IT SPARC Cast

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a massive ransomware-driven data breach impacting Conduent, a major business process services provider that handles public sector programs, healthcare benefits processing, and corporate HR services.What began as reports of a 10.5 million record breach has now escalated to an estimated 25 million impacted individuals, with the ransomware group SafePay claiming responsibility and alleging over 8 terabytes of data exfiltrated.⸻🔎 What Happened?Conduent, which provides backend processing for government assistance programs and health benefits, confirmed that sensitive personal and corporate information may have been exposed.Reported exposed data includes:•Names•Dates of birth•Addresses•Social Security numbers•Employment records•Financial information•Medical and health insurance details•Internal business documentsSafePay ransomware actors reportedly gained access through compromised credentials and then moved laterally through Conduent’s systems.This is a textbook example of a chained cyberattack, where one small compromise enables full-scale enterprise exposure.⸻🌎 Scope of the ImpactThe breach affects multiple U.S. states and programs, including:•Texas (~15.4 million impacted)•Oregon (~10.5 million impacted)•Delaware•Massachusetts•New Hampshire•Georgia•South Carolina•New Jersey•Maine•New MexicoPrograms potentially affected:•Medicaid•SNAP / EBT food assistance•Unemployment benefits•Health insurance processing (including Blue Cross Blue Shield and Humana)•Corporate employee benefit programsAdditionally, approximately 17,000 Volvo Group North America employees may have been impacted.⸻⚠ Why This Matters for Enterprise ITThis is not “just” a public-sector breach.Many private companies rely on Conduent for backend benefits processing. If your organization uses:•Blue Cross Blue Shield•Humana•Third-party HR / benefits processorsYou must immediately:•Contact your HR and benefits teams•Request incident briefings from vendors•Determine if employee data was exposed•Prepare remediation and communication plans⸻🔐 Security Lessons•Credential compromise remains a primary entry point•Lateral movement amplifies initial footholds•Ransomware groups continue combining encryption with large-scale data exfiltration•Transparency and timely disclosure are criticalConduent acknowledged the breach, engaged forensic investigators, and notified impacted parties — a necessary and responsible response.⸻💬 Listener FeedbackThe episode also includes feedback from Kevin regarding last week’s Apple iOS 26 patch discussion. While some users hesitate to upgrade due to UI and stability concerns, security patches addressing critical vulnerabilities must take priority.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt unpack three stories that expose the real friction points in enterprise IT: AI ethics in defense contracts, looming hardware shortages, and data governance risks in Microsoft Copilot.Anthropic and the Pentagon clash over Claude’s military use, Western Digital reports zero remaining HDD capacity for 2026, and Microsoft confirms a Copilot bug that summarized confidential emails. From supply chain strategy to SaaS risk management, this episode highlights why enterprise IT leaders must think beyond features and focus on contracts, capacity, and control.⸻⏱️ Show Notes00:00 – IntroHard drive shortages, AI contract battles, and Copilot privacy concerns headline a week that reinforces one theme: control over infrastructure and software matters more than ever.⸻📰 News Bytes00:46 – Anthropic and the Pentagon Are Reportedly Arguing Over Claude UsageAnthropic pushes back against unrestricted military use of Claude AI, raising ethical, contractual, and operational questions. The Pentagon may reconsider its $200M relationship, exposing a major risk for organizations deploying AI: what happens when vendor policies change after integration?https://techcrunch.com/2026/02/15/anthropic-and-the-pentagon-are-reportedly-arguing-over-claude-usage/ ⸻07:19 – Western Digital Has No More HDD Capacity Left for 2026Western Digital reports its entire 2026 hard drive production is already spoken for. Similar signals from Seagate suggest storage pricing pressure is imminent. The hosts explain why this isn’t just about spinning disks—it’s about AI data center demand driving up costs across RAM, SSDs, GPUs, and enterprise hardware.https://wccftech.com/western-digital-has-no-more-hdd-capacity-left-out/ ⸻12:06 – Microsoft Says Bug Causes Copilot to Summarize Confidential EmailsMicrosoft confirms a Copilot bug that processed confidential emails stored in drafts and sent folders, despite policy settings meant to block them. Although no data reportedly left the organization, the incident underscores governance, SaaS dependency, and AI access-control risks enterprises must plan for.https://www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-causes-copilot-to-summarize-confidential-emails/ ⸻🔁 Wrap Up16:42 – Mail BagListener Dennis drops a Back to the Future “jigawatt” reference, and Xavier reinforces the importance of AI security hygiene and fine-grained permission management.17:52 – Wrap UpFinal thoughts on vendor lock-in, AI policy control, supply chain modeling, and why IT leaders need stronger collaboration with finance and legal teams.