IT SPARC Cast

In this episode of IT SPARC Cast - News Bytes, John & Lou break down a series of stories showing both the promise and chaos of AI-driven development. From Microsoft Edge storing passwords in plaintext memory to AI coding agents deleting production databases, the episode highlights how security and operational discipline still matter more than hype.They also tackle growing claims that AI will eliminate software developers, explaining why the reality is far more nuanced. AI is dramatically increasing productivity, but experienced engineers, architects, and security-minded professionals are becoming even more important—not less. If you work in enterprise IT, cloud, development, or cybersecurity, this episode is packed with practical insights on where the industry is actually headed.⸻📌 Show Notes00:00 – IntroThis week’s episode covers security risks, AI coding failures, and the future of software development in an increasingly AI-assisted world.⸻📰 News Bytes00:46 – Microsoft Edge Stores Passwords in PlaintextA security researcher discovered Microsoft Edge stores all saved passwords in plaintext within system memory during active sessions. While Microsoft says this behavior is “by design” for usability and performance, it dramatically increases exposure if a system becomes compromised.The discussion dives into chained attacks, memory scraping, cache vulnerabilities, and even advanced RF-based attacks like Van Eck Phreaking.Key takeaways:Cached credentials dramatically expand attack surfacesMemory security still matters in modern systemsConvenience-driven design decisions can create major riskhttps://cybernews.com/security/microsoft-edge-loads-cleartext-passwords-to-memory/⸻08:43 – Cursor Deleted a Company’s Entire Production DatabaseAn AI coding agent powered by Claude accidentally deleted a company’s production database and backups in seconds after using improperly scoped permissions. The incident highlights the dangers of giving AI systems excessive access without proper safeguards.John & Lou argue the real failure wasn’t the AI—it was poor architecture, weak separation between staging and production, and inadequate backup strategy.Key takeaways:Follow the 3-2-1 backup ruleAI agents should be treated like junior employeesHuman oversight and scoped permissions remain criticalhttps://www.livescience.com/technology/artificial-intelligence/i-violated-every-principle-i-was-given-ai-agent-deletes-companys-entire-database-in-9-seconds-then-confesses⸻13:40 – Claims That AI Will Eliminate Developers Are OverblownDespite widespread fear around AI replacing programmers, researchers and industry experts are increasingly finding that AI works best as a productivity multiplier rather than a replacement.The role of developers is shifting away from repetitive coding toward architecture, oversight, integration, and system design. The bigger challenge may actually be education—how new developers gain experience when AI handles much of the grunt work.Key considerations:AI boosts skilled developers rather than replacing themArchitecture and domain expertise are becoming more valuableUniversities must adapt curricula for AI-assisted developmenthttps://www.zdnet.com/article/rumors-of-the-software-developers-ai-induced-demise-are-greatly-exaggerated/⸻🔚 22:07 – Wrap UpThe episode closes with a broader discussion on balancing AI acceleration with real-world operational discipline. As AI tools become more powerful, the organizations that succeed will be the ones that pair automation with strong security, architecture, and human oversight.⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast - News Bytes, John & Lou break down major shifts happening across AI, cloud, and enterprise IT. From massive infrastructure deals to emerging AI development strategies, the conversation focuses on what’s really driving the industry—not just the headlines.They explore Amazon’s deepening relationship with Anthropic, SpaceX’s move into AI-powered coding tools, Apple’s leadership transition, and Google’s latest push to compete in AI hardware. If you’re in enterprise IT, cloud, or AI, this episode delivers practical insight into where the market is heading and what it means for you.⸻📌 Show Notes00:00 – Intro⸻📰 News Bytes00:44 – Amazon to Invest up to $25B in AnthropicAmazon is making a headline-grabbing investment in Anthropic—up to $25B—but the real story is the $100B cloud commitment tied to it. This isn’t just funding; it’s a strategic alignment around compute.The deal effectively locks Anthropic into AWS infrastructure while giving Amazon a massive AI revenue pipeline. Rather than a traditional investment, this looks more like a large-scale pricing and positioning play designed to boost both companies’ valuations and market presence.This signals deeper consolidation in the AI ecosystem.https://www.usnews.com/news/top-news/articles/2026-04-20/anthropic-to-spend-over-100-billion-on-amazons-cloud-technology⸻06:23 – SpaceX Buying Cursor?SpaceX is exploring a partnership—or potential acquisition—of AI coding platform Cursor, signaling a deeper push into AI-driven development. The goal appears to be enabling faster software creation for real-world systems like rockets, robotics, and autonomous vehicles.Unlike other AI players focused on chatbots, SpaceX is targeting physical-world applications, where coding tools directly impact hardware behavior. Access to massive compute resources could accelerate development dramatically.The big question: what’s the true “secret sauce” that justifies these valuations?https://www.reuters.com/technology/spacex-says-it-has-option-acquire-startup-cursor-60-billion-2026-04-21/⸻11:11 – Tim Cook to Step Down as Apple CEOAfter 15 years as CEO, Tim Cook is stepping down, transitioning leadership to John Ternus. Cook’s tenure focused on operational excellence and massive growth, taking Apple to unprecedented scale.Now the focus shifts toward innovation—especially in how hardware integrates with AI. Apple’s strategy has always centered on delivering technology through intuitive, high-quality devices, and this leadership change may signal a renewed push in that direction.This marks a transition from optimization to reinvention.https://www.marketwatch.com/story/tim-cook-to-step-down-after-15-years-at-the-helm-of-apple-68d0e126⸻18:15 – Google Unveils New AI ChipsGoogle is doubling down on AI infrastructure with new chips designed specifically for training and inference. By separating these workloads, Google aims to improve efficiency and reduce power consumption at scale.This reflects a broader industry shift: AI is no longer just about performance—it’s about energy efficiency and cost per workload. As AI demand grows, power constraints are becoming a defining factor.The race for efficient AI compute is accelerating fast.https://www.cnbc.com/2026/04/22/google-launches-training-and-inference-tpus-in-latest-shot-at-nvidia.html⸻📬 22:55 – Mail Bag🔚 26:29 – Wrap Up⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

NIST is changing how it handles CVEs after a massive surge in vulnerability submissions—and it could reshape how enterprise IT teams manage risk. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down what this shift means, the risks of incomplete vulnerability data, and how AI-driven attacks are forcing a new security reality.⸻📄 Show Notes🚨 CVE of the Week (Special Edition): NIST Scaling Back CVE EnrichmentThis week, instead of a single CVE, we’re covering a major shift in how vulnerabilities are tracked and analyzed.The National Institute of Standards and Technology (NIST) is scaling back its enrichment of CVEs due to a massive surge in vulnerability submissions—up 263% since 2020.⸻🔍 What’s ChangingNIST will no longer fully analyze every CVE submitted to the National Vulnerability Database (NVD).Instead, they will prioritize:Known exploited vulnerabilitiesCritical/high-impact vulnerabilitiesSoftware used by government systemsLower-priority CVEs will still be listed—but:❌ No CVSS score❌ Limited or no analysis❌ Minimal context on impact or exploitability⸻⚠️ Why This MattersCVE “enrichment” is what makes vulnerability data actionable. Without it, security teams lose:Severity scoring (CVSS)Attack vectors and exploit detailsAffected systems and productsContext for prioritization👉 In short: more noise, less signal⸻🔗 The Hidden Risk: Chained ExploitsThis shift introduces a major blind spot:Lower-severity vulnerabilities (CVSS 6–7) may not be enrichedAttackers can chain multiple low-severity flawsResult: full compromise equivalent to a critical vulnerability👉 Two “7s” can still equal a “10” in real-world attacks⸻🤖 AI Is Driving the ExplosionThe root cause is scale—and AI is accelerating it:Automated tools can discover vulnerabilities at massive scaleAttackers don’t need advanced intelligence—just volumeThousands of bots probing systems = exponential growth in CVEsThis is pushing NIST—and the entire vulnerability ecosystem—to its limits.⸻🧠 What This Means for Enterprise ITYou can no longer rely solely on NIST/NVD as your source of truth.New reality:CVE databases will be incompletePrioritization gaps will increaseAttackers will target overlooked vulnerabilities⸻🛠️ Recommended StrategyImmediate Adjustments:Monitor third-party threat intelligence sourcesInvest in security subscriptions (threat intel platforms)Track research from vendors (e.g., Unit 42, etc.)Operational Changes:Move beyond “patch Tuesday” mentalityImplement continuous vulnerability assessmentUse AI/automation for:Threat detectionPrioritizationPatch validation⸻⚖️ Auto-Patching: Risk vs RewardListener feedback raised a key point:Auto-updates can introduce supply chain riskBut delaying patches increases exposure to exploits👉 The answer is not binary:Enable auto-updates where safeMaintain robust backup and rollback strategiesAssess risk per system—not globally⸻🔄 Key TakeawayWe are entering a transitional phase in cybersecurity:Vulnerability volume is explodingTraditional scoring systems are breaking downAI will eventually help defend—but not yet👉 Until then: speed, visibility, and adaptability are your best defenses⸻💬 Listener FeedbackThanks to listener Miruxa for highlighting the risks of auto-updating in light of recent supply chain attacks.Key takeaway:You’re exposed if you update too fastYou’re exposed if you update too slowSecurity now requires constant assessment, not fixed policies⸻📣 Wrap UpWhat do you think—Is NIST making the right call, or does this create more risk than it solves?📧 Email: [email protected]🐦 X: @itsparccast💬 YouTube: Drop a comment—we read them all⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

Amazon is going all-in on AI—and taking aim at everyone in the process.In this episode of IT SPARC Cast – News Bytes, we break down:•Amazon’s massive AI infrastructure push and chip strategy•Microsoft turning Copilot into an autonomous agent•Netgear’s key win in the evolving router security landscapeIf you’re in enterprise IT, cloud, or security, this episode covers the real shifts happening right now—not just the headlines.📝 Episode Description 00:00 – Intro📰 News Bytes00:44 – Amazon CEO Takes Aim at Nvidia, Intel, Starlink & MoreAmazon is making a massive AI bet, with Andy Jassy justifying huge infrastructure investments and signaling a strategy to control more of the stack. From custom AI chips (Trainium) to satellite internet and ARM-based compute, Amazon is positioning itself as the “picks and shovels” provider for the AI gold rush.Rather than relying on vendors, Amazon is building vertically to reduce dependency and maximize margins—mirroring moves from other major players.Key takeaways:•AI revenue is directly tied to available compute•Hyperscalers are racing to own infrastructure end-to-end•Amazon’s strength is selling compute—not just AI modelsThis isn’t speculation—it’s a long-term land grab for AI dominance.https://techcrunch.com/2026/04/09/amazon-ceo-takes-aim-at-nvidia-intel-starlink-more-in-annual-shareholder-letter/⸻07:53 – Microsoft is Developing Copilot Features Inspired by OpenClawMicrosoft is evolving Copilot from a reactive assistant into an agentic system capable of acting on behalf of users. Inspired by OpenClaw-style agents, these new capabilities include task automation, proactive recommendations, and role-specific assistants.The big shift: AI isn’t just answering questions—it’s doing the work.With deep OS integration, Microsoft has a unique advantage in embedding these agents directly into enterprise workflows. However, this also raises the stakes around security and control.Key implications:•Agentic AI adoption is accelerating rapidly across enterprises•Model Context Protocol (MCP) will be critical for integrations•Role-based permissions may help contain riskThis is a foundational shift toward autonomous enterprise systems.https://www.computerworld.com/article/4158553/microsoft-is-developing-copilot-features-inspired-by-openclaw.html⸻14:20 – Netgear Scores First Exemption From Router RestrictionsNetgear has secured the first exemption allowing continued sale of new router products under new security-driven certification rules. While temporary and conditional, this signals how vendors will navigate compliance moving forward.The exemption suggests trust in Netgear’s processes and willingness to meet evolving standards, while also highlighting broader industry pressure around consumer networking security.Key considerations:•Existing devices remain unaffected—for now•More vendors are expected to follow with exemptions•Security scrutiny on consumer routers is increasingThis is an early indicator of how networking vendors will adapt to tighter requirements.https://www.pcmag.com/news/netgear-scores-the-first-exemption-from-the-fccs-foreign-made-router-ban⸻📬 18:34 – Mail BagListener feedback this week reinforces two ongoing themes:•AI’s impact on global labor markets•The growing complexity of data ownership in AI systemsDiscussion highlights how AI may disrupt traditional outsourcing models and why tracking data provenance inside AI systems is becoming critical.⸻🔚 23:52 – Wrap UpAs AI adoption accelerates, enterprise IT teams must balance innovation with governance—especially around automation, security, and data ownership. Listener engagement continues to shape the show, so reach out and be part of the conversation.⸻Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@JohnBarger on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

A dangerous Adobe Acrobat zero-day vulnerability (CVE-2026-34621) is actively being exploited—allowing attackers to compromise systems simply by getting users to open a malicious PDF. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down how it works, why it’s so dangerous, and what enterprise IT teams must do immediately.⸻📄 Show Notes🚨 CVE of the Week: Adobe Acrobat Zero-Day (CVE-2026-34621)This week’s vulnerability is about as bad—and as common—as it gets. A zero-day flaw in Adobe Acrobat Reader is actively being exploited in the wild, requiring nothing more than opening a malicious PDF to trigger a full system compromise.🔍 What Happened•CVE ID: CVE-2026-34621•Type: Zero-day (actively exploited before patch release)•Severity: CVSS 8.6 (High, but misleading in practice)•Attack Vector: Malicious PDF file•Impact: Remote Code Execution (RCE), data theftAdobe issued an emergency out-of-band patch, signaling the urgency and severity of the threat.⸻⚠️ Why This Is So DangerousThis exploit is particularly concerning because:•No user interaction required beyond opening a file•Works through phishing and email attachments•Targets one of the most widely used enterprise tools (PDF readers with ~60–75% market share)Once triggered, the vulnerability exploits a memory corruption flaw (e.g., use-after-free or buffer overflow), allowing attackers to execute arbitrary code on the system.⸻🔗 The Real Threat: Exploit ChainingOn its own, this vulnerability is severe—but in modern environments, it’s even worse:•Attackers use phishing to deliver the malicious PDF•Gain access to a user endpoint•Pivot into:•Cloud infrastructure•Container environments•Internal systems👉 This is how a “medium-high” CVSS score becomes a critical enterprise breach⸻🤖 AI and the Acceleration of AttacksThe pace of exploitation is changing:•Exploits are now being weaponized within minutes of disclosure•Attackers can deploy automated agents at scale•AI-driven reconnaissance reduces time-to-exploit dramaticallyThis creates a world where patch latency = exposure window.⸻🛠️ Mitigation & RecommendationsImmediate Actions:•✅ Patch Adobe Acrobat immediately (no delay)•🚫 Do NOT wait for standard patch cycles•📧 Treat all PDF attachments as potential attack vectorsEnterprise IT Best Practices:•Enforce auto-updates and forced patching policies•Consider network access restrictions for unpatched devices•Implement:•Zero Trust architectures•Endpoint monitoring and anomaly detection⸻🧠 Strategic Takeaways•User behavior is still the weakest link•Patch cycles must shift from scheduled → real-time response•Vendors must improve update mechanisms:•Fewer forced reboots•Better “do not interrupt” intelligenceWe are entering a phase where patching speed is a primary security control, not a maintenance task.⸻💬 Listener FeedbackThanks to listener IAPX for pointing out a technical clarification from last week:•The Docker vulnerability discussed was rooted in Moby, not Docker directly•Docker remains the primary exposure vector due to its widespread useGreat catch—and exactly the kind of feedback we appreciate.⸻📣 Wrap UpHave thoughts on this vulnerability? Are we underestimating the impact of PDF-based attacks?📧 Email: [email protected]🐦 X: @itsparccast💬 YouTube: Drop a comment—we read them all⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@JohnBarger on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

