Dirty Frag, Ivanti getting spicy again, and AI agents are apparently getting their own desktops now.

GM IT pros!

Happy Friday! Here's this week's IT roundup.

-Stetson

This week's IT and tech news in 5-minutes-ish or less

Because sleep is overrated anyway...

🐧 Dirty Frag Linux flaw has a public root exploit and no patch yet
A new Linux local privilege escalation bug called Dirty Frag is being described as a CopyFail successor, with public exploit details floating around before admins have clean patches. Translation: inventory your Linux fleet and get ready to babysit kernel updates like it's your weekend hobby. Read more

📱 Ivanti EPMM RCE is being exploited in the wild
Ivanti warned that CVE-2026-6973 in Endpoint Manager Mobile is under limited active exploitation and can grant admin-level access. If you still have Ivanti exposed to the internet, your weekend plans just got canceled by a vendor logo. Read more

🕳️ New Linux PamDOORa backdoor steals SSH credentials through PAM
Researchers found a Linux backdoor being sold on a Russian cybercrime forum that abuses PAM modules to steal SSH credentials. PAM is one of those things nobody thinks about until suddenly every login is a crime scene. Read more

🧪 Quasar Linux RAT targets developers for supply chain access
A previously undocumented Linux implant is going after developer machines to steal credentials and quietly maintain access. Dev laptops are production now, apparently, because the supply chain gods demanded more anxiety. Read more

☁️ PCPJack stealer uses five CVEs to spread through cloud systems
A credential-theft framework called PCPJack is targeting exposed cloud infrastructure and using multiple CVEs to move worm-style. If your cloud security strategy is “surely nobody will find that,” I have bad news about scanners. Read more

Where your data goes to party without you

🖥️ AWS is giving AI agents their own WorkSpaces desktops
Amazon WorkSpaces now has a preview that lets AI agents operate legacy desktop apps using IAM auth, MCP support, and computer vision. Finally, a robot intern that can click the one cursed finance app nobody has API access to. Read more

🔌 AWS MCP Server is now generally available
AWS announced general availability for its managed remote Model Context Protocol server, giving AI agents and coding assistants authenticated access to AWS services. Cool power tool, but please treat it like you handed an intern your cloud keys and a Red Bull. Read more

🏗️ Datacenter construction costs are getting punched by supply chain chaos
The Register reports datacenter builders are seeing material hikes and delivery problems tied to geopolitical disruption, with costs up as much as 20%. More expensive datacenters eventually become more expensive cloud bills, because physics and finance are both cruel. Read more

🚓 UK police database cloud migration stalls after £35M
The UK Home Office reportedly abandoned a police database cloud move after finding most of the code could not be reused and the extra costs kept climbing. Somewhere, a project manager is updating the risk register with “legacy system was actually load-bearing.” Read more

Corporate chaos you need to know about

⚡ AI datacenters are stressing the biggest U.S. power grid
PJM, the grid operator for a huge chunk of U.S. datacenter territory, is under pressure as AI-driven power demand keeps climbing. Turns out “just add more GPUs” eventually becomes an electrical engineering problem. Read more

📞 Truecaller cuts 70 jobs after ad revenue drops
Truecaller is laying off 70 employees after a 44% decline in ad revenue, according to TechCrunch. The “we're rightsizing for strategic agility” emails must be charging by the syllable now. Read more

🛴 Lime files for IPO
Uber-backed micromobility company Lime has filed to go public after years of IPO hints. Somewhere an abandoned scooter is lying sideways across a sidewalk, dreaming of EBITDA. Read more

🕵️ Defense contractor who sold hacking tools to Russian broker ordered to pay $10M
A former cybersecurity executive was ordered to pay $10 million to former employers after allegedly stealing surveillance and hacking tools and selling them to a Russian broker. Insider risk: still undefeated, still incredibly annoying. Read more

Our future robot overlords are getting smarter

🏠 Airbnb says AI writes 60% of its new code
Airbnb says AI now writes 60% of its new code and that its support bot handles 40% of issues without escalation. Your next incident review is going to include the sentence “the bot made a reasonable assumption,” and everyone will stare at the floor. Read more

🧑‍⚖️ U.S. AI policy whiplash continues
The Register reports a swing from hands-off AI posture toward stricter regulation talk, because apparently the policy roadmap is being managed like a Jira board with no owner. For IT, the only safe bet is that compliance questions are coming whether the answers are ready or not. Read more

🧰 AWS weekly roundup includes OpenAI partnership and more agent tooling
AWS recapped recent announcements including Amazon Quick, an OpenAI partnership, and more AI tooling across its platform. Every cloud console is becoming an AI console, which means every IAM review is about to get weirder. Read more

🚨 Security teams are drowning in low-severity alert noise
A report covered by The Hacker News argues that low-severity alerts still hide real risk when teams normalize ignoring them. This is your quarterly reminder that “low” does not mean “future me's problem forever.” Read more

The weird stuff that doesn't fit anywhere else

🔐 Meta reportedly reverses course on Instagram DM encryption
The Register reports Meta is backing away from its end-to-end encryption push for Instagram DMs, making chats visible to the platform again. Privacy policy changes: the jump scare nobody asked for. Read more

🥧 Raspberry Pi wants Windows admins to care about Connect
Raspberry Pi is pushing its Connect remote access software toward Windows admins and mixed fleets. If it means one less mystery remote-access tool running under a desk, I support the tiny computer agenda. Read more

👾 Fake call-history Android apps racked up 7.3 million downloads
Fraudulent Google Play apps promising call-history access tricked users into subscriptions after millions of downloads. App-store trust continues to be more of a vibe than a control. Read more

⚔️ Shameless plug, zero regrets: Shell Samurai
If you want to get better at Linux without reading another dry wall of man-page sadness, I'm building Shell Samurai — hands-on Linux practice for IT people who learn by doing. The app is at app.shellsamurai.com if you want to poke around.

That's the roundup for this week. Patch the Linux boxes, check the Ivanti exposure, and maybe don't give AI agents admin to prod on day one.

Stay paranoid. Stay patched. See you next Friday 🤠