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt examine a critical Apple security vulnerability patched in iOS, iPadOS, macOS, watchOS, tvOS, and visionOS 26.3.The focus: CVE-2026-20700, a memory corruption flaw in Apple’s dynamic link layer that could allow attackers to break out of the sandbox and achieve remote code execution (RCE).Although exploitation requires physical access, the definition of “physical” in today’s hybrid enterprise world is broader than it sounds. Remote management tools, compromised accounts, lost devices, or improperly secured BYOD endpoints can all create real-world exposure.With Apple’s unified “26” operating system line now spanning every platform, this patch affects:•iOS 26.3•iPadOS 26.3•macOS 26.3•watchOS 26.3•tvOS 26.3•visionOS 26.3Security researchers are classifying this vulnerability as critical/high severity, and enterprises are urged to patch immediately.⸻🔎 CVE-2026-20700 Details•Type: Memory corruption•Impact: Sandbox escape → Remote Code Execution•Exploit Path: Physical or logical device access•Risk Level: High/Critical (no official CVSS published)•Fix: Upgrade to Apple OS version 26.3⸻⚠ Why This Matters for Enterprise IT1️⃣ BYOD Risk SurfaceBring-Your-Own-Device policies mean iPhones, iPads, and Macs often connect to corporate networks without full administrative control. A vulnerable device on your network increases lateral movement risk.2️⃣ Physical Access Isn’t Just “Someone in the Room”Remote tools, compromised Apple IDs, or stolen devices expand the meaning of physical access.3️⃣ Upgrade Hesitation Is RealApple’s 26 release introduced major UI changes (including the controversial glass interface). Stability concerns have led some users to delay upgrades — increasing exposure time.Security must outweigh aesthetic or usability concerns.⸻🛠 Enterprise Recommendations•Immediately communicate required upgrade to 26.3•Enforce OS minimum versions where possible•Review BYOD policies and mobile device controls•Audit Apple device access on corporate networks•Educate users about lost/stolen device risk⸻💬 Listener FeedbackThe episode also includes commentary from Chris, a general counsel and chief risk officer, who responded to last week’s Notepad RCE discussion. He raises an important point about expanding application functionality increasing attack surface — a lesson that applies here as well.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down a week where enterprise IT collided with energy policy, nuclear power, and outer space. UniFi Network 10.1 pushes further into enterprise territory with improved scalability and Wi-Fi visibility. Meanwhile, the White House explores voluntary agreements to manage rising energy costs from AI data centers.Then things escalate: hyperscalers begin signing real contracts for next-generation nuclear power, and Elon Musk gets serious about orbital data centers—suggesting that the future of compute may extend beyond the planet. If you’re tracking AI infrastructure, network evolution, and the power constraints shaping the industry, this episode connects the dots.⸻⏱️ Show Notes00:00 – IntroJohn and Lou preview a week dominated by UniFi upgrades, federal energy discussions, nuclear power tipping points, and serious momentum toward data centers in space.⸻📰 News Bytes00:44 – UniFi Network 10.1Ubiquiti releases UniFi Network 10.1 with major stability and scalability improvements, Wi-Fi Doctor diagnostics, UI refinements, enhanced policy visibility, and optimizations for Wi-Fi 7 and multi-gig deployments. The hosts discuss why UniFi continues its march toward true enterprise credibility while remaining accessible for SMB and prosumer environments.https://blog.ui.com/article/introducing-unifi-network-10-1 ⸻05:13 – White House Eyes Data Center Agreements Amid Energy Price SpikesAs AI data center expansion drives regional energy price pressure, the White House explores voluntary agreements with major tech companies to shift infrastructure costs away from consumers. The conversation explores the economics of AI growth, the inevitability of nuclear power, and whether energy becomes the defining constraint of the AI race.https://www.politico.com/news/2026/02/09/trump-administration-eyes-data-center-agreements-amid-energy-price-spikes-00772024 ⸻09:02 – Next-Gen Nuclear’s