A critical Docker vulnerability (CVE-2026-34040) is putting container security at risk by allowing attackers to bypass authorization controls and potentially access host systems. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down the exploit, why it matters, and what enterprise IT teams must do immediately to mitigate risk.⸻📄 Show Notes🚨 CVE of the Week: Docker API Authorization Bypass (CVE-2026-34040)This week’s CVE highlights a serious vulnerability in Docker Engine that undermines one of the core assumptions of container security: isolation.🔍 What Happened•CVE ID: CVE-2026-34040•CVSS Score: 8.8 (High)•Affected Systems: Docker Engine / Moby versions prior to 29.3.1•Root Cause: Improper handling of authorization plugin checks in Docker’s API layerThe vulnerability allows specially crafted API requests to bypass authorization controls by dropping the request body before inspection—while still executing the request.⸻⚠️ Why This MattersThis flaw enables attackers to:•Bypass container security policies•Create privileged containers•Access the host file system•Extract sensitive credentials (SSH keys, cloud keys, etc.)This effectively breaks container isolation, turning Docker from a security boundary into an attack vector.⸻🔗 The Bigger Risk: Chained AttacksWhile Docker APIs are typically not exposed publicly, this vulnerability becomes significantly more dangerous in real-world environments:•Attackers gain initial access via:•Phishing or spear phishing•Compromised endpoints•Malware or trojans•Then pivot internally to exploit Docker APIs👉 In these scenarios, the practical severity approaches 9.8–10.0, not 8.8.⸻🤖 AI-Driven Threat AmplificationModern attack frameworks—especially those leveraging AI—can:•Automatically scan for exposed APIs•Execute chained exploits without human intervention•Scale attacks across thousands of targets simultaneouslyThis dramatically reduces the skill barrier for attackers.⸻🛠️ Mitigation & RecommendationsImmediate Actions:•✅ Upgrade Docker to version 29.3.1 or later•🔒 Restrict and lock down Docker API access•🚫 Ensure APIs are not externally exposedStrategic Recommendations:•Enable auto-updates where operationally safe•Conduct a full network audit (hosts, containers, firmware, network gear)•Patch beyond servers:•BIOS / firmware•Network infrastructure (switches, routers)•Break down silos between:•Enterprise IT security•Data center / cloud security⸻🔄 Key TakeawayContainerization is not a silver bullet for security. Misconfigurations and API exposure can turn Docker into a high-impact attack surface—especially when combined with modern, automated attack chains.⸻💬 Listener FeedbackThanks to listener PutlerLXO for correcting last week’s Axios stat:•Actual weekly downloads: 100 million, not 45 millionWe appreciate the feedback—keep it coming!⸻📣 Wrap UpHave thoughts on this vulnerability? Think it’s overblown—or even worse than we described?📧 Email: [email protected]🐦 X: @itsparccast💬 YouTube & LinkedIn: Drop a comment—we read them all⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger and Lou Schmidt break down the latest enterprise IT headlines with sharp insight and zero fluff.Are tech CEOs using AI as cover for layoffs? Are emergency patches from major vendors signaling deeper systemic risk? And what’s really behind OpenAI’s decision to shut down Sora?Plus, listener feedback sparks a deep dive into home router security and the best options for every level—from plug-and-play to prosumer setups.If you’re in enterprise IT, security, or just trying to stay ahead of the curve, this is your weekly signal through the noise.⸻📌 Show Notes00:00 – Intro•Overview of the week’s biggest enterprise IT stories•AI layoffs, patch failures, and shifting priorities in AI platforms⸻📰 News Bytes00:49 – Tech CEOs Suddenly Love Blaming AI for Mass Job Cuts•Increasing trend: layoffs attributed to “AI efficiency gains”•Reality check: cost-cutting, restructuring, and execution failures•Market dynamics:•“AI-driven efficiency” messaging can stabilize or boost stock prices•Traditional layoffs often trigger negative investor reactions•Key takeaway:•AI is becoming a narrative shield for leadership decisions•Career insight:•Job security = being a problem solver, not just a role filler•Enterprise angle:•Evaluate vendor stability when layoffs are framed as “AI transformation”https://www.bbc.com/news/articles/cde5y2x51y8o⸻07:06 – Emergency Microsoft & Oracle Patches Point to Wider Cyber Issues•Rise in out-of-band (emergency) patching•Key incidents:•Critical remote code execution vulnerability (CVSS 9.8)•Broken update causing login failures•Core issue:•Patch reliability vs. urgency tradeoff is collapsing•Enterprise implications:•Traditional patch windows are becoming obsolete•Delayed patching = increased exposure risk•New reality:•Mandatory, rapid patch deployment is now required•Strategic shift:•Move toward live patching architectures (already common in Linux/cloud)•Root causes:•Faster release cycles•Increased reliance on automation•Reduced staffing depthhttps://www.computerweekly.com/news/366640648/Emergency-Microsoft-Oracle-patches-point-to-wider-cyber-issues⸻13:28 – Why OpenAI Really Shut Down Sora•Contrary to speculation: not a collapse signal•Actual drivers:•Compute constraints•Resource prioritization•Revenue alignment•Market dynamics:•AI arms race: speed, capability, and scale•Product reality:•Video generation = extremely compute-intensive•Limited sustained user demand vs. cost•Strategic takeaway:•Focus shifting toward:•Coding tools•Agentic platforms•High-ROI capabilities•Key insight:•AI growth is currently compute-bound, not idea-boundhttps://techcrunch.com/2026/03/29/why-openai-really-shut-down-sora/⸻📬 16:54 – Mail Bag & Home Router RecommendationsListener Feedback Topics:•Router security concerns•Safer alternatives to high-risk vendorsRecommended Router Tiers:🟢 Entry-Level (Simple / Plug-and-Play)•Netgear•Strong open-source firmware support (OpenWRT, Tomato)•U.S.-based company with supply chain flexibility•High accountability and responsiveness🟡 Mid-Tier (Mesh / Larger Homes)•Eero (Amazon-owned)•Strong performance and ease of use•Consistent updates and long-term viability🔵 Prosumer / Advanced•Ubiquiti (UniFi)•Best-in-class price/performance•Full ecosystem: networking + security + cameras•No recurring cloud fees•Strong automation and patch responsiveness⸻🔚 26:54 – Wrap Up•Call for listener feedback•Engage via email, X, YouTube, or LinkedIn•Reminder to like, subscribe, and enable notifications⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a massive supply chain attack targeting Axios, one of the most widely used JavaScript libraries in the world.Attackers compromised a maintainer account and injected malicious code into widely distributed versions, turning routine installs into a cross-platform Remote Access Trojan (RAT) deployment.This isn’t just another vulnerability — it’s a breach of trust in the open-source ecosystem that powers modern web applications.⸻📝 Show Notes A major supply chain attack has compromised Axios, a core JavaScript library used in millions of applications across web, mobile, and backend systems.In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt explain how attackers injected malware into trusted Axios packages — impacting potentially tens of millions of environments worldwide.⸻🔎 What HappenedAxios is a widely used open-source library for making HTTP requests in:•Node.js applications•React, Angular, and Vue frontends•Mobile apps (React Native)•SaaS platforms and internal toolsWith over 45 million weekly downloads, its footprint is enormous.Attackers compromised an Axios maintainer’s NPM account and pushed malicious versions:•Axios 1.14.1•Axios 0.30.4These versions introduced a hidden dependency:•[email protected] dependency executed a post-install script that deployed a cross-platform Remote Access Trojan (RAT) targeting:•Windows•macOS•LinuxThe malware then:•Contacted a command-and-control (C2) server•Downloaded OS-specific payloads•Executed silently•Deleted itself and restored clean package files to evade detection⸻⚠ Why This Is So DangerousThis attack is particularly severe because:•It does not require direct user action beyond installing dependencies•It affects transitive dependencies (you may be using Axios without knowing it)•It operates during build/install processes (CI/CD pipelines included)•It leaves minimal forensic evidenceThis is a classic supply chain compromise — not a CVE, but arguably more dangerous.⸻🏢 Enterprise IT ImpactIf your organization:•Uses Node.js or modern JavaScript frameworks•Runs CI/CD pipelines•Builds or deploys SaaS platforms•Uses third-party APIs or SDKsYou are likely exposed.Even if you don’t directly install Axios, it may exist deep in your dependency tree.⸻🧠 Key TakeawayThis was not a flaw in code.This was a failure of trust in the supply chain.If your security model assumes dependencies are safe by default — this attack proves otherwise.⸻🔗 Source Articleshttps://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.htmlhttps://www.elastic.co/security-labs/axios-supply-chain-compromise-detections⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down three major moves reshaping the future of AI infrastructure, chip design, and enterprise automation.Elon Musk announces TeraFab, a massive new effort to bring chip fabrication back in-house for greater control over AI hardware and supply chains. Mark Zuckerberg pushes deeper into agentic AI with plans for a personal “AI CEO” to manage workflows and decision-making. And Arm signals a major strategic shift with a new AI-focused chip designed for agent-based systems—putting it in direct competition with its own ecosystem.From supply chain control and custom silicon to AI-driven leadership tools and next-generation chip architectures, this episode explores how the foundation of enterprise IT is rapidly evolving.  ⸻⏱️ Show Notes00:00 – Intro📰 News Bytes00:45 – Elon Musk Announces TeraFab for AI Chips and MemoryElon Musk has announced plans for TeraFab, a massive chip fabrication initiative aimed at regaining full control over chip design and production.The strategy includes:• A prototype fabrication facility for rapid iteration• A large-scale production fab for mass manufacturing• Vertical integration to reduce dependency on external foundries• Faster time-to-market for AI-driven hardwareAs chip demand surges due to AI workloads, companies are reconsidering outsourced manufacturing models. TeraFab represents a return to end-to-end control of silicon development, which could significantly impact supply chains, pricing, and innovation speed.https://x.com/i/broadcasts/1yKAPMzlvgWxb https://en.wikipedia.org/wiki/Terafab 09:46 – Mark Zuckerberg Builds AI CEO to Help Run MetaMark Zuckerberg is developing a personal AI system capable of handling executive-level tasks—effectively functioning as a digital chief of staff or “AI CEO.”The system is designed to:• Retrieve and synthesize information across internal systems• Automate decision-support workflows• Reduce reliance on layers of management• Act as a “second brain” for operational awarenessThis reflects a broader shift toward agentic AI, where intelligent systems proactively execute tasks rather than simply responding to prompts. The discussion also raises key enterprise questions around security, portability, and ownership of personal AI agents.https://www.the-independent.com/tech/mark-zuckerberg-ai-ceo-bot-b2943792.html17:54 – Arm Unveils New AI Chip for Agentic SystemsArm has announced a new AI-focused chip architecture aimed at powering agentic AI and future AGI-style workloads.Key implications include:• A shift from IP licensing to direct chip competition• Increased competition with existing ecosystem partners• Potential acceleration of specialized AI hardware development• Growing relevance of alternative architectures like RISC-VThis move signals a major strategic pivot for Arm, potentially reshaping the competitive landscape for AI infrastructure and creating new dynamics between chip designers, manufacturers, and enterprise buyers.https://www.reuters.com/business/media-telecom/arm-unveils-new-ai-chip-expects-it-add-billions-annual-revenue-2026-03-24/ 🔁 Wrap Up25:24 – Mail BagListener feedback highlights continued interest in emerging compute models, including biological computing, and reinforces the importance of staying ahead of major infrastructure trends.27:01 – Wrap UpJohn and Lou close with thoughts on the convergence of AI, custom silicon, and agent-based workflows, emphasizing that enterprise IT leaders must prepare for a future where infrastructure, software, and decision-making are increasingly intertwined.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break from a single CVE to tackle a broader and increasingly critical issue: router supply chain security.From botnets built on consumer routers to concerns about firmware, silicon-level vulnerabilities, and manufacturing visibility, the conversation explores why your home or small office router may be one of the weakest links in modern cybersecurity.The hosts explain what’s changing in the router market, which vendors are most at risk, and what both consumers and enterprise IT professionals should be doing now to secure the network edge.⸻📝 Show NotesConsumer routers are no longer just simple networking devices — they are now prime targets in large-scale cyberattacks and botnet operations.In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down the growing risks tied to router supply chains, firmware security, and edge network vulnerabilities.Rather than focusing on a single CVE, this discussion highlights a broader shift in how attackers are targeting home routers, small office devices, and prosumer networking gear as entry points into larger networks.⸻🔎 What’s Changing in Router SecurityRecent attack trends show:•Consumer and small-office routers are being used as launch points for larger cyberattacks•Botnets are increasingly built on unpatched or poorly secured edge devices•Attackers are leveraging routers to mask origin and evade detectionThis makes routers one of the most critical — and often overlooked — components of modern security architecture.⸻⚠ The Supply Chain ProblemOne of the biggest concerns discussed in this episode is supply chain visibility.Key risks include:•Limited insight into where hardware components are manufactured•Potential for firmware-level or silicon-level vulnerabilities•Difficulty auditing third-party manufacturing processes•Inability to fully validate device integrityEven when running trusted software (such as open-source firmware), underlying hardware risks may still exist.⸻🏢 Enterprise & Home Network ImpactThis is not just a consumer issue.Organizations must consider:•Remote employees connecting via insecure home routers•Small offices using low-cost networking equipment•IoT devices relying on consumer-grade infrastructure•Edge devices acting as entry points for lateral movementIf the edge is compromised, the rest of the network is exposed.⸻🛠 What IT Teams and Consumers Should Do•Avoid default configurations and credentials•Keep firmware updated consistently•Segment home and corporate network traffic where possible•Evaluate router vendors for security posture and supply chain transparency•Monitor for unusual traffic patterns or device behavior•Plan for longer-term shifts in router procurement and standardsThis is a long-term evolution, not a short-term panic event.⸻📊 Market Impact & Vendor LandscapeThe episode also discusses potential market shifts:•Lower-cost vendors may face increased scrutiny•Vendors with stronger supply chain transparency may benefit•Manufacturing may shift to more trusted and auditable environments•Future devices may require mandatory security features like auto-updating firmware⸻💬 Listener FeedbackListener feedback from X highlights the growing importance of Zero Trust and identity validation, especially in response to recent discussions about insider threats.The takeaway:Security is no longer just about devices — it’s about people, process, and trust models working together.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

