IT News Roundup: OpenSSL Critical Flaws, OpenAI IPO, and Microsoft Patch Tuesday - June 10 2026

The past week has been dominated by major security patching activity across multiple platforms, with OpenSSL, Microsoft, and SAP all releasing significant vulnerability fixes. Meanwhile, the AI sector is making waves as OpenAI joins the growing list of AI companies pursuing public market listings, and cloud infrastructure investment is projected to reach 50 billion in 2026.

OpenSSL Patches 18 Vulnerabilities Including High-Severity RCE Flaw

OpenSSL has released updates addressing 18 vulnerabilities, including a high-severity heap use-after-free bug tracked as CVE-2026-45447. This vulnerability exists in a function used for PKCS#7 (Public-Key Cryptography Standard #7) verification and could allow remote code execution in affected systems. The flaw was reportedly discovered with the aid of AI-assisted analysis tools.

High-severity vulnerabilities in OpenSSL are relatively rare, with only a single critical flaw patched last year. CVE-2026-45447 marks the second high-severity issue of 2026, underscoring the ongoing challenges in securing foundational open-source cryptographic libraries. Systems administrators are urged to update OpenSSL to the latest version as soon as possible, particularly on systems exposed to untrusted PKCS#7 data.

Source: SecurityWeek

OpenAI Confidentially Files for IPO

OpenAI has filed confidential SEC paperwork for an initial public offering, joining a wave of AI companies preparing for Wall Street debuts. The filing comes just days after SpaceX announced its own public listing plans and roughly a week after Anthropic submitted its confidential disclosure to the SEC.

The company hopes to raise billions in what is being described as one of the most anticipated public offerings in recent tech history. The filing could unlock a new generation of tech industry wealth and mark a significant shift in how AI research and development is funded. Industry analysts are watching closely to see how public market pressures might shape the company's approach to AI safety and development priorities.

Source: New York Times

Microsoft Patch Tuesday Addresses 198 Vulnerabilities Including Three Zero-Days

Microsoft released its June 2026 Patch Tuesday security updates on June 9, addressing a substantial 198 vulnerabilities across its product ecosystem. The release is notable not only for its volume but for the inclusion of three zero-day vulnerabilities that were actively exploited or publicly known before fixes were made available.

Among the patches are fixes for critical vulnerabilities in Windows components, including issues that could allow remote code execution. Administrators are advised to prioritize deployment of these updates, particularly for systems exposed to the internet or handling sensitive data. The high number of vulnerabilities underscores the breadth of the attack surface that Microsoft products present in enterprise environments.

Source: CyberSecurityNews

SAP Security Patch Day Delivers Four Critical Fixes

SAP's June 2026 Security Patch Day released 15 security notes addressing vulnerabilities across core SAP products, with four rated at critical severity. The critical flaws include vulnerabilities in SAP NetWeaver AS ABAP and the ABAP Platform, with CVSS scores reaching 9.9.

The patch round also addressed a SAML authentication vulnerability involving XML Signature Wrapping that could compromise the confidentiality, integrity, and availability of SAP applications. Additionally, a Spring Security vulnerability (CVE-2026-22732) was patched, affecting SAP Commerce Cloud and SAP Data Hub. SAP noted that no workarounds are available for the critical issues, making immediate patching essential for enterprise environments.

Source: CyberSecurityNews

AI Demand Drives 50 Billion Cloud Infrastructure Investment

Major technology companies are expected to invest approximately 50 billion in AI infrastructure during 2026, driven by the explosive growth of AI workloads and the need for specialized compute resources. This massive capital expenditure reflects the industry's bet that AI will fundamentally transform computing infrastructure.

The investment is flowing into data centers, custom AI chips, networking equipment, and power infrastructure. Cloud providers are expanding capacity to meet demand, while enterprises are increasingly adopting hybrid approaches that combine cloud AI services with on-premises compute. The scale of investment has also raised questions about energy consumption and the sustainability of rapid data center expansion.

Source: Cloud Computing News

Cloud Security Alliance Study Reveals Patching Failures

A recent study by the Cloud Security Alliance found that 80% of organizations suffered security incidents stemming from known vulnerabilities, with only 9% patching critical flaws within 24 hours of a fix becoming available. The findings highlight a persistent gap between vulnerability disclosure and remediation in enterprise environments.

The study suggests that patching delays are driven by a combination of factors including change management processes, testing requirements, and the sheer volume of security advisories. Organizations are encouraged to implement automated patching workflows and prioritize critical vulnerabilities to reduce their exposure window.

Source: eSecurityPlanet

Open Source Security Landscape in 2026

The 2026 Open Source Security Risk Analysis (OSSRA) report from Black Duck identifies the largest year-over-year increase in licensing conflicts in the report's history. Two-thirds (68%) of audited codebases contained open source license conflicts, up from 56% the previous year. The report also notes that open source vulnerabilities have doubled as AI adoption accelerates.

Analysis shows that most security risk in open source sits in longtail projects outside the most popular packages, with 98% of CVEs found in these less-maintained components. However, critical flaws in major projects are typically fixed within 20 hours of discovery. The trend underscores the importance of comprehensive dependency scanning and license compliance management for organizations relying on open source software.

Source: Black Duck