Tipping Point: Meta and Hyperscalers Sign DealsMeta and other hyperscalers begin signing legally binding agreements with next-generation nuclear companies like TerraPower and Oklo. John and Lou explain why signed contracts—not press releases—mark the true tipping point for small modular reactors powering AI infrastructure.https://www.aol.com/articles/next-gen-nuclear-tipping-point-214209248.html ⸻11:34 – Elon Musk Gets Serious About Orbital Data CentersFollowing strategic moves linking xAI and SpaceX, Musk pivots attention toward orbital and lunar infrastructure. The hosts unpack the logic behind space-based data centers, cooling challenges, Starlink integration, and why the economics may be less crazy than they first appear.https://techcrunch.com/2026/02/05/elon-musk-is-getting-serious-about-orbital-data-centers/ ⸻🔁 Wrap Up18:59 – Mail BagListener Jonah questions whether massive AI infrastructure financing signals a bubble. John and Lou explain why AI demand is currently compute-constrained—not hype-driven—and why any financial correction would look very different from the dot-com era.21:52 – Wrap UpFinal thoughts on nuclear inevitability, orbital infrastructure, and the reality that energy—not chips—may define the next decade of enterprise IT.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a shocking vulnerability: CVE-2026-2841, a Remote Code Execution (RCE) flaw in the modern Windows 11 Notepad application distributed via the Microsoft Store.Yes — even Notepad isn’t safe anymore.This vulnerability stems from a command injection flaw in the modern Windows 11 Store version of Notepad (11.x prior to patch). The issue allows malicious .md (Markdown) files containing crafted links or interactive content to execute arbitrary code when opened and clicked by a user.With a CVSS score of 8.8, this vulnerability becomes especially dangerous when chained with other exploits.⸻🔎 What You Need to KnowCVE-2026-2841 – Windows Notepad RCE•Affects: Windows 11 modern Notepad (Microsoft Store version 11.x prior to Patch Tuesday update)•Does NOT affect: Legacy Notepad on Windows 10, Windows 7, or classic versions•Attack Vector: Malicious .md file delivered via phishing•Trigger: User opens file and clicks embedded link•Impact: Remote Code Execution with user-level permissions•Severity: CVSS 8.8 (High)⸻⚠ Why This Matters•Perfect phishing vehicle: malicious Markdown attachment•Executes arbitrary code under the user’s permissions•Ideal for lateral movement in enterprise environments•Dangerous when combined with other exploits•Many organizations delay Patch Tuesday updates — this one should NOT wait⸻🛠 Mitigation & Recommendations•Immediately update Notepad via Microsoft Store•Audit Windows 11 endpoints for modern Notepad version•Train users to avoid opening unknown .md attachments•Consider simpler text editors for baseline editing tasks•Evaluate enterprise endpoint protection against command injection vectors⸻💻 Alternative Editors (With Security Awareness)John and Lou discuss safer editing alternatives including:•Notepad++•Visual Studio Code / Codeium•Sublime Text•Atom•Vim / NeoVim / Emacs•JetBrains IDEsReminder: More features = more attack surface.⸻💬 Wrap UpJohn and Lou also respond to listener feedback from Andrew regarding their recent OpenClaw security discussion. They clarify their stance:•They are not anti-AI.•They are pro-security.•Bleeding-edge tech requires controlled rollout and sandboxing.•Enterprises must protect privileged data access.Security-first thinking is not fear — it’s responsible IT leadership.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger and Lou Schmidt explore three stories reshaping enterprise IT strategy. From a quantum cooling breakthrough that could accelerate real-world quantum computing, to Oracle’s plan to raise $50 billion for AI cloud infrastructure, the episode highlights how fast the AI arms race is escalating.They also break down why the AI boom is starting to squeeze Apple’s famously strong profit margins—and what that means for device pricing, silicon supply, and enterprise IT budgets. If you care about where compute, power, and economics collide, this episode connects the dots.📌 Show Notes00:00 – IntroJohn and Lou kick off the episode with a look at why quantum cooling breakthroughs, massive AI cloud investments, and chip supply pressure on Apple all point to accelerating change across enterprise IT.