📄 Episode DescriptionIn this episode of IT SPARC Cast – Interview, John Barger sits down with Dr. Ewelina Kurtys of Final Spark to explore one of the most futuristic ideas in computing: building computers from living neurons.Final Spark is a Swiss startup working to create biological computing systems using neurons derived from human stem cells. The goal is to develop a new form of compute that is dramatically more energy-efficient than traditional silicon—potentially by orders of magnitude.In this conversation, John and Dr. Kurtys explore how neurons are sourced, how they are interfaced with traditional systems, and what it will take to build neuron-based data centers. They also discuss the challenges of programming biological systems, the timeline for commercialization, and what enterprise IT professionals should be doing today to prepare for this emerging paradigm.This is a deep dive into the intersection of biology, AI, and infrastructure—and what could become the next major evolution of computing.  ⸻⏱️ Show Notes00:00 – IntroAn introduction to Final Spark and the concept of building computing systems using living neurons as an alternative to traditional silicon-based infrastructure.⸻❓ Questions00:32 - Who Is Final Spark?01:00 - How Do You Source Your Neurons?01:43 - Neuron Quality Control02:43 - Neurons In AI Data Centers03:14 - Benefit Of Using Neurons04:19 - When Will Neuron Based Compute Be Commercially Available05:43 - Operating System Or Programming Language For Neurons06:49 - What Does A Neuron Based Data Center Look Like?07:55 - Containment And Security08:28 - Data Persistence And Memory Erasure09:10 - What Should IT Professionals Do Today To Prepare?12:04 - How Does A Start-Up Get Involved Today?12:44 - How Do You Program Neurons “Bits”? Are They Binary?14:54 - How Do You Connect Neurons To Silicon Based Compute?16:00 - Final Thoughts from Dr. Kurtys⸻https://www.finalspark.comhttps://finalspark.com/articles/⸻🔁 Wrap Up17:19 – Wrap UpJohn reflects on the interview and the long-term implications of neuron-based computing. While still early-stage, the technology represents a potential shift in how compute is delivered—driven by energy efficiency, biological processing models, and new programming paradigms.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down four major stories reshaping enterprise IT, AI infrastructure, and the future of software.Millions of Pokémon Go players unknowingly helped train real-world delivery robots using billions of images. Meanwhile, OpenAI’s ambitious Stargate data center expansion hits a major setback, highlighting the challenges of scaling AI infrastructure.Nvidia pushes the frontier even further with plans for orbital AI data centers powered by its new Vera Rubin Space-1 chip system, while a growing movement suggests the “SaaS apocalypse” may be underway, driven by AI and open-source alternatives reshaping how software is built and consumed.From crowdsourced AI training to space-based compute and the future of enterprise software, this episode explores where the next wave of IT disruption is coming from.  Show Notes00:00 – Intro📰 News Bytes00:45 – Pokémon Go Players Unknowingly Trained Delivery Robots With 30 Billion ImagesNiantic has leveraged years of Pokémon Go gameplay data—over 30 billion images captured by users—to build a highly accurate Visual Positioning System (VPS) capable of centimeter-level location accuracy.The discussion highlights both the brilliance of this crowdsourced data model and broader concerns around data ownership, enterprise data exposure, and unintended data usage.https://www.popsci.com/technology/pokemon-go-delivery-robots-crowdsourcing/?utm_source=chatgpt.com ⸻07:18 – OpenAI’s Massive Stargate Data Center Expansion CanceledPlans to expand a major AI data center tied to the Stargate initiative have been canceled, underscoring the complexity of building large-scale AI infrastructure.Despite the cancellation, demand for AI compute remains extremely high, with other organizations potentially stepping in to utilize available capacity—reinforcing that AI infrastructure demand still far exceeds supply.https://www.tomshardware.com/tech-industry/artificial-intelligence/openais-massive-stargate-data-center-canceled-as-firm-cant-reach-terms-with-oracle-operator-struggles-with-reliability-issues-meta-said-to-be-interested-in-snatching-excess-capacity ⸻11:06 – Nvidia Announces Vera Rubin Space-1 Chip System for Orbital AI Data CentersNvidia is pushing AI infrastructure beyond Earth with its Vera Rubin Space-1 system, designed for use in orbital data centers.While challenges remain—especially around cooling and radiation—this represents a major step toward space-based AI infrastructure as demand for compute continues to surge.https://www.cnbc.com/2026/03/16/nvidia-chips-orbital-data-centers-space-ai.html ⸻17:50 – The SaaS Apocalypse Is Open Source’s Greatest OpportunityA growing trend suggests that traditional SaaS models may be under pressure as AI dramatically lowers the cost of building custom software.The hosts highlight real-world examples of AI enabling individuals to build production-ready applications in hours, signaling a potential return to highly customized, in-house systems—powered by AI instead of large dev teams.https://hackernoon.com/the-saas-apocalypse-is-opensources-greatest-opportunity ⸻🔁 Wrap Up25:28 – Mail BagListener Tim flags an issue with a previous episode upload, helping quickly resolve a distribution problem. A reminder of how valuable engaged listeners are to maintaining quality and consistency.⸻26:52 – Wrap UpJohn and Lou close with thoughts on how rapidly the IT landscape is evolving—from AI-driven infrastructure and orbital compute to the reinvention of software delivery models—and encourage listeners to stay adaptable as these shifts accelerate.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a rapidly growing cybersecurity threat: North Korean operatives posing as remote IT workers inside enterprise environments.These actors are not just external attackers — they are getting hired, accessing corporate systems, and creating persistent insider threats that are extremely difficult to detect.The episode explores how the scheme works, why traditional security controls fail, and what enterprise IT teams must do to defend against this evolving attack vector.⸻📝 Show NotesA new cybersecurity threat is emerging that flips the traditional attack model on its head.Instead of breaking into your network, attackers are getting hired into your company.In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt analyze the growing threat of North Korean IT worker schemes, where operatives pose as legitimate remote employees to gain direct access to enterprise systems.⸻🔎 How the Scheme WorksThreat actors:•Apply for remote IT jobs using stolen or synthetic identities•Pass interviews and onboarding processes•Gain legitimate access to corporate systems•Use that access to exfiltrate data, generate revenue, or stage future attacksThese individuals often work through:•VPN masking•Proxy networks•Identity laundering through third partiesOnce inside, they operate as trusted insiders, making detection significantly more difficult than traditional external threats.⸻⚠ Why This Is So DangerousThis is not a vulnerability in software — it’s a failure in process, identity, and trust models.Key risks include:•Direct access to internal systems and data•Ability to bypass perimeter security controls•Long-term persistence without detection•Potential for data exfiltration, espionage, or ransomware stagingUnlike typical breaches, these actors are:•Authenticated•Approved•Operating under legitimate credentials⸻🏢 Enterprise IT ImpactThis threat directly impacts:•Remote-first organizations•Companies hiring globally•Teams using contractors or third-party staffing firms•Organizations without strict identity verification processesIf your company hires remote developers, engineers, or IT staff — this is your problem.⸻🔐 Key Security TakeawaysTo mitigate this risk, organizations should:•Strengthen identity verification during hiring•Require multi-factor authentication across all systems•Monitor for unusual behavior from “trusted” accounts•Implement least-privilege access controls•Audit remote employee access regularly•Coordinate with HR on security-aware hiring practicesThis is a cross-functional problem — IT, Security, and HR must work together.⸻🔗 Source Articlehttps://www.nbcnews.com/investigations/north-korea-it-worker-scheme-nisos-fbi-rcna245025⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

Oooops. We uploaded the wrong audio. It's been fix now.In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt explore four major stories shaping enterprise IT, open-source software, AI infrastructure, and the future of data centers.A new report reveals that two-thirds of Node.js installations are running outdated versions, creating major security and operational risks across modern software stacks. Meanwhile, Meta hires the creators of Moltbook, a platform designed as a social network for AI agents to communicate and collaborate.Nvidia enters the agentic AI race with plans for an open-source enterprise AI agent platform, while Oracle’s massive investments in AI data centers spark debate about whether the industry is heading toward an infrastructure bubble.From open-source sustainability to AI infrastructure strategy, this episode breaks down what these developments mean for enterprise IT leaders, developers, and technology investors. Show Notes00:00 – Intro📰 News Bytes00:43 – Two Thirds of Node.js Installations Are OutdatedA new report from the OpenJS Foundation reveals that roughly two-thirds of Node.js deployments are running outdated or end-of-life versions, creating serious security and stability concerns across modern applications.To address this, the Node.js LTS Upgrade and Modernization Program is connecting enterprises with trusted service providers audit, plan, and modernize their deployments.The initiative also helps fund open-source development by directing a portion of service revenue back to the OpenJS Foundation.https://openjsf.org/blog/nodejs-lts-upgrade-program04:59 – Meta Hires the Duo Behind MoltbookMeta has hired the creators of Moltbook, a platform designed as a collaboration network where AI agents can verify identity, exchange information, and coordinate tasks.Meta’s move suggests a strategy to become the central hub for AI agent interaction, positioning the company to support a future where large numbers of autonomous software agents perform tasks for individuals and businesses.https://www.axios.com/2026/03/10/meta-facebook-moltbook-agent-social-network10:20 – Nvidia to Launch an Open-Source AI Agent PlatformNvidia is preparing to release NemoClaw, an open-source AI agent platform designed to help enterprises deploy autonomous agents capable of automating workflows, managing data, and performing complex multi-step tasks.Key aspects of the platform include:• Enterprise-focused agent orchestration• Open-source accessibility• Compatibility beyond Nvidia hardware• Integration with major enterprise software vendorsThe move signals Nvidia’s growing interest in the agentic AI ecosystem, which could dramatically increase demand for GPU-accelerated compute infrastructure.https://www.wired.com/story/nvidia-planning-ai-agent-platform-launch-open-source/⸻14:27 – Oracle Is Building Yesterday’s Data Centers With Tomorrow’s DebtOracle is investing heavily in new AI data centers, financing much of the expansion through debt as it competes with other hyperscale cloud providers.Some analysts have raised concerns that rapid advances in AI hardware could outpace the construction timelines of new facilities, potentially creating financial risk.However, the hosts point out that building data centers requires long lead times for power infrastructure, networking, and facilities, while the compute hardware itself is typically installed later in the deployment process.The discussion highlights the importance of evaluating technology investment stories critically and considering both infrastructure realities and market narratives.https://www.cnbc.com/2026/03/09/oracle-is-building-yesterdays-data-centers-with-tomorrows-debt.html⸻20:14 – Wrap up⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt explore four major stories shaping enterprise IT, open-source software, AI infrastructure, and the future of data centers.A new report reveals that two-thirds of Node.js installations are running outdated versions, creating major security and operational risks across modern software stacks. Meanwhile, Meta hires the creators of Moltbook, a platform designed as a social network for AI agents to communicate and collaborate.Nvidia enters the agentic AI race with plans for an open-source enterprise AI agent platform, while Oracle’s massive investments in AI data centers spark debate about whether the industry is heading toward an infrastructure bubble.From open-source sustainability to AI infrastructure strategy, this episode breaks down what these developments mean for enterprise IT leaders, developers, and technology investors.  00:00 – Intro📰 News Bytes00:43 – Two Thirds of Node.js Installations Are OutdatedA new report from the OpenJS Foundation reveals that roughly two-thirds of Node.js deployments are running outdated or end-of-life versions, creating serious security and stability concerns across modern applications.To address this, the Node.js LTS Upgrade and Modernization Program is connecting enterprises with trusted service providers that can:• Audit existing deployments• Plan phased upgrades• Modernize dependencies• Maintain production stabilityhttps://openjsf.org/blog/nodejs-lts-upgrade-program04:59 – Meta Hires the Duo Behind MoltbookMeta has hired the creators of Moltbook, a platform designed as a collaboration network where AI agents can verify identity, exchange information, and coordinate tasks.Meta’s move suggests a strategy to become the central hub for AI agent interaction, positioning the company to support a future where large numbers of autonomous software agents perform tasks for individuals and businesses.https://www.axios.com/2026/03/10/meta-facebook-moltbook-agent-social-network10:20 – Nvidia to Launch an Open-Source AI Agent PlatformNvidia is preparing to release NemoClaw, an open-source AI agent platform designed to help enterprises deploy autonomous agents capable of automating workflows, managing data, and performing complex multi-step tasks.The move signals Nvidia’s growing interest in the agentic AI ecosystem, which could dramatically increase demand for GPU-accelerated compute infrastructure.https://www.wired.com/story/nvidia-planning-ai-agent-platform-launch-open-source/14:27 – Oracle Is Building Yesterday’s Data Centers With Tomorrow’s DebtOracle is investing heavily in new AI data centers, financing much of the expansion through debt as it competes with other hyperscale cloud providers.Some analysts have raised concerns that rapid advances in AI hardware could outpace the construction timelines of new facilities, potentially creating financial risk.The discussion highlights the importance of evaluating technology investment stories critically and considering both infrastructure realities and market narratives.https://www.cnbc.com/2026/03/09/oracle-is-building-yesterdays-data-centers-with-tomorrows-debt.html🔁 Wrap Up20:14 – Mail BagListener Mel asks whether laser-based networking technologies, like the TaaraConnect system discussed in a previous episode, could help improve internet access in mountainous rural areas.While line-of-sight laser connectivity could offer high speeds, weather conditions like fog and cloud cover could require backup connections such as radio or wired infrastructure.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

