惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

A
Arctic Wolf
U
Unit 42
爱范儿
爱范儿
WordPress大学
WordPress大学
博客园 - 司徒正美
腾讯CDC
酷 壳 – CoolShell
酷 壳 – CoolShell
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Last Week in AI
Last Week in AI
美团技术团队
博客园_首页
宝玉的分享
宝玉的分享
Hugging Face - Blog
Hugging Face - Blog
P
Palo Alto Networks Blog
H
Hacker News: Front Page
博客园 - 叶小钗
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
罗磊的独立博客
TaoSecurity Blog
TaoSecurity Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Help Net Security
Help Net Security
雷峰网
雷峰网
S
Security @ Cisco Blogs
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Forbes - Security
Forbes - Security
T
Troy Hunt's Blog
V
V2EX
博客园 - 聂微东
Cloudbric
Cloudbric
大猫的无限游戏
大猫的无限游戏
Google Online Security Blog
Google Online Security Blog
S
Security Affairs
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Recent Commits to openclaw:main
Recent Commits to openclaw:main
IT之家
IT之家
S
SegmentFault 最新的问题
T
Threat Research - Cisco Blogs
J
Java Code Geeks
H
Heimdal Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
Know Your Adversary
Know Your Adversary
小众软件
小众软件
Microsoft Azure Blog
Microsoft Azure Blog
The GitHub Blog
The GitHub Blog
AWS News Blog
AWS News Blog
The Cloudflare Blog
Simon Willison's Weblog
Simon Willison's Weblog
月光博客
月光博客
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻

PYMNTS.com

Crypto Payments Are Back. Will Merchants Actually Care This Time? B2B’s New Battlefield Is Everything Before the Button Amazon Targets the GLP-1 Gap Big Pharma Left Open LendingClub Signals Expanded Capabilities With Happen Bank Rebrand Congress Moves to Give FinTechs Direct Fed Payment Access Microsoft Tests Mythos to Identify and Mitigate Vulnerabilities United Airlines Hikes Fares as Fuel Costs Surge OpenAI Images 2.0 Is a Real Leap With a Real Price Tag Morgan Stanley Says Gaming Could Score $22 Billion With AI FTC Shuts Down Alleged Healthcare Fraud Scheme Sam’s Club Offers eCommerce Shoppers Hour-or-Less Deliveries FinTechs Cut Staff as AI and Margins Redefine Growth JPMorganChase Extends Critical Industries Investment Program to Continental Europe OpenAI Lands $75 Million Investment From Robinhood Ventures House Bill Would Reduce Small Lenders’ Reporting Requirements Coinbase Lists tGBP to Expand Locally-Denominated Stablecoin Access BNY Names New Head for Payments/Trade Client Platform KnowBe4 Automates Global Cash Flow Via Flywire Partnership Treasury Calls for Programmable Financial Enforcement Across Crypto DeepSeek Seeks $20 Billion Valuation as Tech Giants Weigh Investment Google Accelerates Agentic AI Shift With New Enterprise Platform OpenAI Begins Briefing Governments on Cybersecurity Capabilities DeFi Security Suffers New Blow With $3 Million Volo Exploit Uninvited Users Access Anthropic’s Mythos AI Model Block and Uber Expand Partnership Across Several Global Markets OpenAI Pledges $1.5 Billion to PE Enterprise AI Project Podcast: Inside the $9 Billion DeFi Hack That’s Shaking Crypto’s Foundations Synchrony CFO Flags Momentum in Spending and Credit Banks Risk Slowing the Emerging Middle Market Firms Driving Growth Paysafe Expands Digital Wallet Availability Across 18 European Markets Bad Data Can Break Good AI in Payments 50% More Digital Shopping Days Put Parents at the Center of Retail’s Shift 65% Call Insurance Essential. Why Most Spending Isn’t So Clear-Cut Amazon Recasts Marketplace Fraud as a Broader Trust Problem Capital One’s Q1 Shifts Attention From Spending to Strategy Lawmakers Question JetBlue About Surveillance Pricing Allegations Payments Modernization Is Insurance’s Next Big Margin Engine How Visa Is Rewiring Bank Infrastructure for the AI Era Instant Payments Grow but the Real Barrier Is Human The Old-School Card Product Banks May Need Most 43% of SMBs Would Pay to Make Purchases in Installments The Real AI Edge in Payments Comes From Better Judgment In the Age of Agentic AI, Data Control Is Power Verizon’s Dan Schulman Tells CEOs to Be Open About AI Job Cuts Walmart Eyes Stores as Warehouse Space for Same-Day Delivery France’s CB Payments Network Aims to Take on Visa/Mastercard in EU QVC Was TikTok Shop Before TikTok Shop Loop Raises $95 Million to Bridge Supply Chain Data Gap Cursor Eyes $50 Billion Valuation as AI Coding Demand Surges Commercial Lending Rescues Regional Banks From Consumer Slowdown Anthropic and White House Aim to Make Peace in Friday Meeting Home Depot Buys SIMPL Automation to Support Same-Day Delivery The Riskiest Words in B2B: This Is How We’ve Always Done It France Urges Euro Stablecoins to Break Dollar Dependency Importers Prep for Monday Opening of Tariff Refund Portal Permitting Hurdles and Labor Shortages Threaten AI Data Center Timelines Token Freezes Force CFOs to Rethink Stablecoin Risk X Money Tests Whether Social Commerce Can Hold Consumer Deposits Anthropic Briefs EU Regulators on Mythos Cybersecurity Concerns Welcome to Vibe Ordering, ChatGPT Is Taking Your Order Now Nvidia Says AI Can Finally Make Quantum Computing Work QVC Files Chapter 11 to Slash Debt and Pursue Growth Uber Eats Lets Customers Return Their Retail Purchases Financial Officials Sound Alarm About Anthropic’s Banking Risk 71% of Billion-Dollar Firms Face Agent Identity Threats What If Clearing Had Its Stripe Moment? OpenAI Targets Pharma Giants With Purpose-Built AI Model California Claims Amazon Punishes Sellers for Lower Prices on Other Sites CFTC Chairman Says AI Helps Agency Run More Like a Business Global Finance Chiefs Call for Mythos Information Sharing Big Bank Earnings Show Digital Activity Drives Deposits OCC Clears JPMorgan Chase After Trade Surveillance Program Upgrade Accounts Receivable Gets an AI Upgrade BNY’s AI Strategy Signals a New Era of Platform Banking Bank of England Probes AI Threats to UK Financial Stability Rising AI Adoption Is Driving Up Enterprise Costs Google Faces EU Order to Share Search Data With Rivals Delivery Robots Lead Grab’s AI Expansion Circle Chief Says China Could Issue Stablecoin in 3 to 5 Years Amex Acquires Hyper to Boost AI and Expense Management Offerings Anthropic Ready to Offer Mythos to British Banks Issuers Face a New Reality as Credit Goes Real Time How Payments Gaps Are Limiting Deposit Growth at Community Banks AI May Run Payments but Humans Still Own the Risk 90% of Millennials Feel Pressure at the Grocery Store The New Checkout Is Where the Best Offer Wins Insurance Sector’s Private Credit Ties Has Investors Concerned Oil Price Spike Erodes Small Business Confidence, NFIB Says Synctera Looks to Beef Up Compliance With Cable Acquisition Velera Launches Cloud Platform to Modernize Credit Union Tech Kraken Lands $200 Million Investment From Deutsche Börse Walmart CFO Says Marketplace Revenue Up 20% Over 2025 The US Operationalized Stablecoins This Week, But Who’s Using Them? AI Is the New Sales Associate in Physical Retail Fed Finds Stablecoins Idle, Confirms PYMNTS Usage Gap BMO Accelerates Quantum Push With New Tech Institute Bank of France Pushes EU to Rein in Non-Euro-Backed Stablecoins Perplexity Uses Plaid to Personalize Financial Insights Blackstone Accelerates Push to Lead AI Infrastructure Boom Feds Warn Major Banks of Anthropic Mythos Cyber Threat
Smart Firms Treat Vendor Risk Like Their Own
PYMNTS · 2026-04-29 · via PYMNTS.com

Artificial intelligence has opened up Pandora’s box for enterprise cybersecurity. And what it found was that the modern enterprise is no longer a closed system. It is a web of dependencies, stitched together by software vendors, cloud providers, and outsourced engineering partners.

