CIQ

Three page-cache privilege escalation vulnerabilities in three weeks. Copy Fail, Dirty Frag, Fragnesia. The pattern is clear. CIQ's response to Fragnesia was different. Instead of patching what researchers found and moving on, Sultan Alsawaf audited the kernel's networking stack for additional vulnerable code paths and found one. He built a proof-of-concept, confirmed it worked, and posted both the exploit and the fix to the Linux kernel mailing list the same day. The upstream maintainer folded it into the V3 patch within hours. Nathan Blackham covers the full story: what Fragnesia is, how CIQ found a path the original researchers missed, and what proactive kernel security actually looks like in practice. Read it here: bit.ly/3R2jkQB #LinuxSecurity #EnterpriseLinux #RockyLinux #CVE #CIQ #LinuxKernel

@vodopivecm03 Interesting, thank you for sharing.

@CtrlIQ First in the world Sovereign Control for truly private AI — full on-device / private VPS inference with zero cloud data leakage. Check it out: avenstudios.com

"Sovereign AI" gets used to mean everything from "we don't train on your data" to "you own the weights, the runtime, the data path, and the right to refuse an update." Those are not the same thing. In this post, Brian Dawson breaks down the four things you actually have to control before a deployment earns the sovereign AI label, and why building on a commercial API is like building on a landfill. Worth reading before your next infrastructure conversation. Read the full post: bit.ly/4nqvAq1 #AIInfrastructure #SovereignAI #EnterpriseLinux #RLCPro #GPU

Every GovTech startup hits the same wall: the product works, but the ATO takes 18 months. Most startups bolt security on after the fact, then spend months remediating findings a hardened OS would have prevented from day one. RLC Pro Hardened ships with: - FIPS 140-3 validated crypto including post-quantum - 95-99% DISA STIG compliance out of the box - LKRG kernel runtime guard for real-time exploit detection - SBOM and cryptographic signing for supply chain security Ascender Pro automates STIG remediation, CVE management, and drift detection. The ATO package goes from a nightmare to a checklist. CIQ Startup Program: up to 2 years free or discounted on compliance-ready infrastructure for GovTech startups. With engineering support. Stop spending the seed round on compliance. Start on a compliant foundation. Join today: ciq.com/startups #GovTech #FedTech #FIPS #Compliance #PostQuantum #Startups

Portable HPC orchestration across on-prem, cloud, and hybrid environments is harder than it sounds. Jonathon Anderson is presenting exactly how Fuzzball solves it at RMACC 2026 tomorrow. Catch his session Wednesday, May 13 from 11:15 to 11:45 am at Boise State University: "Fuzzball: New Features and What's Next for Portable Hybrid HPC Orchestration" colorado.edu/partnerships/r… #RMACC #HPC #Fuzzball #CIQ

Energy companies have run HPC longer than almost anyone. The infrastructure running it hasn't modernized at the same pace: 10K+ CPU cores, petabytes of data, Slurm scripts held together with duct tape, and Enterprise Linux licensing that makes CFOs twitch. CIQ was built for this: - Fuzzball: integrates with existing Slurm/PBS, not a rip-and-replace. Cloud bursting for peak jobs. Web UI for researchers. - Warewulf Pro: bare-metal provisioning from container images. Hundreds of nodes in minutes. - RLC Pro: Enterprise Linux built for HPC-scale reliability, without the licensing headaches. CIQ Startup Program: up to 2 years free or discounted on the same infrastructure stack used at national energy labs. Learn more: ciq.com/startups #EnergyTech #ClimateTech #HPC #CleanEnergy #Startups

Your HPC workflow shouldn't care what cloud it runs on. With Fuzzball now running natively on Oracle Cloud, it doesn't. Chris Wolford breaks down how a single command stands up a production-grade OKE cluster on OCI, and what true multi-cloud portability looks like when you can span AWS, GCP, OCI, and bare metal in a single federated deployment: bit.ly/4nwx8Ph #HPC #AI #MultiCloud #OracleCloud #Fuzzball

Rocky Linux swag, migration help, and good conversation. Find us at Booth 15. The CIQ team is heading to Open Source Summit North America in Minneapolis, May 18-20. R. Leigh Hennig, Stephen Simpson, Howard Van Der Wal, and Eric Hendricks will be on the floor ready to talk Rocky Linux, open source infrastructure, and how to get off whatever you're still running that you shouldn't be. Come find us at Booth 15 at the Minneapolis Convention Center. May 18-20 | Minneapolis Convention Center | Booth 15 bit.ly/oss-na-2026 #OpenSourceSummit #OSSummit #RockyLinux #Linux #OpenSource #CIQ

AWX hasn't shipped a release since July 2024. That's not a roadmap delay; that's a security problem for anyone running production automation on it. Ascender is the path forward. It's an active AWX fork: deployable, maintained, and open to contribution. If you're an AWX user who didn't know another option existed, now you do. Test it. Open issues. Share your migration experience. The community that built AWX can carry it forward. bit.ly/4wmAmZx #Ansible #AWX #Ascender #DevOps #InfrastructureAutomation #OpenSource

Your cloud provider's OS responsibility ends at image delivery. Everything above that belongs to your team. Server hacking accounted for 45% to 56% of all reported security incidents from 2022 to 2025, per KISA tracking. By 2024, that category had more than doubled in a single year. Most of those servers ran Linux. Default configurations are optimized for compatibility. The gap between compatibility and security is where incidents happen. Hope's blog covers what attackers are exploiting, which kernel-level controls default installations leave out, and why continuous hardening maintenance is a job most teams cannot absorb. bit.ly/48RNBYd #LinuxSecurity #EnterpriseLinux #SharedResponsibility #RockyLinux #KernelSecurity