A new malware campaign has compromised more than 14,000 ASUS routers, creating a resilient botnet that security researchers say is unusually difficult to dismantle.In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt examine the KadNap router malware, which targets unpatched ASUS routers and installs a persistent backdoor designed to survive typical remediation efforts.The malware was identified by researchers at Lumen’s Black Lotus Labs, who discovered that infected routers are being used as part of a botnet capable of proxying internet traffic and enabling other malicious activities.Unlike many botnets that rely on centralized command servers, KadNap uses peer-to-peer control mechanisms similar to BitTorrent, making it significantly harder for security teams to disrupt.⸻🔎 What the KadNap Router Malware DoesThe malware exploits vulnerabilities in ASUS routers that have not been patched or configured securely.Once installed, KadNap:•Creates a persistent backdoor on the router•Survives reboots and firmware updates•Enables remote control of the router•Connects the device to a distributed botnet network•Routes malicious traffic through compromised residential internet connectionsResearchers also discovered the infected routers are being used by a fee-based proxy service called Doppelganger, allowing customers to route their internet traffic through unsuspecting victims’ home networks.⸻⚠ Why This Is DangerousBecause the traffic originates from compromised home routers, victims could unknowingly appear responsible for malicious activity such as:•Network attacks•Surveillance operations•Illegal browsing activity•Staging points for additional cyber intrusionsThis makes detection and attribution far more difficult.⸻🏢 Enterprise IT RiskThis vulnerability is not limited to home users.ASUS also produces small-business routers, meaning organizations or small offices using these devices could be exposed.IT professionals should also remember that compromised routers can provide attackers with a network foothold for lateral movement, especially if IoT or remote-user networks are poorly segmented.⸻🛠 How to Detect and Remove KadNapSecurity experts recommend checking routers for signs of compromise:Look for:•SSH enabled unexpectedly•Remote administration enabled•Unknown certificates or scheduled tasks•Suspicious entries in device logsBecause the malware attaches to configuration files, simply rebooting or restoring a configuration backup will not remove it.The proper remediation process:1.Perform a full factory reset2.Update the router firmware immediately3.Manually reconfigure the router (do not restore backups)Experts also recommend changing default internal network ranges, such as moving away from the common 192.168.1.x subnet.⸻🔗 Source Articlehttps://arstechnica.com/security/2026/03/14000-routers-are-infected-by-malware-thats-highly-resistant-to-takedowns/⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down three major developments shaping the future of networking and internet infrastructure.Google begins testing a new quantum-resistant HTTPS certificate approach designed to defend the web against future quantum computing attacks. Meanwhile, Qualcomm’s CEO declares that the coming 6G mobile revolution will be essential for AI-driven applications, promising speeds up to 1 Tbps and sub-millisecond latency. Finally, TaaraConnect introduces a 25-Gbps laser-based networking system capable of delivering fiber-like speeds between buildings without laying cable.From quantum-safe encryption to AI-driven wireless networks and laser communication links, this episode explores how the next generation of connectivity will reshape enterprise IT infrastructure, data centers, and global networks.  ⸻Show Notes00:00 – Intro⸻📰 News Bytes00:51 – Google Quantum-Proofs HTTPS with Compact CertificatesGoogle and Cloudflare are testing a new method to make HTTPS certificates resistant to future quantum attacks.Instead of traditional signature chains, the system uses Merkle Tree Certificates (MTCs) to dramatically shrink quantum-safe cryptographic data from roughly 15 KB down to about 700 bytes, making it practical for real-world internet use.The experiment begins with about 1,000 TLS certificates, with standards work underway through the IETF. If successful, this approach could become a foundational component of post-quantum internet security.The big unknown: how much processing overhead these new cryptographic methods will require on older client devices.https://arstechnica.com/security/2026/02/google-is-using-clever-math-to-quantum-proof-https-certificates/ ⸻05:42 – Qualcomm CEO Says the 6G Revolution Is ComingAt Mobile World Congress, Qualcomm CEO Cristiano Amon argued that the AI era will demand 6G networks, dramatically increasing bandwidth and lowering latency.Projected 6G capabilities include:• Speeds of 100 Gbps to 1 Tbps• Sub-millisecond latency• Massive connectivity for billions of devices• AI-driven network managementThe shift toward AI-heavy cloud processing means network traffic will become even more north-south oriented, sending massive datasets between edge devices and cloud infrastructure.Early 6G trials are expected around 2028, with broader deployments beginning around 2029.https://fortune.com/2026/03/03/qualcomm-ceo-resistance-is-futile-6g-mobile-revolution-approaches/⸻13:31 – TaaraConnect Uses Lasers to Deliver 25-Gbps InternetTaaraConnect is developing a laser-based point-to-point networking system capable of delivering up to 25 Gbps over distances of about 6 miles (10 km).Instead of radio waves, the system transmits data using focused beams of light, creating fiber-like connectivity without physical cables.Key features include:• Adaptive beam alignment• Automatic power adjustments during interference• Redundant beam paths to mitigate disruptions• Low-latency high-bandwidth links between buildingsWhile heavy fog remains the primary limitation, the technology could provide a powerful alternative to expensive metro fiber deployments, particularly in dense urban environments.https://newatlas.com/telecommunications/google-taara-25gbps-internet-cities-light/⸻🔁 Wrap Up19:31 – Mail BagListener Xavier shares thoughts on the rising cost of compute power and suggests that bio-AI systems using living neurons could eventually deliver superior performance-per-watt compared to traditional silicon chips.The discussion highlights a growing industry focus on compute efficiency and power consumption as data center infrastructure scales to support AI workloads.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt dive into a newly exploited Android vulnerability that many IT teams may be overlooking.The issue centers around CVE-2026-21385, a high-severity vulnerability affecting Qualcomm graphics components used in Android devices. While the vulnerability requires physical access, it is actively being exploited in the wild, making it a serious concern for enterprise IT environments.But the real story isn’t smartphones.The bigger risk lies in Android devices hiding in plain sight across enterprise infrastructure — including point-of-sale terminals, warehouse scanners, embedded industrial systems, and other IoT devices that often run outdated Android versions and rarely receive timely security updates.⸻🔎 CVE-2026-21385 Overview•CVE: CVE-2026-21385•Severity: High (CVSS 7.8)•Component: Qualcomm GPU graphics driver used in Android•Exploit Status: Actively exploited in the wild•Access Required: Physical access•Patch: Included in March 2026 Android Security BulletinSeveral additional vulnerabilities were also patched in the same release, including critical Android framework remote code execution flaws, increasing the urgency for organizations to deploy updates wherever possible.⸻⚠ Why Enterprise IT Should CareMost organizations focus on employee phones when thinking about Android security.However, the real exposure often comes from embedded Android devices that organizations forget about:Common examples include:•Point-of-sale payment terminals•Warehouse inventory scanners (Zebra, Honeywell, etc.)•Retail handheld devices•Industrial control panels•Vehicle infotainment systems running Android•Embedded tablets in appliances or machineryMany of these devices:•Run older Android versions•Receive delayed or nonexistent updates•Expose USB or physical ports that could enable exploitation•Are connected to internal networksIf compromised, these systems could become the first step in a lateral network attack.⸻🔐 Key Security TakeawaysOrganizations should treat this vulnerability as a wake-up call for Android-based IoT security.Recommended actions:•Inventory all Android-based devices in your environment•Identify IoT or embedded Android systems•Verify whether vendors provide security updates•Push vendors for timelines if patches are not available•Segregate IoT devices onto isolated networks•Lock down physical access and exposed USB portsIgnoring embedded Android devices can create a hidden attack path directly into corporate networks.⸻💬 Listener FeedbackFollowing last week’s episode discussing the Conduent ransomware breach, listeners shared their experiences receiving breach notification letters.One listener reported receiving a notification despite not participating in government assistance programs, while another reported being impacted through health insurance providers like Blue Cross Blue Shield.The scope of the Conduent breach appears to be continuing to expand, reinforcing the importance of monitoring vendor supply-chain exposure.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger and Lou Schmidt break down three major stories shaping the future of AI, enterprise infrastructure, and software security.Anthropic revises its flagship AI safety pledge amid competitive pressure, open source registries warn they lack funding for basic security protections, and OpenAI scrambles for compute power as large-scale infrastructure plans stall.From AI governance and supply chain risk to infrastructure bottlenecks and power constraints, this episode explores what enterprise IT leaders need to be watching right now.⸻⏱️ Show Notes00:00 – IntroAnthropic revises its safety framework, open source ecosystems struggle to fund security, and OpenAI races to secure compute capacity as infrastructure constraints tighten across the AI industry.⸻📰 News Bytes⸻00:44 – Anthropic Drops Flagship Safety PledgeAnthropic has revised its 2023 Responsible Scaling Policy, removing its categorical commitment to halt training if safety guarantees could not be ensured in advance. The company says the shift reflects rapid AI advancement, competitive pressures, and the need for transparency over unilateral restrictions.John and Lou unpack what this means for enterprise deployments: Is this a rollback of safety? Or a move toward operational flexibility and published risk roadmaps? The bigger issue may be how AI vendors balance guardrails, customer control, and competitive pressure.https://time.com/7380854/exclusive-anthropic-drops-flagship-safety-pledge/ ⸻08:16 – Open Source Registries Can’t Afford Basic SecurityMajor open source ecosystems such as PyPI, npm, RubyGems, and others are reportedly facing funding shortfalls that threaten their ability to implement fundamental security protections.With supply chain attacks on the rise and AI accelerating code generation, underfunded registries present a growing enterprise risk. The hosts discuss why “free” does not mean costless — and why corporate IT teams must contribute financially or through engineering resources to sustain the security of the tools they depend on.https://www.theregister.com/2026/02/16/open_source_registries_fund_security/ ⸻12:36 – Inside OpenAI’s Scramble to Secure Compute After Stargate StalledOpenAI’s large-scale infrastructure plans have reportedly slowed, forcing the company to seek alternative compute sources to sustain AI growth.The episode explores the real bottlenecks: wafer starts, power generation, turbines, construction capacity, data center labor, and capital coordination. With AI revenue tightly correlated to compute availability, infrastructure constraints may be the biggest story in AI for 2026 and beyond.https://www.theinformation.com/articles/inside-openais-scramble-get-computing-power-stargate-stalled ⸻🔁 Wrap Up19:15 – Mail BagListener Xavier highlights how surface-level headlines often hide deeper enterprise implications — a reminder that IT leaders must look beneath the story to understand downstream risk and opportunity.20:36 – Wrap UpFrom AI safety governance and competitive pressure to supply chain funding gaps and compute shortages, Episode 27 reinforces one theme: infrastructure, transparency, and long-term planning now define enterprise AI strategy.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a massive ransomware-driven data breach impacting Conduent, a major business process services provider that handles public sector programs, healthcare benefits processing, and corporate HR services.What began as reports of a 10.5 million record breach has now escalated to an estimated 25 million impacted individuals, with the ransomware group SafePay claiming responsibility and alleging over 8 terabytes of data exfiltrated.⸻🔎 What Happened?Conduent, which provides backend processing for government assistance programs and health benefits, confirmed that sensitive personal and corporate information may have been exposed.Reported exposed data includes:•Names•Dates of birth•Addresses•Social Security numbers•Employment records•Financial information•Medical and health insurance details•Internal business documentsSafePay ransomware actors reportedly gained access through compromised credentials and then moved laterally through Conduent’s systems.This is a textbook example of a chained cyberattack, where one small compromise enables full-scale enterprise exposure.⸻🌎 Scope of the ImpactThe breach affects multiple U.S. states and programs, including:•Texas (~15.4 million impacted)•Oregon (~10.5 million impacted)•Delaware•Massachusetts•New Hampshire•Georgia•South Carolina•New Jersey•Maine•New MexicoPrograms potentially affected:•Medicaid•SNAP / EBT food assistance•Unemployment benefits•Health insurance processing (including Blue Cross Blue Shield and Humana)•Corporate employee benefit programsAdditionally, approximately 17,000 Volvo Group North America employees may have been impacted.⸻⚠ Why This Matters for Enterprise ITThis is not “just” a public-sector breach.Many private companies rely on Conduent for backend benefits processing. If your organization uses:•Blue Cross Blue Shield•Humana•Third-party HR / benefits processorsYou must immediately:•Contact your HR and benefits teams•Request incident briefings from vendors•Determine if employee data was exposed•Prepare remediation and communication plans⸻🔐 Security Lessons•Credential compromise remains a primary entry point•Lateral movement amplifies initial footholds•Ransomware groups continue combining encryption with large-scale data exfiltration•Transparency and timely disclosure are criticalConduent acknowledged the breach, engaged forensic investigators, and notified impacted parties — a necessary and responsible response.⸻💬 Listener FeedbackThe episode also includes feedback from Kevin regarding last week’s Apple iOS 26 patch discussion. While some users hesitate to upgrade due to UI and stability concerns, security patches addressing critical vulnerabilities must take priority.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt unpack three stories that expose the real friction points in enterprise IT: AI ethics in defense contracts, looming hardware shortages, and data governance risks in Microsoft Copilot.Anthropic and the Pentagon clash over Claude’s military use, Western Digital reports zero remaining HDD capacity for 2026, and Microsoft confirms a Copilot bug that summarized confidential emails. From supply chain strategy to SaaS risk management, this episode highlights why enterprise IT leaders must think beyond features and focus on contracts, capacity, and control.⸻⏱️ Show Notes00:00 – IntroHard drive shortages, AI contract battles, and Copilot privacy concerns headline a week that reinforces one theme: control over infrastructure and software matters more than ever.⸻📰 News Bytes00:46 – Anthropic and the Pentagon Are Reportedly Arguing Over Claude UsageAnthropic pushes back against unrestricted military use of Claude AI, raising ethical, contractual, and operational questions. The Pentagon may reconsider its $200M relationship, exposing a major risk for organizations deploying AI: what happens when vendor policies change after integration?https://techcrunch.com/2026/02/15/anthropic-and-the-pentagon-are-reportedly-arguing-over-claude-usage/ ⸻07:19 – Western Digital Has No More HDD Capacity Left for 2026Western Digital reports its entire 2026 hard drive production is already spoken for. Similar signals from Seagate suggest storage pricing pressure is imminent. The hosts explain why this isn’t just about spinning disks—it’s about AI data center demand driving up costs across RAM, SSDs, GPUs, and enterprise hardware.https://wccftech.com/western-digital-has-no-more-hdd-capacity-left-out/ ⸻12:06 – Microsoft Says Bug Causes Copilot to Summarize Confidential EmailsMicrosoft confirms a Copilot bug that processed confidential emails stored in drafts and sent folders, despite policy settings meant to block them. Although no data reportedly left the organization, the incident underscores governance, SaaS dependency, and AI access-control risks enterprises must plan for.https://www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-causes-copilot-to-summarize-confidential-emails/ ⸻🔁 Wrap Up16:42 – Mail BagListener Dennis drops a Back to the Future “jigawatt” reference, and Xavier reinforces the importance of AI security hygiene and fine-grained permission management.17:52 – Wrap UpFinal thoughts on vendor lock-in, AI policy control, supply chain modeling, and why IT leaders need stronger collaboration with finance and legal teams.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt examine a critical Apple security vulnerability patched in iOS, iPadOS, macOS, watchOS, tvOS, and visionOS 26.3.The focus: CVE-2026-20700, a memory corruption flaw in Apple’s dynamic link layer that could allow attackers to break out of the sandbox and achieve remote code execution (RCE).Although exploitation requires physical access, the definition of “physical” in today’s hybrid enterprise world is broader than it sounds. Remote management tools, compromised accounts, lost devices, or improperly secured BYOD endpoints can all create real-world exposure.With Apple’s unified “26” operating system line now spanning every platform, this patch affects:•iOS 26.3•iPadOS 26.3•macOS 26.3•watchOS 26.3•tvOS 26.3•visionOS 26.3Security researchers are classifying this vulnerability as critical/high severity, and enterprises are urged to patch immediately.⸻🔎 CVE-2026-20700 Details•Type: Memory corruption•Impact: Sandbox escape → Remote Code Execution•Exploit Path: Physical or logical device access•Risk Level: High/Critical (no official CVSS published)•Fix: Upgrade to Apple OS version 26.3⸻⚠ Why This Matters for Enterprise IT1️⃣ BYOD Risk SurfaceBring-Your-Own-Device policies mean iPhones, iPads, and Macs often connect to corporate networks without full administrative control. A vulnerable device on your network increases lateral movement risk.2️⃣ Physical Access Isn’t Just “Someone in the Room”Remote tools, compromised Apple IDs, or stolen devices expand the meaning of physical access.3️⃣ Upgrade Hesitation Is RealApple’s 26 release introduced major UI changes (including the controversial glass interface). Stability concerns have led some users to delay upgrades — increasing exposure time.Security must outweigh aesthetic or usability concerns.⸻🛠 Enterprise Recommendations•Immediately communicate required upgrade to 26.3•Enforce OS minimum versions where possible•Review BYOD policies and mobile device controls•Audit Apple device access on corporate networks•Educate users about lost/stolen device risk⸻💬 Listener FeedbackThe episode also includes commentary from Chris, a general counsel and chief risk officer, who responded to last week’s Notepad RCE discussion. He raises an important point about expanding application functionality increasing attack surface — a lesson that applies here as well.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down a week where enterprise IT collided with energy policy, nuclear power, and outer space. UniFi Network 10.1 pushes further into enterprise territory with improved scalability and Wi-Fi visibility. Meanwhile, the White House explores voluntary agreements to manage rising energy costs from AI data centers.Then things escalate: hyperscalers begin signing real contracts for next-generation nuclear power, and Elon Musk gets serious about orbital data centers—suggesting that the future of compute may extend beyond the planet. If you’re tracking AI infrastructure, network evolution, and the power constraints shaping the industry, this episode connects the dots.⸻⏱️ Show Notes00:00 – IntroJohn and Lou preview a week dominated by UniFi upgrades, federal energy discussions, nuclear power tipping points, and serious momentum toward data centers in space.⸻📰 News Bytes00:44 – UniFi Network 10.1Ubiquiti releases UniFi Network 10.1 with major stability and scalability improvements, Wi-Fi Doctor diagnostics, UI refinements, enhanced policy visibility, and optimizations for Wi-Fi 7 and multi-gig deployments. The hosts discuss why UniFi continues its march toward true enterprise credibility while remaining accessible for SMB and prosumer environments.https://blog.ui.com/article/introducing-unifi-network-10-1 ⸻05:13 – White House Eyes Data Center Agreements Amid Energy Price SpikesAs AI data center expansion drives regional energy price pressure, the White House explores voluntary agreements with major tech companies to shift infrastructure costs away from consumers. The conversation explores the economics of AI growth, the inevitability of nuclear power, and whether energy becomes the defining constraint of the AI race.https://www.politico.com/news/2026/02/09/trump-administration-eyes-data-center-agreements-amid-energy-price-spikes-00772024 ⸻09:02 – Next-Gen Nuclear’s Tipping Point: Meta and Hyperscalers Sign DealsMeta and other hyperscalers begin signing legally binding agreements with next-generation nuclear companies like TerraPower and Oklo. John and Lou explain why signed contracts—not press releases—mark the true tipping point for small modular reactors powering AI infrastructure.https://www.aol.com/articles/next-gen-nuclear-tipping-point-214209248.html ⸻11:34 – Elon Musk Gets Serious About Orbital Data CentersFollowing strategic moves linking xAI and SpaceX, Musk pivots attention toward orbital and lunar infrastructure. The hosts unpack the logic behind space-based data centers, cooling challenges, Starlink integration, and why the economics may be less crazy than they first appear.https://techcrunch.com/2026/02/05/elon-musk-is-getting-serious-about-orbital-data-centers/ ⸻🔁 Wrap Up18:59 – Mail BagListener Jonah questions whether massive AI infrastructure financing signals a bubble. John and Lou explain why AI demand is currently compute-constrained—not hype-driven—and why any financial correction would look very different from the dot-com era.21:52 – Wrap UpFinal thoughts on nuclear inevitability, orbital infrastructure, and the reality that energy—not chips—may define the next decade of enterprise IT.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a shocking vulnerability: CVE-2026-2841, a Remote Code Execution (RCE) flaw in the modern Windows 11 Notepad application distributed via the Microsoft Store.Yes — even Notepad isn’t safe anymore.This vulnerability stems from a command injection flaw in the modern Windows 11 Store version of Notepad (11.x prior to patch). The issue allows malicious .md (Markdown) files containing crafted links or interactive content to execute arbitrary code when opened and clicked by a user.With a CVSS score of 8.8, this vulnerability becomes especially dangerous when chained with other exploits.⸻🔎 What You Need to KnowCVE-2026-2841 – Windows Notepad RCE•Affects: Windows 11 modern Notepad (Microsoft Store version 11.x prior to Patch Tuesday update)•Does NOT affect: Legacy Notepad on Windows 10, Windows 7, or classic versions•Attack Vector: Malicious .md file delivered via phishing•Trigger: User opens file and clicks embedded link•Impact: Remote Code Execution with user-level permissions•Severity: CVSS 8.8 (High)⸻⚠ Why This Matters•Perfect phishing vehicle: malicious Markdown attachment•Executes arbitrary code under the user’s permissions•Ideal for lateral movement in enterprise environments•Dangerous when combined with other exploits•Many organizations delay Patch Tuesday updates — this one should NOT wait⸻🛠 Mitigation & Recommendations•Immediately update Notepad via Microsoft Store•Audit Windows 11 endpoints for modern Notepad version•Train users to avoid opening unknown .md attachments•Consider simpler text editors for baseline editing tasks•Evaluate enterprise endpoint protection against command injection vectors⸻💻 Alternative Editors (With Security Awareness)John and Lou discuss safer editing alternatives including:•Notepad++•Visual Studio Code / Codeium•Sublime Text•Atom•Vim / NeoVim / Emacs•JetBrains IDEsReminder: More features = more attack surface.⸻💬 Wrap UpJohn and Lou also respond to listener feedback from Andrew regarding their recent OpenClaw security discussion. They clarify their stance:•They are not anti-AI.•They are pro-security.•Bleeding-edge tech requires controlled rollout and sandboxing.•Enterprises must protect privileged data access.Security-first thinking is not fear — it’s responsible IT leadership.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger and Lou Schmidt explore three stories reshaping enterprise IT strategy. From a quantum cooling breakthrough that could accelerate real-world quantum computing, to Oracle’s plan to raise $50 billion for AI cloud infrastructure, the episode highlights how fast the AI arms race is escalating.They also break down why the AI boom is starting to squeeze Apple’s famously strong profit margins—and what that means for device pricing, silicon supply, and enterprise IT budgets. If you care about where compute, power, and economics collide, this episode connects the dots.📌 Show Notes00:00 – IntroJohn and Lou kick off the episode with a look at why quantum cooling breakthroughs, massive AI cloud investments, and chip supply pressure on Apple all point to accelerating change across enterprise IT.⸻📰 News Bytes00:55 – Chalmers University Makes Quantum CoolResearchers at Chalmers University of Technology unveil a breakthrough quantum refrigeration method that uses controlled noise to improve cooling near absolute zero. The discussion explores why advances like this could rapidly reduce the cost and complexity of quantum computing and push it closer to real enterprise use cases.https://www.sciencedaily.com/releases/2026/01/260129080418.htm ⸻06:10 – Oracle Raising Up to $50B for AI CloudOracle plans to raise up to $50 billion to expand AI-focused cloud data centers as part of Project Stargate. John and Lou unpack why Oracle’s existing enterprise relationships give it a unique advantage—and why power and compute, not demand, may become the real limiting factors for AI growth.https://www.techrepublic.com/article/news-oracle-50b-ai-cloud/ ⸻10:28 – The AI Boom Is Coming for Apple’s Profit MarginsThe surge in AI-driven chip demand is putting pressure on Apple’s historically strong margins. As TSMC capacity is increasingly consumed by Nvidia, OpenAI, and hyperscalers, the hosts break down why Apple may face higher silicon costs—and what that means for device pricing, IT refresh cycles, and enterprise procurement.https://www.msn.com/en-us/money/technology/the-ai-boom-is-coming-for-apple-s-profit-margins/ar-AA1VpgpA ⸻🔁 Wrap Up17:11 – Mail BagListener feedback sparks a nuanced discussion on hybrid work, mandatory office policies, and why management capability—not location—is often the real issue.21:24 – Wrap UpFinal thoughts on quantum acceleration, AI infrastructure economics, and why IT leaders need to prepare for rising hardware costs and longer planning horizons.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

