IT News Roundup: AI Infrastructure Boom, Critical Zero-Days, and Open Source Risks - June 13, 2026

The technology landscape this week was dominated by a collision of massive AI infrastructure investment, urgent cybersecurity warnings, and growing concerns over open source software governance. From emergency government directives to patch critical VPN vulnerabilities to record-breaking spending forecasts, IT professionals have plenty to monitor.

CISA Issues Emergency Directive for Check Point VPN Zero-Day Actively Exploited by Ransomware Groups

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive requiring federal agencies to immediately patch a critical zero-day vulnerability in Check Point VPN solutions, tracked as CVE-2026-50751. The vulnerability is being actively exploited by ransomware groups to gain unauthorized network access.

Organizations running Check Point VPN infrastructure are urged to apply the latest security patches without delay. The emergency directive underscores the severity of the threat, as ransomware operators have been known to leverage such zero-days for rapid lateral movement within targeted networks. Non-federal organizations should treat this with equal urgency and verify their Check Point deployments are fully patched.

Source: eSecurity Planet

OpenAI Acquires Ona to Strengthen Its AI Coding Assistant, Codex

OpenAI has moved to acquire Ona, a company known for its work in AI-powered developer tools, in a strategic deal aimed at bolstering its own AI coding assistant product, Codex. The acquisition signals OpenAI's continued push to capture market share in the rapidly growing AI-assisted development space.

The developer tooling market has become one of the most competitive arenas in the AI industry, with major players racing to build the most capable coding assistants. By bringing Ona's expertise and technology in-house, OpenAI is positioning Codex to compete more aggressively against rivals in the AI coding tool landscape.

Source: CNBC

Oracle Zero-Day Exploited by UNC6240 Threat Actor Before Patch Availability

Google's Mandiant threat intelligence team has attributed a breach of Oracle systems to a threat actor tracked as UNC6240, with activity spanning from May 27 to June 9, 2026. Oracle did not publish its security advisory until June 10, meaning the vulnerability was exploited as a zero-day for the entire period — with attackers having roughly two weeks of unpatched access.

The timeline raises concerns about the window of exposure for Oracle products and services. Organizations running Oracle infrastructure should verify they have applied all recent security patches and review access logs for any signs of compromise during the exploitation window. The UNC6240 group continues to be monitored by Mandiant for its ongoing activities.

Source: The Hacker News

WinRAR Vulnerability Exploited by Gamaredon Despite Patch Available Since January

Security researchers have identified that the Gamaredon threat group has been actively exploiting a WinRAR vulnerability that has had an available patch since January 2026. The finding highlights a persistent gap between patch availability and actual deployment across enterprise environments.

WinRAR remains widely used across Windows environments for file compression and archival. The continued exploitation of a patchable vulnerability months after a fix was released underscores the importance of maintaining current patch management processes. IT administrators should verify that all systems running WinRAR are updated to the latest version and consider implementing automated patching solutions.

Source: DIESEC

AI Demand Drives Forecast of 50 Billion in Global AI Infrastructure Spending for 2026

Major technology firms are expected to invest approximately 50 billion in AI infrastructure throughout 2026, driven by surging demand for compute capacity to train and run large language models. The spending represents a dramatic acceleration in capital expenditure on data centers, GPU clusters, and supporting cloud infrastructure.

The scale of investment is reshaping the cloud computing landscape, with hyperscalers expanding their footprint at an unprecedented pace. For homelab enthusiasts and smaller IT shops, the ripple effects are already visible: GPU pricing remains elevated, cloud instance availability fluctuates, and power consumption concerns are prompting new regulatory scrutiny in several regions. The infrastructure buildout is expected to continue well into 2027.

Source: Cloud Computing News

Google Cloud Next 2026 Highlights: Gemini Enterprise Agent Platform and New TPU Hardware

Google announced several major updates at its Cloud Next 2026 conference, headlined by the launch of the Gemini Enterprise Agent Platform and the introduction of its newest Tensor Processing Unit (TPU) generation. The Gemini Enterprise Agent Platform is designed to enable organizations to deploy AI agents that can orchestrate complex, multi-step workflows across enterprise systems.

The new TPU hardware represents Google's continued investment in custom AI accelerator silicon, offering improved performance for large model training and inference workloads. These announcements position Google Cloud to compete more directly with AWS and Azure in the AI infrastructure market, giving enterprises additional options for deploying AI workloads at scale.

Source: Google Blog

Open Source License Conflicts Hit Record High, Affecting 68% of Audited Codebases

The 2026 Open Source Software Risk Analysis (OSSRA) report from Black Duck reveals the largest year-over-year increase in open source licensing conflicts in the report's history. Two-thirds (68%) of audited codebases now contain open source license conflicts, up from 56% the previous year.

The rising conflict rate reflects the growing complexity of open source dependency trees and the increasing use of AI-generated code that may inadvertently introduce incompatible license combinations. Organizations relying on open source components should implement stronger license compliance scanning in their development pipelines and ensure legal review processes keep pace with the volume of dependencies being introduced.

Source: Black Duck