operationalized into present-day procurement decisions, product roadmaps and compliance mandates,” that report said.