Agentic AI systems like OpenClaw represent the future of automation, productivity, and intelligent workflows — but today, they also represent a serious and underappreciated enterprise security risk.In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down why running OpenClaw (and related platforms like MoltBook) on corporate hardware or with access to enterprise data is dangerous right now, even if the long-term vision is compelling.The discussion centers on three types of OpenClaw users:1.Sandbox Experimenters – Users running OpenClaw in isolated labs or test environments with no access to corporate data.2.Dedicated VM / Hardware Users – Users running OpenClaw separately, but still granting it access to cloud services, email, or internal APIs.3.Daily Driver Users – Users installing OpenClaw directly on work PCs and giving it full access to files, email, chat, and automation tools.John and Lou argue that only the first group is safe today.Groups #2 and #3 dramatically expand the attack surface, introducing risks such as credential exfiltration, indirect prompt injection, data leakage, and supply-chain style compromises via third-party “skills.”The episode uses a “bio hotcell” analogy: OpenClaw can be used safely only when isolated, constrained, monitored, and treated as potentially hazardous. Without those controls, it becomes a silent data-exfiltration engine operating entirely inside allowed enterprise workflows.The takeaway for IT leaders is clear:HR and IT must act together now to define policies that prohibit OpenClaw and MoltBook from running on corporate devices or accessing corporate data until proper governance, tooling, and security controls exist.⸻🔚 Wrap Up & LinksFollow and connect with us:IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down three stories that reveal how enterprise IT is being reshaped by workforce realities, infrastructure constraints, and custom silicon. From mounting evidence that work-from-office mandates are driving top talent out the door, to a Los Angeles startup using SpaceX rocket technology to cool data centers without water, to Microsoft unveiling a massive new AI inference chip designed to scale efficiently.The discussion connects culture, power, cooling, and compute—showing why AI growth isn’t just about models and GPUs, but about solving the physical and human constraints that come with them. If you’re responsible for enterprise IT strategy, infrastructure planning, or talent retention, this episode delivers context you won’t get from headlines alone.⸻⏱️ Show Notes00:00 – IntroJohn and Lou preview a packed episode covering remote-work backlash, radical new data-center cooling approaches, and Microsoft’s latest move to control its AI destiny with custom silicon.⸻📰 News Bytes01:00 – Work-From-Office Mandate? Expect Top Talent Turnover and Culture RotNew research highlighted by CIO Magazine shows that strict return-to-office mandates are driving increased attrition among top performers, longer hiring cycles, and declining trust. John and Lou unpack why “butts-in-seats” metrics fail modern organizations and how poor remote-management skills—not productivity—are often the real problem.https://www.cio.com/article/4119562/work-from-office-mandate-expect-top-talent-turnover-culture-rot.html ⸻08:14 – L.A. Startup Uses SpaceX Tech to Cool Data Centers With Less Power and No WaterAn LA-based startup is applying SpaceX rocket turbopump technology and supercritical CO₂ to dramatically reduce data-center cooling power, footprint, and water usage. The hosts explain why cooling—not chips—is becoming one of the biggest bottlenecks in AI expansion and how innovations like this could unlock sustainable growth.https://finance.yahoo.com/news/l-startup-uses-spacex-tech-175628363.html⸻14:11 – Microsoft Announces a Powerful New Chip for AI InferenceMicrosoft unveils the Maia 200, a custom AI inference accelerator built on TSMC’s 3-nm process with 100 billion transistors. John and Lou break down why inference-optimized chips matter, how this fits into a broader trend of hyperscalers building custom silicon, and why efficiency per watt is becoming the defining metric for AI at scale.https://techcrunch.com/2026/01/26/microsoft-announces-powerful-new-chip-for-ai-inference/⸻🔁 Wrap Up19:49 – Mail BagListener feedback revisits classic operating systems, early AI roots, and why distributed computing concepts from decades ago are suddenly relevant again.22:47 – Wrap UpJohn and Lou close by emphasizing that AI’s future depends on solving power, cooling, and organizational challenges—not just shipping faster chips.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break format to examine two high-impact security and privacy stories that every enterprise IT and security leader should be paying attention to.First, we dive into a new lawsuit alleging that Meta can access or infer WhatsApp message contents, despite years of public claims that WhatsApp is fully end-to-end encrypted. We unpack what “access” really means in modern encrypted messaging systems, including metadata, client-side processing, backups, and enterprise risk implications—especially for organizations using WhatsApp for daily business communications.https://www.bloomberg.com/news/articles/2026-01-25/lawsuit-claims-meta-can-see-whatsapp-chats-in-breach-of-privacyNext, we examine a major data exposure involving Chat & Ask AI, a popular AI chatbot aggregator with tens of millions of users. Due to a backend Firebase misconfiguration, hundreds of millions of private conversations—including highly sensitive topics—were left publicly accessible. This incident highlights the growing risk of Shadow AI inside enterprises and the dangers of third-party AI wrappers that lack enterprise-grade security controls.https://www.404media.co/massive-ai-chat-app-leaked-millions-of-users-private-conversations/The episode closes with listener feedback on a previously covered UniFi Access vulnerability and a broader discussion on how organizations should educate, monitor, and protect users without resorting to blunt enforcement. Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt dig into three stories that highlight how enterprise IT is quietly—but fundamentally—restructuring itself. From executives questioning the long-term future of traditional ERP systems, to Ubiquiti introducing a new orchestration-driven take on network fabrics, to a grounded discussion on whether the AI bubble is real and why OpenAI may be far less fragile than critics assume.The conversation connects enterprise software evolution, network architecture at scale, and the hard economic realities of AI infrastructure—especially power and compute. If you’re responsible for enterprise platforms, networking strategy, or long-term IT planning, this episode provides context that goes beyond the headlines.⸻⏱️ Show Notes00:00 – IntroJohn and Lou preview the episode, touching on ERP’s looming transformation, UniFi’s new Fabric approach, and why AI demand—especially at OpenAI—is driven by hard infrastructure realities, not hype.⸻📰 News Bytes00:48 – ERP Isn’t Dead Yet – But Most Execs Are Planning the WakeA survey of more than 4,300 executives shows growing skepticism about ERP’s long-term dominance, even as most organizations remain satisfied with current systems. John and Lou explain why AI-driven, modular, and agentic ERP models are likely evolutions—not rip-and-replace events—and what enterprise IT teams should be doing now to prepare.https://www.theregister.com/2026/01/19/erp_survey_rimini_street/ ⸻06:28 – Ubiquiti Introduces UniFi FabricUbiquiti unveils UniFi Fabric, a centralized orchestration layer designed to manage policies, identity-based networking, Zero Trust, and multi-site environments without cloud licensing. The discussion compares UniFi’s approach to traditional network fabrics like VXLAN and SPBM, highlighting why this controller-first model could appeal to MSPs and mid-sized enterprises.https://blog.ui.com/article/introducing-unifi-fabrics ⸻14:14 – AI Bubble? Maybe. OpenAI Risk? Not Anytime Soon.John breaks down why OpenAI’s revenue growth is directly tied to available compute capacity, not speculative demand. Using concrete megawatt, gigawatt, and ARR figures, the hosts explain why AI may see valuation corrections—but why companies like OpenAI, NVIDIA, and Anthropic are unlikely to disappear.https://openai.com/index/a-business-that-scales-with-the-value-of-intelligence/ ⸻🔁 Wrap Up24:16 – Mail BagListener feedback reinforces the growing link between AI growth and power infrastructure, with discussion around electrical safety, regulation, and why energy expertise may be one of the most valuable skills in the coming decade.27:39 – Wrap UpJohn and Lou close with a reminder that enterprise IT leaders will increasingly be asked to validate power, nuclear, and infrastructure decisions at the executive level—and that staying informed now is critical.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break from the traditional single-CVE format to examine VoidLink, a newly discovered Linux malware framework that represents a major shift in how cyberattacks may be built and executed going forward.Rather than focusing on one vulnerability, VoidLink is designed to chain together many smaller flaws across Linux, containers, and cloud platforms like AWS, Azure, GCP, Docker, and Kubernetes—creating a stealthy, long-term access platform. Researchers believe VoidLink was developed rapidly using AI assistants, offering a rare look at how next-generation malware may be authored, iterated, and deployed. This episode explains why VoidLink matters, how defenders should think about chained exploits, and why this may be an early warning sign for the future of cloud and container security.⸻Show Notes (Podcast)Episode OverviewThis week’s CVE of the Week focuses on VoidLink, a newly identified Linux malware framework designed for persistence, stealth, and modular exploitation across cloud and container environments. While not a single CVE, VoidLink highlights how attackers are moving toward framework-driven, AI-assisted exploit chaining rather than isolated vulnerabilities.Key Topics Covered•What VoidLink is and why it’s different from traditional malware•How chaining low-severity vulnerabilities can result in full compromise•Targeted environments: Linux, Docker, Kubernetes, AWS, Azure, and GCP•Use of loaders, implants, evasion techniques, and modular plugins•Evidence suggesting AI-assisted development with rapid iteration•Why this gives defenders a rare opportunity to observe a threat early in its lifecycle•The implications for cloud security, container hardening, and future CVEsWhy This MattersVoidLink represents a shift from one-off exploits to malware platforms—essentially an “IDE for hacking.” Understanding how these frameworks are built and how they operate is critical for anticipating future attacks and improving detection strategies before they become widespread.⸻Listener Feedback HighlightWe’d like to give a shout-out to Nihal for his thoughtful LinkedIn comment on our earlier Top 10 Operating System Failures episode—specifically his hot take defending Windows ME and critiquing Windows XP’s compatibility break. We love informed debate like this and appreciate listeners who challenge conventional wisdom.⸻Wrap-Up & Social LinksThat wraps up this episode of IT SPARC Cast – CVE of the Week. We couldn’t do this without listeners like you.Did we miss something? Do you have a topic you want us to cover?Send feedback to [email protected] or reach out on social.IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down a week of moves that signal where enterprise AI, cloud platforms, and data center infrastructure are really headed. From Apple officially leaning on Google to power its AI ambitions, to Microsoft giving IT admins the ability to remove Copilot, this episode highlights growing tension between vendor momentum and enterprise control.They also explore Google’s push to standardize AI-driven commerce through agent protocols and why Meta locking down more than 6 GW of nuclear power may be the clearest sign yet that energy—not silicon—is becoming the limiting factor for AI at scale. If you’re tracking AI strategy, platform lock-in, and the future of data centers, this episode connects the dots.📌 Show Notes00:00 – IntroThis week on IT SPARC Cast, John Barger and Lou Schmidt break down a week dominated by AI power shifts, enterprise pushback, and the growing reality that energy—not compute—may be the biggest constraint on AI’s future.📰 News Bytes00:52 – It’s Official: Apple Going with Google for AIApple confirms it will rely on Google’s Gemini models to power the next generation of Siri and Apple Intelligence. John and Lou discuss what this says about Apple’s AI strategy, the risks of deep vendor lock-in, and whether Apple can realistically switch models later without breaking workflows.https://techcrunch.com/2026/01/12/googles-gemini-to-power-apples-ai-features-like-siri/05:44 – Microsoft to Allow IT Admins to Uninstall CopilotMicrosoft is testing new Windows policies that allow enterprise IT teams to remove the consumer Copilot app from managed devices. The conversation explores enterprise data governance, Intune controls, and why this signals a broader shift toward AI choice rather than forced adoption.https://www.bleepingcomputer.com/news/microsoft/microsoft-may-soon-allow-it-admins-to-uninstall-copilot-on-managed-devices/09:46 – Google Announces a New Protocol for AI-Driven CommerceGoogle introduces the Universal Commerce Protocol (UCP), an open standard designed to let AI agents handle shopping, payments, and transactions across retailers. With backing from major brands and payment networks, John and Lou unpack why agent-driven commerce may become one of AI’s first truly mainstream use cases.https://techcrunch.com/2026/01/11/google-announces-a-new-protocol-to-facilitate-commerce-using-ai-agents/12:47 – Meta Signs Nuclear Power Deals for AI Data CentersMeta secures long-term nuclear power contracts totaling more than 6 GW to fuel its AI infrastructure. The discussion focuses on why power—not chips—is becoming the true bottleneck for AI expansion and why nuclear energy is rapidly moving from “controversial” to “necessary.”https://techcrunch.com/2026/01/09/meta-signs-deals-with-three-nuclear-companies-for-6-plus-gw-of-power/🔚 Wrap Up16:49 – Mail BagListener feedback revisits cross-platform AI agents, Apple’s closed ecosystem, and whether enterprises can afford to exclude Mac users as agentic AI becomes more central to daily workflows.18:53 – Wrap UpJohn and Lou close the episode by reinforcing a key theme: AI’s future will be defined as much by energy, policy, and interoperability as by model performance. Hosted on Acast. See acast.com/privacy for more information.