Increasingly, this means the weakest link isn’t one that’s found inside the organization at all but instead resides across the long tail of third-party software that keeps operations running. That may be old news to some in the C-suite, but what’s new news is how fast latent vulnerabilities across a corporate supply chain can be surfaced, thanks in large part to emerging frontier AI models, like both Anthropic’s Mythos and OpenAI’s GPT 5.4 cyber model, and their user-agnostic capabilities for cyber exploitation.

In response to today’s dynamic and evolving threat landscape, Microsoft recently (April 14) patched over 167 existing security vulnerabilities in its Windows operating systems and related software with new updates.

Vulnerabilities that might once have lingered undetected for months are now surfaced in days, sometimes hours. In parallel, attackers are becoming more opportunistic, scanning not just primary targets but their extended ecosystems for entry points.

But in a world of interconnected systems, patch discipline is only as strong as the weakest vendor.

See also: What AI-Driven Attack Chains Mean for CFOs and CISOs 

Advertisement: Scroll to Continue

Race to Protect Soft Spots AI Unearths

Cybersecurity has always been described as a moving target. What distinguishes the current moment is how quickly yesterday’s best practices are becoming today’s minimum requirements. Patch discipline, vendor audits, and incident response planning are no longer differentiators; they are table stakes.

PYMNTS covered Monday (April 27) how hackers have reportedly begun impersonating Microsoft Teams help desk workers to dupe victims into installing data-stealing malware. These attacks are part of a larger trend PYMNTS covered last week, one that sees hackers “logging in” rather than breaking in.

The result is a paradox: even as internal defenses improve, overall risk can increase because the attack surface has expanded beyond direct control. A vendor’s delayed patch cycle or misconfigured system can become the enterprise’s problem overnight.

For CFOs, this introduces a category of risk that is both material and difficult to quantify. Unlike traditional operational risks, third-party vulnerabilities are often opaque, buried in contractual relationships that may have been primarily negotiated for cost efficiency or speed rather than cyber resilience.

The PYMNTS Intelligence report “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms” found that hackers are increasingly going after middle market firms, which depend on third-party cloud providers, software-as-a-service platforms, managed service and logistics providers, which can leave them vulnerable to attack.

As a result, the predictable rhythms of enterprise IT maintenance are increasingly misaligned with the pace of modern threats. Vulnerabilities disclosed today can be weaponized tomorrow. If a vendor takes weeks to deploy a fix, that lag becomes a window of exposure not just for them, but for every client connected to their systems.

See also: FBI Warns: Internal Risk May Outpace Cyber Threats 

New Cybersecurity Table Stakes

Third-party risk is no longer a niche compliance concern. It is becoming the frontline of defense.

As cybersecurity becomes more intertwined with enterprise value, the CFO’s role is expanding. This does not mean becoming a technical expert. It does mean asking sharper questions. How quickly do our critical vendors patch known vulnerabilities? What visibility do we have into their security practices? How are we prioritizing investments in vendor risk management relative to other initiatives?

Data, in this environment, is becoming critical to powering real-time visibility. CFOs can embrace strategies such as automated scanning, continuous monitoring, and predictive analytics to provide a more dynamic view of a partner’s security posture.

“The lagging organizations treat the data as a storage problem while the leading organizations actually treat it as a decisioning system,” Max Spivakovsky, senior director of global payments risk management at Galileo, told PYMNTS in an interview posted this month for the “What’s Next in Payments” series.

See also: Cybersecurity’s Hottest New Job Is Negotiating With Hackers

But perhaps the most profound shift is a conceptual one. Third-party risk management is moving from a periodic, compliance-driven exercise to a continuous process. Annual audits and questionnaires are no longer sufficient in a landscape where vulnerabilities can emerge and evolve rapidly.

After all, AI isn’t the only vulnerability high-value enterprise firms and institutions are facing. In other cybersecurity news, PYMNTS wrote earlier about the way Quantum Day — the moment when commercially available quantum computers can crack widely used cryptographic systems — has ceased being a distant hypothetical.

“As a result of the shrinking strategic horizon, what was once a theoretical, deep-tech risk is instead now being operationalized into present-day procurement decisions, product roadmaps and compliance mandates,” that report said.