⸻📰 News Bytes00:55 – Chalmers University Makes Quantum CoolResearchers at Chalmers University of Technology unveil a breakthrough quantum refrigeration method that uses controlled noise to improve cooling near absolute zero. The discussion explores why advances like this could rapidly reduce the cost and complexity of quantum computing and push it closer to real enterprise use cases.https://www.sciencedaily.com/releases/2026/01/260129080418.htm ⸻06:10 – Oracle Raising Up to $50B for AI CloudOracle plans to raise up to $50 billion to expand AI-focused cloud data centers as part of Project Stargate. John and Lou unpack why Oracle’s existing enterprise relationships give it a unique advantage—and why power and compute, not demand, may become the real limiting factors for AI growth.https://www.techrepublic.com/article/news-oracle-50b-ai-cloud/ ⸻10:28 – The AI Boom Is Coming for Apple’s Profit MarginsThe surge in AI-driven chip demand is putting pressure on Apple’s historically strong margins. As TSMC capacity is increasingly consumed by Nvidia, OpenAI, and hyperscalers, the hosts break down why Apple may face higher silicon costs—and what that means for device pricing, IT refresh cycles, and enterprise procurement.https://www.msn.com/en-us/money/technology/the-ai-boom-is-coming-for-apple-s-profit-margins/ar-AA1VpgpA ⸻🔁 Wrap Up17:11 – Mail BagListener feedback sparks a nuanced discussion on hybrid work, mandatory office policies, and why management capability—not location—is often the real issue.21:24 – Wrap UpFinal thoughts on quantum acceleration, AI infrastructure economics, and why IT leaders need to prepare for rising hardware costs and longer planning horizons.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

Agentic AI systems like OpenClaw represent the future of automation, productivity, and intelligent workflows — but today, they also represent a serious and underappreciated enterprise security risk.In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down why running OpenClaw (and related platforms like MoltBook) on corporate hardware or with access to enterprise data is dangerous right now, even if the long-term vision is compelling.The discussion centers on three types of OpenClaw users:1.Sandbox Experimenters – Users running OpenClaw in isolated labs or test environments with no access to corporate data.2.Dedicated VM / Hardware Users – Users running OpenClaw separately, but still granting it access to cloud services, email, or internal APIs.3.Daily Driver Users – Users installing OpenClaw directly on work PCs and giving it full access to files, email, chat, and automation tools.John and Lou argue that only the first group is safe today.Groups #2 and #3 dramatically expand the attack surface, introducing risks such as credential exfiltration, indirect prompt injection, data leakage, and supply-chain style compromises via third-party “skills.”The episode uses a “bio hotcell” analogy: OpenClaw can be used safely only when isolated, constrained, monitored, and treated as potentially hazardous. Without those controls, it becomes a silent data-exfiltration engine operating entirely inside allowed enterprise workflows.The takeaway for IT leaders is clear:HR and IT must act together now to define policies that prohibit OpenClaw and MoltBook from running on corporate devices or accessing corporate data until proper governance, tooling, and security controls exist.⸻🔚 Wrap Up & LinksFollow and connect with us:IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down three stories that reveal how enterprise IT is being reshaped by workforce realities, infrastructure constraints, and custom silicon. From mounting evidence that work-from-office mandates are driving top talent out the door, to a Los Angeles startup using SpaceX rocket technology to cool data centers without water, to Microsoft unveiling a massive new AI inference chip designed to scale efficiently.The discussion connects culture, power, cooling, and compute—showing why AI growth isn’t just about models and GPUs, but about solving the physical and human constraints that come with them. If you’re responsible for enterprise IT strategy, infrastructure planning, or talent retention, this episode delivers context you won’t get from headlines alone.⸻⏱️ Show Notes00:00 – IntroJohn and Lou preview a packed episode covering remote-work backlash, radical new data-center cooling approaches, and Microsoft’s latest move to control its AI destiny with custom silicon.⸻📰 News Bytes01:00 – Work-From-Office Mandate? Expect Top Talent Turnover and Culture RotNew research highlighted by CIO Magazine shows that strict return-to-office mandates are driving increased attrition among top performers, longer hiring cycles, and declining trust. John and Lou unpack why “butts-in-seats” metrics fail modern organizations and how poor remote-management skills—not productivity—are often the real problem.https://www.cio.com/article/4119562/work-from-office-mandate-expect-top-talent-turnover-culture-rot.html ⸻08:14 – L.A. Startup Uses SpaceX Tech to Cool Data Centers With Less Power and No WaterAn LA-based startup is applying SpaceX rocket turbopump technology and supercritical CO₂ to dramatically reduce