This week on IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down CVE-2025-20393, a CVSS 10.0 zero-day vulnerability affecting Cisco Secure Email Gateway (SEG) and related AsyncOS-based email security products.The flaw is actively exploited in the wild, remains unpatched, and—ironically—uses the spam filtering engine itself as the attack vector. With no user interaction required and evidence of nation-state activity, this vulnerability represents a worst-case scenario for organizations relying on Cisco’s email security stack.If you run Cisco Secure Email Gateway or Email Security Appliances, this is an emergency-level issue that demands immediate attention.⸻📌 Show Notes🚨 CVE of the Week: CVE-2025-20393•Severity: CVSS 10.0 (Critical)•Status: Actively exploited, no patch available•Vendor: Cisco🎯 Affected Products•Cisco Secure Email Gateway (SEG)•Cisco Email Security Appliance (ESA)•Cisco Secure Email and Web Manager (SEWM)•All affected systems run Cisco AsyncOS🔓 How the Exploit Works•Attackers deliver a specially crafted email that is processed before a spam verdict is reached•The payload is executed during email parsing, attachment handling, or content inspection•No user interaction required•The malicious email never needs to reach an inbox💥 Real-World Impact•Full remote code execution on the email gateway•Email interception and exfiltration (espionage risk)•Persistent access for follow-on attacks•Credential harvesting and downstream phishing using trusted infrastructure•Log wiping, making detection extremely difficult🌍 Threat Activity•Exploits observed as early as November 2025•Linked to Chinese state-aligned actors•Tracked under UAT-9686, associated with groups such as APT41 and UNC5174•Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog🛡️ Mitigation Guidance (No Patch Available)•Immediately restrict and segment management interfaces•Tighten ACLs and allow lists•Treat SEG as Tier-Zero-adjacent infrastructure•If compromise is suspected: full system rebuild required•Assume persistence due to log tampering🧠 Commentary•The exploit weaponizes the very system designed to stop malicious email•Lack of a patch from a vendor of Cisco’s size raises serious concerns•For some organizations, this may prompt reevaluation of email security platforms altogether⸻🔚 Wrap-Up & Listener FeedbackWe want to thank listeners who continue to engage with the show and help shape the conversation:•GFABasic32 wrote:“Thanks for the emergency update on n8n. I love the balance of technical deep dives and high-level strategy. You guys make keeping up with CVEs actually entertaining.”•Dennis added:“I love the CVE of the Week. These episodes are like exposure therapy.”That’s exactly the goal—helping you face what’s happening in security so you can respond, not react.Have thoughts on this CVE or want us to cover another one? Reach out.⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

CES may be a consumer show, but this week it sent shockwaves through enterprise IT. In this episode of IT SPARC Cast – News Bytes, John Barger and Lou Schmidt break down why nearly every major chip vendor chose CES to unveil next-generation CPUs, what Lenovo’s new agentic AI strategy means for IT teams, and why Microsoft embedding Copilot deep into Windows could fundamentally change how operating systems work.From Intel’s attempt at a comeback, to AMD and Qualcomm’s positioning against NVIDIA, to growing concerns about trust, security, and AI agents living inside your OS, this episode separates meaningful signals from CES noise—and explains why power efficiency, autonomy, and control are becoming the real battlegrounds.⸻⏱️ Show Notes00:00 – IntroJohn and Lou frame CES as the unexpected epicenter of enterprise IT announcements, explaining why CPUs, AI, and robotics dominated the show—and why IT teams should care.⸻📰 News Bytes00:54 – New CPUs AnnouncedCES saw major CPU launches from Intel, AMD, Qualcomm, and NVIDIA—signaling a shift toward mainstream AI hardware announcements. Intel launched Panther Lake, AMD expanded Ryzen AI, Qualcomm pushed Snapdragon X2 for AI agents, and NVIDIA moved Rubin into full production.⸻09:45 – Lenovo’s New AI AgentLenovo unveiled Qira, an agentic AI designed to work across PCs, phones, wearables, and enterprise systems alongside Microsoft Copilot. The move highlights a growing push toward cross-device AI coordination—and raises questions about Apple’s closed ecosystem.⸻12:40 – Microsoft Integrates Copilot Deep into WindowsMicrosoft is embedding AI agent launchers directly into Windows, allowing third-party applications to register system-wide AI agents. While this may keep operating systems relevant, it introduces serious trust and security concerns around deep OS-level access.https://blogs.windows.com/windows-insider/2025/12/19/announcing-windows-11-insider-preview-build-26220-7522-dev-beta-channels/⸻🔁 Wrap Up19:03 – Mail BagListener feedback sparks a discussion on cloud outages, cost structures, and whether on-prem alternatives are becoming viable again for certain businesses.22:15 – Wrap UpJohn and Lou emphasize that resilience in the cloud is still possible—but only if organizations are willing to pay for it—and invite listeners to share what CES announcements stood out to them.IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

In the first regular IT SPARC Cast - CVE of the Week episode of 2026, John & Lou dive into a critical, actively exploitable vulnerability shaking the automation world. CVE-2026-21858—dubbed Ni8mare—targets the popular workflow automation platform n8n, earning a full CVSS 10.0 due to unauthenticated remote code execution.They break down how a content-type confusion bug inside n8n’s webhook processing engine allows attackers to fully compromise systems, why automation platforms are uniquely dangerous when breached, and what this means for enterprises running self-hosted or lightly governed internal tooling. The episode also highlights listener feedback and calls out a community-built React security tool worth checking out.⸻Show NotesCVE of the Week: n8n “Ni8mare” (CVE-2026-21858)•What is n8n?An open-source, self-hosted workflow automation platform similar to Zapier or Make, widely used in enterprise and regulated environments for visual API-driven automation.•Severity & ScopeCVE-2026-21858 carries a CVSS 10.0, joining multiple recent n8n vulnerabilities rated 9.9–10.0. n8n has over 200,000 deployments across cloud and on-prem environments.•Technical Root CauseA content-type confusion flaw in webhook form-data handling allows attackers to bypass file validation and execute arbitrary code.•Why This Is DangerousWorkflow engines often touch identity systems, APIs, credentials, and business logic—making them high-value targets with blast radii far beyond a single server.•Enterprise TakeawayShadow IT, internally built automation, and lightly governed enablement tools must be continuously audited. Patch known systems—and actively hunt for unknown ones.https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.htmlListener HighlightDennis called out the Ingram Micro ransomware outage, noting that he hadn’t realized just how disruptive that incident was. And he’s absolutely right—Ingram Micro going offline for roughly 9–10 days created a nightmare scenario for VARs, system integrators, and build shops that rely on Ingram for ordering, RMAs, and emergency drop-ship replacements.To put the scale in perspective, Ingram Micro processes an estimated $30–40 million per day in transactions. Even if some revenue was recovered later, the operational disruption, reputational damage, and downstream impact across the supply chain were massive. This is exactly why incidents like this belong in the conversation when we talk about real-world IT security failures.Thanks for the thoughtful comment, Dennis—we genuinely appreciate the feedback and the conversation it sparked.Wrap Up & Community EngagementThis episode reinforces a core theme: automation without security oversight becomes an enterprise liability. IT teams must partner with business units—not just say “no”—while enforcing continuous audits and rapid patching.Follow & ConnectIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

In this special predictions episode of IT SPARC Cast – News Bytes, John Barger and Lou Schmidt kick off 2026 by trading bold, unfiltered forecasts for enterprise IT, AI, cloud, energy, and geopolitics. With five predictions each—and no prior coordination—they round-robin through what they believe will define the next year in technology.From the deflation of the AI hype cycle and Apple’s inevitable AI acquisition, to quantum computing entering nation-state playbooks, nuclear power reshaping data centers, and lawsuits finally challenging cloud provider accountability, this episode puts both hosts on the record. At the end of the year, they’ll revisit every prediction and grade themselves—so these takes are meant to age in public.⸻⏱️ Show Notes00:00 – IntroJohn and Lou explain the format: ten total predictions for 2026, five each, shared live without coordination—and revisited at the end of the year for accountability.⸻🔮 2026 Predictions01:09 – Lou: The AI Bubble DeflatesAI investment cools as rationalization sets in—money keeps flowing, but weaker players and inflated expectations begin to fall away instead of a full collapse.01:29 – John: Apple Acquires an AI / LLM CompanyApple makes a major AI acquisition to avoid long-term dependence on competitors’ models and regain control over its AI strategy.02:53 – Lou: AI Starts to Get Really UsefulAI shifts from hype to practical value, quietly improving everyday workflows and real-world systems rather than flashy demos.04:11 – John: Nation States Use Quantum ComputingEvidence emerges that a nation-state is actively using quantum computing for espionage or cyber operations, even if never formally acknowledged.04:45 – Lou: AI Sneaks Into Places We Never ExpectedAI embeds itself into overlooked products and environments—especially AR, wearables, and location-aware systems—delivering small but meaningful gains.05:50 – John: Negative Reaction to OpenAI HardwareOpenAI’s hardware announcement is initially panned by the press and competitors, only to be vindicated later as its purpose becomes clear.  06:51 – Lou: Power Gets Real for Data CentersEnergy—not chips—becomes the primary constraint for cloud and enterprise infrastructure, forcing new generation strategies into production.08:00 – John: Small Modular Nuclear Reactors Explode (In a Good Way)SMRs rapidly gain funding, deployments, and valuations as they become the only scalable answer to data center power demand.08:36 – Lou: The Privacy Environment Gets WeirdGeopolitics, AI agents, and shifting borders create inconsistent and unpredictable privacy regimes across regions.10:11 – John: Lawsuits Over Cloud OutagesMajor lawsuits—possibly class actions—emerge after cloud outages cause real-world harm, forcing legal accountability for uptime failures.⸻🔁 Wrap Up11:58 – Wrap UpJohn and Lou invite listeners to submit their own 2026 predictions and commit to revisiting all forecasts at year’s end to see who was right.IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

n this special CVE Year in Review episode of IT SPARC Cast, John Barger and Lou Schmidt break from the usual single-CVE format to count down the five worst IT security failures of 2025.From long-lived remote code execution flaws in enterprise networking gear, to a ransomware attack that shut down a global distributor, to systemic cloud outages that shattered the concept of “five nines” availability, this episode looks at what really went wrong—and why it matters heading into 2026.These weren’t theoretical risks. They were real-world failures that disrupted supply chains, exposed critical infrastructure, and forced the industry to rethink assumptions about resilience, cloud reliability, and operational security.⸻📋 Show Notes🔥 Top 5 IT Security Fails of 202501:39 - #5 – Ruckus NetworksRuckus suffered from multiple long-lived remote code execution and authentication bypass vulnerabilities that persisted across 2024 and 2025. Impacted products included SmartZone, ZoneDirector, Cloudpath, and ICX switch management interfaces. Several flaws allowed unauthenticated access to management planes, enabling attackers to take over wireless controllers, push malicious firmware, and pivot deeper into enterprise networks. The lack of timely patches and limited communication made remediation especially painful for customers.04:32 - #4 – Ingram MicroA ransomware attack forced one of the world’s largest technology distributors to effectively shut down operations for days. Ordering systems went offline, patch access was disrupted, and thousands of downstream partners and customers were impacted. While it remains unclear whether ransom was paid, the incident highlighted how a single distributor outage can cascade across the IT supply chain, delaying hardware replacements, breaking SLAs, and costing millions in lost revenue.07:21 - #3 – SAP NetWeaverCVE-2025-31324 exposed a critical unauthenticated remote code execution flaw in SAP NetWeaver’s Visual Composer. Actively exploited in the wild before many organizations were aware of its existence, the vulnerability gave attackers potential access to finance, HR, procurement, and supply-chain data. For enterprises running SAP at the core of operations, successful exploitation meant full application takeover and deep visibility into business processes.10:26 - #2 – ReactA severe remote code execution issue in React sent shockwaves through the software ecosystem. With an estimated one-third of cloud applications depending on React, attackers were able to chain exploits involving dependency poisoning, build pipeline compromise, and even client-side execution. While patches were released quickly, the sheer scale of affected deployments meant many systems remained vulnerable well after disclosure—and some still are.12:23 - #1 – Cloud Outages2025 marked the year that “five nines” effectively died. Major outages across AWS, Microsoft Azure, Google Cloud, Microsoft 365, and IBM Cloud caused multi-hour disruptions affecting identity systems, collaboration tools, healthcare platforms, and public-safety infrastructure. Many incidents were caused not by attackers, but by control plane failures, DNS issues, NTP misconfigurations, and cascading dependencies. The result: billions in estimated financial impact and renewed concern over life-critical workloads running entirely in the cloud.Watch Cloud SLA Theater: Why 99.999% Uptime Is a Joke in 2025 - https://www.youtube.com/watch?v=ygcYoFBXdjQ⸻17:19 - Wrap UpIf you think we missed a major security failure—or disagree with our rankings—we want to hear from you. Reach out, leave a comment, or send us feedback. Your insights often shape future episodes.🔗 Connect With UsIT SPARC CastX: @ITSPARCCastLinkedIn: https://www.linkedin.com/company/sparc-sales/John BargerX: @john_VideoLinkedIn: https://www.linkedin.com/in/johnbarger/Lou SchmidtX: @loudoggeekLinkedIn: https://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