"We see Dirty Frag and the Copy Fail incident as a preview of what's coming. With the advent of AI tools that can scan and analyze codebases as large as the Linux kernel, we expect to see more exploits like these come in waves." Nathan Blackham, Senior Director of Software Engineering lnkd.in/e7dRmPEw

Rocky Linux runs on millions of actively deployed instances worldwide. This post covers what Rocky Linux actually is, who is running it at scale, and why organizations like Google, AWS, and Rakuten made it a platform bet. If you are evaluating Enterprise Linux options or making the case internally, this is the primer worth bookmarking. Read it here: bit.ly/4dBlzC3 #RockyLinux #EnterpriseLinux #CIQ #Linux #OpenSource #Infrastructure

🚨 Copy Fail patches are available now for every supported Rocky Linux variant from CIQ! CVE-2026-31431 gave an unprivileged local user a path to root with four controlled bytes, no race condition required, and a public exploit in circulation within days of disclosure. CIQ's kernel team began work the same day it was disclosed and shipped patched kernels across LTS, FIPS, and current variants within the week. This post covers how the vulnerability works, how CIQ responded day by day, and exactly what to do if you are running RLC Pro today. Read the full breakdown: bit.ly/4u0HhGw #EnterpriseLinux #RockyLinux #RLCPro #CIQ #LinuxSecurity #CVE #FIPS

Four federal encryption deadlines. Seven months. One place to start. On September 21, FIPS 140-2 certificates move to Historical status. CMMC Level 2 assessments follow seven weeks later. Post-quantum requirements for National Security Systems land in January 2027. If you're a DoD contractor, federal supplier, or compliance lead, the clock is already running. Join CIQ on May 28 for a practical session on how to assess your risk, understand FIPS mode vs. FIPS 140-3 validated cryptography, and map these deadlines to your compliance needs before contract eligibility is on the line. May 28 | 2:00 PM ET / 11:00 AM PT Register: bit.ly/fips-webinar #FIPS #CMMC #FedRAMP #Compliance #CyberSecurity #RockyLinux #CIQ

Rocky Linux from CIQ Pro is binary-compatible with Enterprise Linux. EDA certification carries over: same binaries, same libraries, same ABIs. No re-certification. No re-tooling. The compute farm stack: - Warewulf Pro: provision thousands of bare-metal nodes from container images. Stateless booting. No snowflake nodes wasting EDA licenses. - Fuzzball: orchestration on top of existing Slurm schedulers. Cloud burst for tape-out crunches. - RLC Pro Hardened: your most sensitive IP, protected at the OS level. CIQ Startup Program: up to 2 years free or discounted for hardware startups. Built by the team that created Rocky Linux, Warewulf, and Apptainer. Learn more: ciq.com/startups #Semiconductor #ChipDesign #EDA #HPC #Startups

The infrastructure gap in production AI is not a new problem. HPC solved it decades ago. CIQ founder Gregory Kurtzer traces the architectural connection between AI and supercomputing, explains why inference at scale is an HPC problem whether organizations name it that way or not, and lays out what a portable, operationally sound foundation looks like for teams making AI infrastructure decisions in 2026. Read Gregory's latest: bit.ly/4toM839 #AI #HPC #EnterpriseLinux #RockyLinux #Fuzzball #Infrastructure

Perception models, planning algorithms, and proprietary driving data take years to build. The OS running them needs to keep up. Performance: RLC Pro AI delivers 9% faster inference at the kernel level. More frames per second. Faster reaction times. When latency means safety, performance isn't optional. Compliance: for teams operating in regulated environments or with government contracts, RLC Pro Hardened. LKRG runtime integrity, FIPS 140-3, supply chain security. 95-99% STIG compliant out of the box. Fuzzball: orchestrate AI workloads across on-prem and cloud, burst for peak GPU demand. Reproducible workflows for safety validation. NVIDIA CUDA native on both images. CIQ Startup Program: up to 2 years free or discounted for early-stage autonomy companies. Join today: ciq.com/startups #AutonomousVehicles #Robotics #EdgeAI #SelfDriving #Startups

@lyrie_ai Good point!

@CtrlIQ Automation can be a double-edged sword; as attackers scale their tactics, are we doing enough to stay a step ahead of their scripts? 🕵️‍♂️

CVE-2026-31431 (Copy Fail) is a Linux kernel privilege escalation vulnerability with a public exploit now in the wild. It affects Rocky Linux 8, 9, and 10. Here is how CIQ is responding. kb.ciq.com/article/rocky-…

Intellyx, @theebizwizard analyst Jason Bloomberg covered RLC Pro Hardened this week, noting that post-quantum cryptography built into the kernel is "set to become a must-have across the entire enterprise landscape", not just a federal requirement. The piece is a useful outside perspective on where Enterprise Linux is heading: Government agencies and regulated industries are the early movers on PQC, but Bloomberg's read is that sovereign infrastructure and AI workloads will pull the broader enterprise market in the same direction. Worth a read if you are tracking how Linux security requirements are evolving beyond compliance checkboxes. bit.ly/4cLNZtK #EnterpriseLinux #PostQuantum #RockyLinux #FIPS #Intellyx

@lyrie_ai The mention of automation. Its easy to forget at times there nefarious actors automate their tasks just like a SysAdmin may automate patching.

@CtrlIQ Thanks! What specific aspect resonated with you most?