data-center cooling power, footprint, and water usage. The hosts explain why cooling—not chips—is becoming one of the biggest bottlenecks in AI expansion and how innovations like this could unlock sustainable growth.https://finance.yahoo.com/news/l-startup-uses-spacex-tech-175628363.html⸻14:11 – Microsoft Announces a Powerful New Chip for AI InferenceMicrosoft unveils the Maia 200, a custom AI inference accelerator built on TSMC’s 3-nm process with 100 billion transistors. John and Lou break down why inference-optimized chips matter, how this fits into a broader trend of hyperscalers building custom silicon, and why efficiency per watt is becoming the defining metric for AI at scale.https://techcrunch.com/2026/01/26/microsoft-announces-powerful-new-chip-for-ai-inference/⸻🔁 Wrap Up19:49 – Mail BagListener feedback revisits classic operating systems, early AI roots, and why distributed computing concepts from decades ago are suddenly relevant again.22:47 – Wrap UpJohn and Lou close by emphasizing that AI’s future depends on solving power, cooling, and organizational challenges—not just shipping faster chips.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break format to examine two high-impact security and privacy stories that every enterprise IT and security leader should be paying attention to.First, we dive into a new lawsuit alleging that Meta can access or infer WhatsApp message contents, despite years of public claims that WhatsApp is fully end-to-end encrypted. We unpack what “access” really means in modern encrypted messaging systems, including metadata, client-side processing, backups, and enterprise risk implications—especially for organizations using WhatsApp for daily business communications.https://www.bloomberg.com/news/articles/2026-01-25/lawsuit-claims-meta-can-see-whatsapp-chats-in-breach-of-privacyNext, we examine a major data exposure involving Chat & Ask AI, a popular AI chatbot aggregator with tens of millions of users. Due to a backend Firebase misconfiguration, hundreds of millions of private conversations—including highly sensitive topics—were left publicly accessible. This incident highlights the growing risk of Shadow AI inside enterprises and the dangers of third-party AI wrappers that lack enterprise-grade security controls.https://www.404media.co/massive-ai-chat-app-leaked-millions-of-users-private-conversations/The episode closes with listener feedback on a previously covered UniFi Access vulnerability and a broader discussion on how organizations should educate, monitor, and protect users without resorting to blunt enforcement. Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt dig into three stories that highlight how enterprise IT is quietly—but fundamentally—restructuring itself. From executives questioning the long-term future of traditional ERP systems, to Ubiquiti introducing a new orchestration-driven take on network fabrics, to a grounded discussion on whether the AI bubble is real and why OpenAI may be far less fragile than critics assume.The conversation connects enterprise software evolution, network architecture at scale, and the hard economic realities of AI infrastructure—especially power and compute. If you’re responsible for enterprise platforms, networking strategy, or long-term IT planning, this episode provides context that goes beyond the headlines.⸻⏱️ Show Notes00:00 – IntroJohn and Lou preview the episode, touching on ERP’s looming transformation, UniFi’s new Fabric approach, and why AI demand—especially at OpenAI—is driven by hard infrastructure realities, not hype.⸻📰 News Bytes00:48 – ERP Isn’t Dead Yet – But Most Execs Are Planning the WakeA survey of more than 4,300 executives shows growing skepticism about ERP’s long-term dominance, even as most organizations remain satisfied with current systems. John and Lou explain why AI-driven, modular, and agentic ERP models are likely evolutions—not rip-and-replace events—and what enterprise IT teams should be doing now to prepare.https://www.theregister.com/2026/01/19/erp_survey_rimini_street/ ⸻06:28 – Ubiquiti Introduces UniFi FabricUbiquiti unveils UniFi Fabric, a centralized orchestration layer designed to manage policies, identity-based networking, Zero Trust, and multi-site environments without cloud licensing. The discussion compares UniFi’s approach to traditional network fabrics like VXLAN and SPBM, highlighting why this controller-first model could appeal to MSPs and mid-sized enterprises.https://blog.ui.com/article/introducing-unifi-fabrics ⸻14:14 – AI Bubble? Maybe. OpenAI Risk? Not Anytime Soon.John breaks down why OpenAI’s revenue growth is directly tied to available compute capacity, not speculative demand. Using concrete megawatt, gigawatt, and ARR figures, the hosts explain why AI may see valuation corrections—but why companies like OpenAI, NVIDIA, and Anthropic are unlikely to disappear.https://openai.com/index/a-business-that-scales-with-the-value-of-intelligence/ ⸻🔁 Wrap Up24:16 – Mail BagListener feedback reinforces the growing link between AI growth and power infrastructure, with discussion around electrical safety, regulation, and why energy expertise may be one of the most valuable skills in the coming decade.27:39 – Wrap UpJohn and Lou close with a reminder that enterprise IT leaders will increasingly be asked to validate power, nuclear, and infrastructure decisions at the executive level—and that staying informed now is critical.