This week on IT SPARC Cast, John Barger and Lou Schmidt break down three stories shaping the future of enterprise IT—from continued AI spending despite questionable ROI, to radically new approaches to long-term data storage, and a major consolidation in the online learning market.⸻📰 News Bytes00:46 – CEOs Keep Spending on AI Despite Spotty ReturnsDespite mixed financial outcomes, a growing number of CEOs plan to increase AI investment through 2026, viewing AI as strategically unavoidable rather than immediately profitable.Key discussion points:•Fewer than half of current AI projects are delivering clear ROI•Strong gains in sales, marketing, customer service, and developer productivity•Weak performance in regulated, high-risk areas like legal, HR, compliance, and cybersecurity•Layoffs blamed on AI may result in long-term operational backlashThe hosts argue that AI should augment human expertise, not prematurely replace it—and warn against betting the company on incomplete automation strategies.https://www.msn.com/en-us/technology/artificial-intelligence/ceos-to-keep-spending-on-ai-despite-spotty-returns/ar-AA1SkMcE07:34 – 5D Glass Storage: Crystals for the EnterpriseA UK company, SPhotonix, is advancing 5D glass storage, capable of preserving data for billions of years by etching nanoscale structures into glass using femtosecond lasers.Highlights include:•360 TB per 5-inch glass disk•Designed for permanent archival, not hot or warm storage•Potential replacement for long-term tape archives•Early write speeds are slow, but roadmap improvements are promisingThis technology positions itself as a future-proof solution for enterprises, governments, universities, and cultural institutions facing long-term data retention challenges.https://www.tomshardware.com/pc-components/storage/sphotonix-pushes-5d-glass-storage-toward-data-center-pilots15:00 – Coursera Acquires Udemy for $930 MillionOnline education giant Coursera is acquiring Udemy in a deal valued at approximately $930 million, creating a dominant force in enterprise and consumer e-learning.Discussion points:•Udemy’s strong practitioner-led course model•Coursera’s academic and credentialing reach•Expanded use of AI for assessments, personalization, and skills validation•Potential shift toward a “market-driven university” modelThe hosts see this consolidation as a net positive for enterprise IT teams responsible for compliance training, upskilling, and leadership development.https://techcrunch.com/2025/12/17/coursera-and-udemy-enter-a-merger-agreement-valued-at-around-2-5b/🔁 Wrap Up20:00 – Listener Feedback⭐ Community Call-Out: Abdullah’s React Audit ToolA special shout-out to Abdullah ( https://x.com/ozkayabd ) who responded on X after a previous React CVE episode and shared an open-source tool to help teams audit their environments:👉 React Audit Scannerhttp://rsc-auditor.vercel.appThis tool allows teams to quickly check whether they may be impacted by recent React vulnerabilities. As always, review and validate any third-party tool before using it in production.A special shout-out to Megan, who reached out after the episode with thoughtful feedback—and who’s doing important work to tackle a problem far too many people experience: ghosting of job applicants by recruiters and HR teams.Megan is actively pushing for better communication, transparency, and basic professionalism in the hiring process. It’s a reminder that while we talk a lot about AI, automation, and efficiency, the human side of tech and hiring still matters. Follow her on LinkedIn:https://www.linkedin.com/in/megan-julianoConnect with the hosts and the show:IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a long-overdue security move from Microsoft: disabling the RC4 cipher by default across Windows authentication infrastructure. After more than two decades of known cryptographic weaknesses, RC4 is finally being deprecated in favor of modern encryption standards like AES.The discussion covers why RC4 persisted for so long, how legacy Active Directory and Kerberos environments kept it alive, and why attackers have continued to exploit it through techniques like Kerberoasting. The hosts also highlight the new logging, auditing, and PowerShell tools Microsoft released to help enterprises identify and eliminate lingering RC4 dependencies—without breaking production systems.⸻📋 Show Notes🔐 Main Topic: Microsoft Disables RC4 by Default•Microsoft is removing RC4 (Rivest Cipher 4) as a default cipher in Windows authentication after more than 25 years.•RC4 has been known to be cryptographically broken for decades and has been actively exploited in real-world attacks.•The change impacts Kerberos authentication across Windows Server 2008 and later.•RC4 will still function only if explicitly re-enabled—which is strongly discouraged.⚠️ Why RC4 Is Dangerous•RC4 has been abused in Kerberoasting attacks against Active Directory environments.•Weak encryption allows attackers to extract service account credentials offline.•Keeping RC4 enabled significantly increases the blast radius of a compromised domain.🛠️ What Microsoft Did Right This Time•Added enhanced Kerberos logging (Event IDs 4768 and 4769) to identify RC4 usage.•Released PowerShell scripts to audit domain controllers for RC4 dependencies.•Published clear migration guidance to move environments to AES-SHA1 and stronger encryption.•Provided visibility before enforcing the change, helping admins avoid outages.🎧 Listener Feedback Highlight•A YouTube listener praised the CVE of the Week format as being highly valuable from an ops and security standpoint.•Strong validation that actionable vulnerability analysis resonates with enterprise IT teams.⭐ Community Call-Out: Abdullah’s React Audit ToolA special shout-out to Abdullah ( https://x.com/ozkayabd ) who responded on X after a previous React CVE episode and shared an open-source tool to help teams audit their environments:👉 React Audit Scannerhttp://rsc-auditor.vercel.appThis tool allows teams to quickly check whether they may be impacted by recent React vulnerabilities. As always, review and validate any third-party tool before using it in production.⸻🔚 Wrap Up & Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John and Lou tackle one of the most emotionally charged weeks in enterprise IT. Google CEO Sundar Pichai openly acknowledges that AI-driven layoffs will cause real pain before progress—a statement that sparks a candid Hot Take on disruption, job loss, and opportunity.From there, the show dives deep into the mounting backlash against U.S. data centers, with over 200 environmental groups demanding a halt to new builds—ironically accelerating plans for orbital data centers. The conversation then turns optimistic as the inventor of the Super Soaker unveils a breakthrough technology that converts waste heat directly into electricity, potentially reshaping geothermal and data center power economics.Finally, the guys explore Boom Supersonic’s unexpected pivot—using jet engines as grid-scale power generators for data centers—and Google’s launch of managed MCP servers that allow AI agents to plug directly into core Google services with minimal integration effort.⸻⏱️ Show Notes00:00 – IntroThis week: Google admits AI pain is coming, environmentalists push data centers toward orbit, waste heat becomes power, and AI agents get a universal plug.⸻HOT TAKE00:55 – Google CEO on AI Layoffs: “We’re All Going to Have to Suffer Through It”•Sundar Pichai acknowledges widespread layoffs and economic strain tied to AI adoption.•John and Lou discuss why AI-driven efficiency gains are being used as justification for premature workforce cuts.•Key argument: AI doesn’t replace people—it amplifies small teams and enables entrepreneurship.https://www.msn.com/en-us/money/companies/google-ceo-says-we-re-all-going-to-have-to-suffer-through-it-as-ai-puts-society-through-the-woodchipper/ar-AA1S5Pzx ⸻NEWS BYTES06:11 – More Than 200 Environmental Groups Demand Halt to New U.S. Data Centers•Greenpeace and others cite water usage, power demand, and CO₂ emissions.•~$64 billion in data center projects already delayed or halted.•Lou explains why this pressure is accelerating interest in orbital data centers—one FCC license vs. hundreds of local permits.https://www.theguardian.com/us-news/2025/dec/08/us-data-centers ⸻10:26 – Super Soaker Inventor Wants to Turn Waste Heat into Electricity•Lonnie Johnson (inventor of the Super Soaker) unveils the Johnson Thermal Electrochemical Converter (JTEC).•Works with small temperature differentials—no turbines, no moving parts.•Could dramatically change how data centers source supplemental power.https://www.ajc.com/business/2025/11/earth-needs-more-energy-atlantas-super-soaker-creator-may-have-a-solution/ ⸻13:08 – Boom Supersonic Uses Jet Engines to Power Data Centers•Boom Supersonic repurposes its jet engine designs into natural gas turbines for data centers.•Each turbine outputs ~42 MW; initial orders exceed 1.2 GW and are rapidly increasing.•First deliveries expected in 2027; turbine factory opening next year.•John and Lou connect this to job creation across manufacturing, operations, and IT management.https://techcrunch.com/2025/12/10/google-is-going-all-in-on-mcp-servers-agent-ready-by-design/ ⸻16:44 – Google Launches Managed MCP Servers for AI Agents•Google introduces managed Model Context Protocol (MCP) servers on GCP.•MCP creates a universal “language” for AI agents to interact with tools and services.•Reduces API complexity—ask questions, get results, take action.•Free during public preview for enterprise customers.•Lou calls this a major step toward AI-native enterprise workflows.https://techcrunch.com/2025/12/10/google-is-going-all-in-on-mcp-servers-agent-ready-by-design/ ⸻Wrap Up20:38 – Mail Bag & Wrap Up•Listener feedback highlights interest in portable and containerized data centers.IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