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break from the traditional single-CVE format to examine VoidLink, a newly discovered Linux malware framework that represents a major shift in how cyberattacks may be built and executed going forward.Rather than focusing on one vulnerability, VoidLink is designed to chain together many smaller flaws across Linux, containers, and cloud platforms like AWS, Azure, GCP, Docker, and Kubernetes—creating a stealthy, long-term access platform. Researchers believe VoidLink was developed rapidly using AI assistants, offering a rare look at how next-generation malware may be authored, iterated, and deployed. This episode explains why VoidLink matters, how defenders should think about chained exploits, and why this may be an early warning sign for the future of cloud and container security.⸻Show Notes (Podcast)Episode OverviewThis week’s CVE of the Week focuses on VoidLink, a newly identified Linux malware framework designed for persistence, stealth, and modular exploitation across cloud and container environments. While not a single CVE, VoidLink highlights how attackers are moving toward framework-driven, AI-assisted exploit chaining rather than isolated vulnerabilities.Key Topics Covered•What VoidLink is and why it’s different from traditional malware•How chaining low-severity vulnerabilities can result in full compromise•Targeted environments: Linux, Docker, Kubernetes, AWS, Azure, and GCP•Use of loaders, implants, evasion techniques, and modular plugins•Evidence suggesting AI-assisted development with rapid iteration•Why this gives defenders a rare opportunity to observe a threat early in its lifecycle•The implications for cloud security, container hardening, and future CVEsWhy This MattersVoidLink represents a shift from one-off exploits to malware platforms—essentially an “IDE for hacking.” Understanding how these frameworks are built and how they operate is critical for anticipating future attacks and improving detection strategies before they become widespread.⸻Listener Feedback HighlightWe’d like to give a shout-out to Nihal for his thoughtful LinkedIn comment on our earlier Top 10 Operating System Failures episode—specifically his hot take defending Windows ME and critiquing Windows XP’s compatibility break. We love informed debate like this and appreciate listeners who challenge conventional wisdom.⸻Wrap-Up & Social LinksThat wraps up this episode of IT SPARC Cast – CVE of the Week. We couldn’t do this without listeners like you.Did we miss something? Do you have a topic you want us to cover?Send feedback to feedback@itsparccast.com or reach out on social.IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down a week of moves that signal where enterprise AI, cloud platforms, and data center infrastructure are really headed. From Apple officially leaning on Google to power its AI ambitions, to Microsoft giving IT admins the ability to remove Copilot, this episode highlights growing tension between vendor momentum and enterprise control.They also explore Google’s push to standardize AI-driven commerce through agent protocols and why Meta locking down more than 6 GW of nuclear power may be the clearest sign yet that energy—not silicon—is becoming the limiting factor for AI at scale. If you’re tracking AI strategy, platform lock-in, and the future of data centers, this episode connects the dots.📌 Show Notes00:00 – IntroThis week on IT SPARC Cast, John Barger and Lou Schmidt break down a week dominated by AI power shifts, enterprise pushback, and the growing reality that energy—not compute—may be the biggest constraint on AI’s future.