This week on IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a code-red security situation affecting a massive portion of the modern web. CVE-2025-55182 is a critical, actively exploited vulnerability in React Server Components (RSC) that enables unauthenticated remote code execution, even in applications that don’t explicitly use server functions.With an estimated 33–35% of cloud-based services running React, attackers are already leveraging automated tooling to deploy cryptominers, Linux backdoors, and persistent malware across vulnerable systems. If you run React, Next.js, or containerized web workloads, this episode outlines exactly why this exploit is so dangerous, how attackers are weaponizing it, and what you must do right now to mitigate risk—from emergency patching to Zero Trust and micro-segmentation strategies.⸻Show Notes🔴 CVE of the Week: CVE-2025-55182 (React Server Components RCE)In this episode, John and Lou sound the alarm on a critical vulnerability in React Server Components that has escalated from disclosure to active, automated exploitation in the wild.Key points covered:•CVE-2025-55182 allows unauthenticated remote code execution via unsafe serialization and deserialization in React Server Component endpoints•Vulnerable components include:•react-server-dom-webpack•react-server-dom-parcel•react-server-dom-turbopack•A related issue impacts Next.js App Router deployments, tracked separately as CVE-2025-66478•Even applications that do not explicitly use server functions may still be exploitable if RSC support exists🚨 Active Exploitation ConfirmedLou shares real-time intelligence showing attackers using automated tooling dubbed “React-to-Shell”, delivering:•Cryptocurrency miners•Linux backdoors (PeerBlight)•Reverse proxy tooling (CowTunnel)•Go-based post-exploitation implants (ZinFoq)This is no longer theoretical—production systems are being compromised right now.🛡️ Immediate Mitigation GuidanceIf you run React or Next.js workloads:•Patch immediately to fixed versions•Disable or strictly isolate RSC server function endpoints if not required•Place RSC behind WAFs and strict network controls•Harden container and OS permissions•Implement payload anomaly detection•Move toward micro-segmentation and Zero Trust architectures to limit blast radiusJohn and Lou emphasize that patching alone is no longer enough in an era of AI-accelerated exploitation.⸻Wrap Up & Community FeedbackThe episode closes with listener feedback from LinkedIn discussing CXL memory pooling and how it is changing enterprise infrastructure economics—plus a recommendation to check out deep-dive demos from Serve The Home.As always, the team invites listener input on whether future episodes should focus on individual CVEs or broader security themes.⸻Follow & ConnectIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John and Lou cover a packed week in tech policy, AI disruption, and cloud infrastructure. Apple loses its AI chief as the company struggles to keep pace with rivals. India orders smartphone makers to preload a government surveillance app—then backpedals after Apple pushes back. Sam Altman declares a “Code Red” inside OpenAI as pressure mounts from Google, Anthropic, and the entire LLM ecosystem. And finally, Amazon and Google partner on a new high-speed multi-cloud interconnect—an unexpected alliance triggered in part by AWS’ recent outages.This episode blends politics, enterprise IT strategy, security concerns, and cloud architecture trends—delivered with classic SPARC Cast sarcasm.⏱️ Show Notes00:00 – IntroThis week: Apple says goodbye to its AI chief, India tests mandatory surveillance apps, OpenAI hits the panic button, and Amazon+Google become “friends with benefits.”NEWS BYTES00:46 – Apple AI Chief ExitsApple confirms that John Giannandrea, SVP of Machine Learning & AI Strategy, will step down in Spring 2026.•He was Apple’s “big hire from Google” and led AI initiatives for eight years.•His replacement: Amar Subramanya, reporting to Craig Federighi.•John & Lou discuss Apple’s AI struggles:– Apple Intelligence is “not what was promised”—delayed, underwhelming, and widely criticized.https://www.apple.com/newsroom/2025/12/john-giannandrea-to-retire-from-apple/ 06:43 – India Orders Smartphone Makers to Preload State-Owned Cyber Safety AppIndia announces a mandate requiring all new smartphones to include a government-built, undeletable cybersecurity app.•Goal: combat rising cybercrime, IMEI cloning, stolen-device fraud.•Users cannot remove or disable the app.•Lou and John highlight the risk.https://www.reuters.com/sustainability/boards-policy-regulation/india-orders-mobile-phones-preloaded-with-government-app-ensure-cyber-safety-2025-12-01/ 11:51 – Sam Altman Declares ‘Code Red’ for ChatGPTOpenAI CEO Sam Altman declares an internal “Code Red” tied to ChatGPT 5.2.•All nonessential projects—including the Pulse personalized assistant—paused.•Focus is entirely on improving 5.2 performance, reliability, and user experience.•Why now?– Gemini just jumped ahead in accuracy.– Claude leads in coding tasks.– Competition is moving at blistering speed.https://www.macrumors.com/2025/12/02/openai-delays-ad-plans/ 16:55 – Amazon and Google Launch Multicloud Service for Faster ConnectivityAmazon Web Services & Google Cloud jointly launch a multi-cloud private interconnect for rapid cross-cloud connectivity.•High-speed AWS ↔ Google Cloud links provisioned in minutes, not weeks.•Early adopter: Salesforce.•Why this matters:– After the major AWS East-1 outage, enterprises need cloud failover options fast.– This partnership essentially creates a safety net: if one cloud fails, the other can pick up load.https://www.reuters.com/business/retail-consumer/amazon-google-launch-multicloud-service-faster-connectivity-2025-12-01/ 20:32 – Mail Bag & Wrap UpSocial Links:IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John and Lou break down Ubiquiti’s brand-new UniFi wireless bridging lineup, test drive the surprisingly powerful ChatGPT Group Chat feature, and review the newly released IT Specialist Simulator game—yes, it’s a real thing.Lou also shares his SuperComputing 25 highlights, covering quantum computing, CXL memory extension, and why this year’s show was one of the most energetic he’s ever seen. A packed week for enterprise IT, networking, AI tooling, and HPC.⏱️ Show Notes00:00 – IntroA preview of the week’s topics: ChatGPT enters the chat, Pixel Team Red makes IT into a game, and UniFi pushes wireless bridging further.NEWS BYTES01:21 – All-New UniFi BridgingUbiquiti announces an expanded lineup of UniFi bridging hardware, offering new flexibility for building-to-building links and hard-to-cable environments. Key highlights:•Building Bridge Single Unit – no more buying pairs; units can now be paired or re-paired on demand.•Device Bridge IoT – tiny 2.4 GHz client bridge for connecting wired devices where Ethernet isn’t available.•Device Bridge Switch – 2.5GbE PoE switch + Wi-Fi 7 / 6 GHz bridging for high-throughput deployment without new cabling.•Ideal for renters, campuses, remote buildings, and temporary connectivity.https://blog.ui.com/article/all-new-unifi-bridging 05:00 – ChatGPT Group ChatsChatGPT now offers multi-user group chats, allowing collaborative research, shared notes, and real-time AI-assisted discussions.•Works like “ChatGPT inside Slack or Teams.”•No cross-bleed from personal ChatGPT memory—group chats stay isolated.•Great for brainstorming, problem-solving, and real-time content creation.•John tests memory segmentation and explains why this feature actually matters for privacy.https://openai.com/index/group-chats-in-chatgpt/ 07:38 – IT Specialist Simulator (Game)A new Steam game, IT Specialist Simulator, lets players start as junior IT techs and work their way up the ladder.•Tasks include configuring IP addresses, handling tickets, and climbing into management roles.•John plans to test it using Crossover on his Mac during Thanksgiving vacation.•Lou questions whether this is secretly a recruitment or training tool.•Possible educational value for beginners learning networking basics.https://store.steampowered.com/app/3266090/IT_Specialist_Simulator/10:16 – Lou’s SuperComputing 25 OverviewLou shares additional SC25 observations not covered in the shorts:•Deep dive conversations with quantum computing firms including Alice & Bob.•IBM’s quantum roadmap and why commercial systems are likely 2030+.•How quantum computing targets molecular simulation, advanced materials, next-gen drugs, and computational fluid dynamics.•The rise of CXL, PCIe expansion, and technologies enabling enterprises to extend hardware rather than replace it.•SC25 was one of the most active HPC events Lou has seen in decades.Wrap Up14:42 – Listener Feedback & Wrap UpListeners react to recent shorts, including extreme cooling solutions (0.01 Kelvin) and moon-mined Helium-3 for future fusion and quantum workloads.Full contact and feedback channels below:Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast, Lou brings you a packed 8-minute walkthrough of the biggest themes and technologies from SuperComputing 25—the largest and busiest HPC show he’s ever attended.In this video, Lou covers:🔥 Cooling Wars: immersion cooling, PG25 liquid loops, cavitation risks, phase-change fluids, and long-term hardware reliability.🧠 CXL & Memory Expansion: shared GPU pools, multi-host memory fabrics, and how CXL can extend server life.☁️ Hybrid Cloud AI Platforms: two research-born vendors (including one FedRAMP-compliant) redefining HPC + cloud orchestration.⚡ Infrastructure Giants: the mind-blowing cooling and power equipment that will shape future enterprise data centers.And John reads out Listener Feedback regarding AlmaLinux as the successor to CentOS.If you want a concise, expert-level briefing from the SC25 show floor—this is the one to watch.What it on Youtube Here - https://youtu.be/Ve57fs7efFY00:00 – Intro01:08 – Greeting from Super Computing 25Lou sets the stage after returning from SuperComputing 25, describing the massive scale of the show, packed floors, and how SC25 has effectively replaced events like Interop and SuperComm.NEWS & TECH BREAKDOWN02:22 – The Major Theme: Cooling, Cooling, CoolingLou explains that cooling dominated the show, with two primary approaches emerging:1. Immersion Cooling•Full-system submersion in mineral oil or engineered fluids2. Active Liquid Cooling (PG25 Mix)•Issues explored: erosion, cavitation, biological growth, thermal cycling, solder fatigue3. Phase-Change Approaches•Solutions that vaporize at fixed temperatures (e.g., 55°C boiling point phase-change fluids)Why It Matters: Enterprise hardware longevity, reduced thermal stress, and predictable cooling efficiency.05:41 – CXL & Memory Expansion: The Future of Server Life ExtensionLou discusses a major standout category: CXL (Compute Express Link) technologies allowing:•Shared memory pools & GPUs across multiple hosts•Extending server life by adding external memory instead of replacing hardware•Switching architectures enabling dynamic assignment of terabytes of memory to GPUsEnterprise takeaway: “Do more with less” becomes practical—critical during recessionary or budget-tight periods.⸻07:55 – Hybrid Cloud AI PlatformsLou meets with two research-born companies offering advanced hybrid cloud and orchestration stacks:•One FedRAMP-compliant, built for U.S. federal and defense workloads•One European research derivative, designed for container-heavy hybrid environments without VMware relianceThese solutions focus on orchestration, HPC-to-cloud overflow, container scheduling, and distributed compute for AI.09:19 – Wrap UpJohn closes by encouraging viewers to watch the upcoming shorts and emphasizing how SC25 showcased the next generation of enterprise-class tech. He also covers Listener Feedback on our first short from SC25 regarding AlmaLinuxSocial LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John and Lou tackle a wild week in enterprise IT—from grounded aircraft disrupting hardware logistics, to open-source maintainers calling out Google, to sophisticated VM-based malware hiding inside Windows systems, to Santa Clara’s power grid collapsing under the weight of the AI boom.First, a tragic UPS MD-11 crash in Louisville forces both UPS and FedEx to ground all MD-11 aircraft—creating ripple effects for enterprise sparing strategies and next-day hardware replacement SLAs. John and Lou explain how events outside the IT bubble can quietly break your uptime guarantees.Then, the maintainers of FFmpeg publicly call out Google: either fund the project or stop flooding it with fuzz-generated bugs. The hosts explore the broader lesson: organizations relying on open source must contribute—code, money, or both.Next, the team walks through a jaw-dropping Hyper-V evasion technique, where Russian hackers spin up hidden Alpine Linux VMs to run malware undetected by EDR tools. Lou calls it “one of the most clever attack chains we’ve seen in years,” and John argues that Windows security must evolve to detect surprise VM creation.Finally, Santa Clara—Nvidia’s hometown—has data centers sitting empty because the city literally has no power left to give. With AI megaprojects like Project Stargate on the horizon, John and Lou warn that the grid crisis is about to become every CIO’s problem.Show Notes00:00 – IntroNEWS BYTES01:05 – UPS and FedEx Ground Planes After Louisville Crash•A UPS MD-11 crashes, triggering a fleetwide grounding of MD-11 cargo aircraft.•Immediate supply-chain impact for next-day server replacements and enterprise sparing.•John and Lou highlight why IT leaders must monitor “non-IT” news that affects logistics.•A reminder: SLA = logistics, and logistics depends on the real world.https://www.nbcnews.com/news/us-news/ups-grounds-md-11-fleet-type-plane-louisville-crash-sources-say-rcna242711 04:19 – FFmpeg to Google: Fund Us or Stop Sending Bugs•Google’s fuzzing system floods FFmpeg with nonstop bug reports.•Maintainers say the project is overwhelmed and demand Google contribute.•Discussion: the ethical and practical responsibility companies have to support open source.https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs 07:25 – Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection•Threat actor Curly Comrades uses Hyper-V to run hidden Alpine Linux VMs.•Malware (CurlyShell & CurlyCat) routes through host NAT, appearing as normal traffic.•Hard to detect: tiny VM footprint, few forensic artifacts, zero EDR visibility.•John: Windows Defender should alert when a new VM spins up—“Did you mean to do this?”https://thehackernews.com/2025/11/hackers-weaponize-windows-hyper-v-to.html  13:08 – Data Centers in Nvidia’s Hometown Stand Empty Awaiting Power•Two new Santa Clara data centers cannot turn on due to a power shortage.•Signals a coming crisis as AI mega-facilities exceed grid capacity.•Power costs and grid constraints may soon drive enterprise IT budgeting changes.https://finance.yahoo.com/news/data-centers-nvidia-hometown-stand-100009877.html  15:56 – Mail Bag & Wrap UpIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this week’s IT SPARC Cast, John and Lou break down a Cisco security double feature—three critical vulnerabilities impacting Cisco ASA, Cisco Secure Firewall (FTD), and Cisco Identity Services Engine (ISE). These flaws include authentication bypass, chained remote code execution, and a CVSS 10.0 root-level compromise via an undocumented ISE API.We explain how CVE-2025-20333, CVE-2025-20362, and the newly revealed CVE-2025-20337 work, why federal agencies issued emergency patch directives, and what immediate mitigation steps enterprise defenders must take. If you manage Cisco firewalls or identity systems, this episode is mandatory listening.00:00 - Intro01:05 - CVEs of the Week – Cisco ASA & FTD (CVE-2025-20333 & CVE-2025-20362)• Two actively exploited Cisco firewall vulnerabilities enable authentication bypass and chained remote code execution.• Attackers linked to ArcaneDoor/Storm-1849 are using CVE-2025-20362 to bypass authentication, paired with CVE-2025-20333 for full RCE device takeover.• Compromised devices show unexpected reloads, disabled logs, and firmware persistence via ROMMON modification.• Over 50,000 ASA/FTD systems remain exposed, many still unpatched.• Emergency guidance from CISA and NCSC stresses immediate patching, disabling WebVPN/SSL, IP whitelisting, and checking for persistence or odd CLI behavior.• Lou and John emphasize the need for a multi-vendor firewall strategy to avoid single-vendor blast-radius failures.⸻05:00 - Cisco ISE – CVE-2025-20337 (Root-Level RCE via Undocumented API)• Amazon’s threat intelligence team discovered in-the-wild exploitation of an undocumented ISE API endpoint.• This CVSS 10.0 vulnerability allows deserialization attacks leading to unauthenticated root-level access.• Attackers deploy an advanced, stealthy web-shell (“IdentityAuditAction”) featuring:– In-memory execution– Java reflection thread injection– Custom DES-encrypted C2– No disk artifacts• Exploitation activity dates back to at least May and may be earlier.• Mitigation requires updating to patched ISE versions, segmenting management networks, monitoring unexpected listeners, and tightening inbound firewall policies.• John and Lou reiterate that identity remains the “universal attack surface,” and poor segmentation continues to amplify enterprise risk.⸻09:26 - Listener FeedbackA viewer asked whether the F5 BIG-IP source code leak affects only the management plane or the data plane.Answer: Both. Because the entire codebase was leaked, any subsystem could harbor latent zero-day attack surfaces—further stressing the importance of aggressive patching and hardened segmentation.⸻10:28 - Wrap UpWe appreciate every question, comment, and suggestion. Keep them coming.IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this week’s IT SPARC Cast – News Bytes, John and Lou go galactic—covering AI data centers in orbit, Microsoft’s blunders, and a nasty new Windows backdoor exploiting OpenAI’s API.First, it’s “IT in SPAAAAAACE!” as Google unveils Project Suncatcher, an effort to launch radiation-hardened Tensor Processing Units (TPUs) into orbit for solar-powered, space-based AI compute. Then, SpaceX announces plans to build low-Earth-orbit data centers using its Starlink satellite infrastructure and Tesla’s upcoming AI chips—pushing the data center arms race off-planet.Next up in “Really, Microsoft?” — the latest Windows 11 bug means “Update and Shut Down” doesn’t actually shut down. It just reboots. But the real danger comes from the newly discovered SesameOp backdoor, which uses the OpenAI Assistants API as its command-and-control channel—making it nearly invisible to traditional security tools.Finally, Microsoft ends volume pricing discounts for enterprise customers, sparking frustration across IT departments already battling licensing complexity.Show Notes00:00 - IntroJohn and Lou open with a new segment: “IT in Space!” as data centers literally leave Earth’s surface.01:02 - Google’s Next Moonshot: Project Suncatcher•Google to launch Project Suncatcher—solar-powered AI compute nodes using Tensor Processing Units (TPUs) in orbit.•Partners with Planet Labs for radiation-hardened TPU testing.•Orbiting clusters could provide 8x more energy efficiency than Earth-based systems.•Challenges include cooling, radiation shielding, and debris avoidance.https://9to5google.com/2025/11/04/google-project-suncatcher/03:41 - SpaceX Plans Data Centers in Low-Earth Orbit•SpaceX confirms Starlink v3 satellites will support data center modules.•Tied to Tesla’s AI5 and upcoming AI6 chip platforms.•Starship will be used to deploy orbital compute clusters.•Laser interlinks and orbital energy capture could redefine distributed computing.https://x.com/dimazeniuk/status/1984613494629503484?s=61&t=vt5DZTzMzVaVQd0cNd8iuA06:55 - “Update and Shut Down” No Longer Restarts PC•Microsoft’s November 2025 preview patch fixes a long-standing issue: “Update and Shut Down” reboots instead of powering off.•Optional fix available under Windows 11 build 26200.7019.•Another headache in Windows’ long list of quality-of-life bugs.https://www.windowslatest.com/2025/11/02/update-and-shut-down-no-longer-restarts-pc-as-windows-11-25h2-patch-addresses-a-decades-old-bug/08:10 - SesameOp Backdoor Using OpenAI Assistants API•SesameOp discovered by Microsoft’s DART Team.•Uses OpenAI’s Assistants API as a stealthy command-and-control (C2) channel.•No patch yet—only firewall whitelisting and Defender rules recommended.https://thehackernews.com/2025/11/microsoft-detects-sesameop-backdoor.html13:53 - Microsoft Ends Volume Pricing•As of Nov 1, Microsoft has eliminated tiered volume discounts for Enterprise Agreements.•Large customers will now pay the same flat rate as smaller ones.•Could increase software spend by double digits at renewal.https://www.cio.com/article/4079004/microsoft-ends-volume-pricing-potentially-costing-companies-millions.html15:29 - Mail Bag & Wrap Uphttps://daily.jstor.org/when-the-push-button-was-new-people-were-freaked/IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt dive deep into CVE-2025-52665, a critical 10.0 CVSS vulnerability impacting Ubiquiti’s UniFi Access Management API. This flaw blends physical security and cybersecurity risks — allowing unauthenticated attackers to execute remote code, manipulate door access, or even lock users inside buildings.John and Lou break down how this misconfigured API opens the door (literally) to full network takeover and discuss the real-world implications of smart building vulnerabilities. They cover the affected UniFi Access versions (3.3.22 to 3.4.31) and emphasize updating immediately to version 4.0.21 or later.Beyond the technical details, they debate the broader question: Are smart buildings worth the risk? From API hygiene to network segmentation, the hosts offer actionable strategies to secure IoT infrastructure and ensure that “smart” doesn’t become “unsafe.”⸻Social Links:IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this week’s IT SPARC Cast – News Bytes, John and Lou explore the intersection of AI, hardware, and IT freedom — from creative tension at EA to chipmaking disruption.First, Electronic Arts (EA) launches ReefGPT, an internal AI design tool meant to boost productivity across studios. Developers say it’s unreliable and fear job losses, while leadership insists AI is the future. John and Lou unpack the deeper message: AI won’t take your job, but someone using AI will.Then, Qualcomm jumps into the AI data center market with its new AI200 and AI250 chips — scaled-up versions of its mobile neural processors, ready to challenge Nvidia and AMD for inference workloads. The hosts discuss how this could finally relieve the GPU bottleneck driving AI infrastructure costs through the roof.Next, Ubiquiti declares “SFP Liberation Day.” The new $49 SFP Wizard not only tests but reprograms fiber modules to work with any switch — bypassing vendor lock-ins from Cisco, HPE, and others. John and Lou call it “the jailbreak every network engineer has been waiting for.”Finally, Substrate, a U.S. startup, unveils an X-ray lithography chipmaking tool that could rival ASML’s $400M EUV machines. Backed by $100M in funding, the company aims to bring advanced chip manufacturing back to the U.S. — potentially reshaping the semiconductor landscape.00:00 - Intro00:52 - Electronic Arts (EA) AI Divide•EA launches ReefGPT to accelerate game design.•Creatives call it unreliable and fear losing creative control.https://www.businessinsider.com/inside-ai-divide-roiling-video-game-giant-electronic-arts-2025-10?op=1  04:15 - Qualcomm Joins the AI Arms Race•Qualcomm announces AI200 (2026) and AI250 (2027) chips for data centers.•Targets Nvidia’s GPU monopoly with rack-mounted, liquid-cooled solutions.•Could ease supply pressure and diversify AI compute resources.https://www.cnbc.com/2025/10/27/qualcomm-ai200-ai250-ai-chips-nvidia-amd.html 11:35 - Ubiquiti Liberates the SFPs•“SFP Liberation Day” brings a $49 SFP Wizard tool for testing and reprogramming optics.•Supports SFP, SFP+, and QSFP modules across brands.•A win for network engineers tired of overpriced vendor modules.https://blog.ui.com/article/welcome-to-sfp-liberation-day 15:58 - Substrate Announces Chipmaking Tool to Rival ASML•Substrate reveals an X-ray lithography system•Rivaling ASML’s EUV tools at lower cost.•Could reshape semiconductor competition and domestic manufacturing.https://www.reuters.com/world/asia-pacific/us-startup-substrate-announces-chipmaking-tool-that-it-says-will-rival-asml-2025-10-28/https://www.ft.com/content/2496edef-4f1b-47aa-877d-9c01271faaa1https://www.wsj.com/tech/peter-thiel-backed-startup-secures-100-million-to-make-chips-in-u-s-baff93ac21:02 - Mail Bag & Wrap Up Hosted on Acast. See acast.com/privacy for more information.

In this special Halloween edition of CVE of the Week, John and Lou dive into a truly chilling scenario — a high-severity DNS poisoning flaw that could be the perfect setup for a wave of phishing attacks and credential theft across enterprise networks.The star of the episode: CVE-2025-40778, a newly discovered vulnerability in BIND 9’s resolver logic. This flaw allows unauthenticated attackers to inject forged DNS records, redirecting legitimate queries to malicious servers — all without user interaction. With a CVSS score of 8.6, exploits are already active in the wild, and over 5,900 exposed instances have been identified.But that’s just the start. The hosts explain how major outages at AWS (US-East-1) and Microsoft Azure opened the door for clever phishers to strike when users were most vulnerable — during downtime. Together, these issues illustrate a perfect storm of technical failure and human manipulation.Lou and John share practical defenses: patch immediately, enable DNSSEC, restrict recursion, and — most importantly — establish a trusted, redundant communication plan for your users before the next outage hits.⸻Key Takeaways•CVE-2025-40778 impacts BIND 9 versions from 9.11 to 9.21.12, including S1 previews.•Exploits are already circulating — attackers can poison DNS caches remotely.•Misconfigured DNS and phishing attacks can combine for devastating impact.•Immediate action: patch, enable DNSSEC, monitor cache entries, and reduce TTLs.•Prepare for outages — build redundant user communication channels to prevent panic and credential leaks.Linkshttps://kb.isc.org/docs/cve-2025-40778 https://nvd.nist.gov/vuln/detail/CVE-2025-40778https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html https://www.helpnetsecurity.com/2025/10/28/bind-9-vulnerability-cve-2025-40778-poc/ ⸻Wrap-Up – Stay ConnectedIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this week’s IT SPARC Cast – News Bytes, John and Lou explore the fast-moving world of AI, quantum computing, and cloud reliability.First up, OpenAI launches Atlas, an AI-powered browser with ChatGPT built in—complete with persistent memory, agent mode, and deep personalization. But as John warns, “If ChatGPT can see everything you do, that includes your company’s data.” Lou connects it to last week’s 7-Zip discussion, emphasizing the need for strict data access policies in enterprises managing shadow AI use.Then, Google makes a quantum leap with its new Willow chip and Quantum Echoes algorithm, achieving verifiable quantum advantage—13,000x faster than classical supercomputers. The duo discusses its implications for material science, encryption, and the coming “cryptopocalypse.”Next, Signal gets proactive, introducing Triple Ratchet Encryption—a post-quantum secure update using ML-KEM (Kyber) to protect against future quantum decryption. It’s the first major messaging platform to harden itself against Harvest Now–Decrypt Later attacks.Finally, in this week’s Hot Take, the hosts analyze the recent AWS DNS outage that took down half the internet. Their verdict? “It’s not just AWS—it’s the apps.” They discuss multi-region design, cloud dependency, and why “Five Nines” uptime might be a thing of the past.⸻⏱️ Show Notes00:00 - Intro01:24 - OpenAI Debuts AI-Powered Browser (Atlas)https://tech.slashdot.org/story/25/10/21/1725235/openai-debuts-ai-powered-browser-with-memory-and-agent-features 07:27 - Google Launches New Quantum Chip and Algorithmhttps://blog.google/technology/research/quantum-echoes-willow-verifiable-quantum-advantage/ 09:31 - Signal Stays Ahead of the Game — Triple Ratchet Encryptionhttps://signal.org/blog/spqr ⸻12:03 - Hot Take: Amazon Web Services (AWS) DNS OutageJohn recounts debugging his Ring cameras—before realizing the culprit was AWS.•Cascading DNS failure caused a self-inflicted denial of service•Exposed lack of redundancy and poor multi-region design•50% of the internet went down, despite AWS only running 30% of itLou’s takeaway: “Cloud isn’t inherently resilient—it’s only as resilient as you design it to be.”https://youtu.be/ygcYoFBXdjQ IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.