📰 News Bytes00:52 – It’s Official: Apple Going with Google for AIApple confirms it will rely on Google’s Gemini models to power the next generation of Siri and Apple Intelligence. John and Lou discuss what this says about Apple’s AI strategy, the risks of deep vendor lock-in, and whether Apple can realistically switch models later without breaking workflows.https://techcrunch.com/2026/01/12/googles-gemini-to-power-apples-ai-features-like-siri/05:44 – Microsoft to Allow IT Admins to Uninstall CopilotMicrosoft is testing new Windows policies that allow enterprise IT teams to remove the consumer Copilot app from managed devices. The conversation explores enterprise data governance, Intune controls, and why this signals a broader shift toward AI choice rather than forced adoption.https://www.bleepingcomputer.com/news/microsoft/microsoft-may-soon-allow-it-admins-to-uninstall-copilot-on-managed-devices/09:46 – Google Announces a New Protocol for AI-Driven CommerceGoogle introduces the Universal Commerce Protocol (UCP), an open standard designed to let AI agents handle shopping, payments, and transactions across retailers. With backing from major brands and payment networks, John and Lou unpack why agent-driven commerce may become one of AI’s first truly mainstream use cases.https://techcrunch.com/2026/01/11/google-announces-a-new-protocol-to-facilitate-commerce-using-ai-agents/12:47 – Meta Signs Nuclear Power Deals for AI Data CentersMeta secures long-term nuclear power contracts totaling more than 6 GW to fuel its AI infrastructure. The discussion focuses on why power—not chips—is becoming the true bottleneck for AI expansion and why nuclear energy is rapidly moving from “controversial” to “necessary.”https://techcrunch.com/2026/01/09/meta-signs-deals-with-three-nuclear-companies-for-6-plus-gw-of-power/🔚 Wrap Up16:49 – Mail BagListener feedback revisits cross-platform AI agents, Apple’s closed ecosystem, and whether enterprises can afford to exclude Mac users as agentic AI becomes more central to daily workflows.18:53 – Wrap UpJohn and Lou close the episode by reinforcing a key theme: AI’s future will be defined as much by energy, policy, and interoperability as by model performance. Hosted on Acast. See acast.com/privacy for more information.

This week on IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down CVE-2025-20393, a CVSS 10.0 zero-day vulnerability affecting Cisco Secure Email Gateway (SEG) and related AsyncOS-based email security products.The flaw is actively exploited in the wild, remains unpatched, and—ironically—uses the spam filtering engine itself as the attack vector. With no user interaction required and evidence of nation-state activity, this vulnerability represents a worst-case scenario for organizations relying on Cisco’s email security stack.If you run Cisco Secure Email Gateway or Email Security Appliances, this is an emergency-level issue that demands immediate attention.⸻📌 Show Notes🚨 CVE of the Week: CVE-2025-20393•Severity: CVSS 10.0 (Critical)•Status: Actively exploited, no patch available•Vendor: Cisco🎯 Affected Products•Cisco Secure Email Gateway (SEG)•Cisco Email Security Appliance (ESA)•Cisco Secure Email and Web Manager (SEWM)•All affected systems run Cisco AsyncOS🔓 How the Exploit Works•Attackers deliver a specially crafted email that is processed before a spam verdict is reached•The payload is executed during email parsing, attachment handling, or content inspection•No user interaction required•The malicious email never needs to reach an inbox💥 Real-World Impact•Full remote code execution on the email gateway•Email interception and exfiltration (espionage risk)•Persistent access for follow-on attacks•Credential harvesting and downstream phishing using trusted infrastructure•Log wiping, making detection extremely difficult🌍 Threat Activity•Exploits observed as early as November 2025•Linked to Chinese state-aligned actors•Tracked under UAT-9686, associated with groups such as APT41 and UNC5174•Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog🛡️ Mitigation Guidance (No Patch Available)•Immediately restrict and segment management interfaces•Tighten ACLs and allow lists•Treat SEG as Tier-Zero-adjacent infrastructure•If compromise is suspected: full system rebuild required•Assume persistence due to log tampering🧠 Commentary•The exploit weaponizes the very system designed to stop malicious email•Lack of a patch from a vendor of Cisco’s size raises serious concerns•For some organizations, this may prompt reevaluation of email security platforms altogether⸻🔚 Wrap-Up & Listener FeedbackWe want to thank listeners who continue to engage with the show and help shape the conversation:•GFABasic32 wrote:“Thanks for the emergency update on n8n. I love the balance of technical deep dives and high-level strategy. You guys make keeping up with CVEs actually entertaining.”•Dennis added:“I love the CVE of the Week. These episodes are like exposure therapy.”That’s exactly the goal—helping you face what’s happening in security so you can respond, not react.Have thoughts on this CVE or want us to cover another one? Reach out.⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

CES may be a consumer show, but this week it sent shockwaves through enterprise IT. In this episode of IT SPARC Cast – News Bytes, John Barger and Lou Schmidt break down why nearly every major chip vendor chose CES to unveil next-generation CPUs, what Lenovo’s new agentic AI strategy means for IT teams, and why Microsoft embedding Copilot deep into Windows could fundamentally change how operating systems work.From Intel’s attempt at a comeback, to AMD and Qualcomm’s positioning against NVIDIA, to growing concerns about trust, security, and AI agents living inside your OS, this episode separates meaningful signals from CES noise—and explains why power efficiency, autonomy, and control are becoming the real battlegrounds.⸻⏱️ Show Notes00:00 – IntroJohn and Lou frame CES as the unexpected epicenter of enterprise IT announcements, explaining why CPUs, AI, and robotics dominated the show—and why IT teams should care.⸻📰 News Bytes00:54 – New CPUs AnnouncedCES saw major CPU launches from Intel, AMD, Qualcomm, and NVIDIA—signaling a shift toward mainstream AI hardware announcements. Intel launched Panther Lake, AMD expanded Ryzen AI, Qualcomm pushed Snapdragon X2 for AI agents, and NVIDIA moved Rubin into full production.⸻09:45 – Lenovo’s New AI AgentLenovo unveiled Qira, an agentic AI designed to work across PCs, phones, wearables, and enterprise systems alongside Microsoft Copilot. The move highlights a growing push toward cross-device AI coordination—and raises questions about Apple’s closed ecosystem.⸻12:40 – Microsoft Integrates Copilot Deep into WindowsMicrosoft is embedding AI agent launchers directly into Windows, allowing third-party applications to register system-wide AI agents. While this may keep operating systems relevant, it introduces serious trust and security concerns around deep OS-level access.https://blogs.windows.com/windows-insider/2025/12/19/announcing-windows-11-insider-preview-build-26220-7522-dev-beta-channels/⸻🔁 Wrap Up19:03 – Mail BagListener feedback sparks a discussion on cloud outages, cost structures, and whether on-prem alternatives are becoming viable again for certain businesses.22:15 – Wrap UpJohn and Lou emphasize that resilience in the cloud is still possible—but only if organizations are willing to pay for it—and invite listeners to share what CES announcements stood out to them.IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

In the first regular IT SPARC Cast - CVE of the Week episode of 2026, John & Lou dive into a critical, actively exploitable vulnerability shaking the automation world. CVE-2026-21858—dubbed Ni8mare—targets the popular workflow automation platform n8n, earning a full CVSS 10.0 due to unauthenticated remote code execution.They break down how a content-type confusion bug inside n8n’s webhook processing engine allows attackers to fully compromise systems, why automation platforms are uniquely dangerous when breached, and what this means for enterprises running self-hosted or lightly governed internal tooling. The episode also highlights listener feedback and calls out a community-built React security tool worth checking out.⸻Show NotesCVE of the Week: n8n “Ni8mare” (CVE-2026-21858)•What is n8n?An open-source, self-hosted workflow automation platform similar to Zapier or Make, widely used in enterprise and regulated environments for visual API-driven automation.•Severity & ScopeCVE-2026-21858 carries a CVSS 10.0, joining multiple recent n8n vulnerabilities rated 9.9–10.0. n8n has over 200,000 deployments across cloud and on-prem environments.•Technical Root CauseA content-type confusion flaw in webhook form-data handling allows attackers to bypass file validation and execute arbitrary code.•Why This Is DangerousWorkflow engines often touch identity systems, APIs, credentials, and business logic—making them high-value targets with blast radii far beyond a single server.•Enterprise TakeawayShadow IT, internally built automation, and lightly governed enablement tools must be continuously audited. Patch known systems—and actively hunt for unknown ones.https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.htmlListener HighlightDennis called out the Ingram Micro ransomware outage, noting that he hadn’t realized just how disruptive that incident was. And he’s absolutely right—Ingram Micro going offline for roughly 9–10 days created a nightmare scenario for VARs, system integrators, and build shops that rely on Ingram for ordering, RMAs, and emergency drop-ship replacements.To put the scale in perspective, Ingram Micro processes an estimated $30–40 million per day in transactions. Even if some revenue was recovered later, the operational disruption, reputational damage, and downstream impact across the supply chain were massive. This is exactly why incidents like this belong in the conversation when we talk about real-world IT security failures.Thanks for the thoughtful comment, Dennis—we genuinely appreciate the feedback and the conversation it sparked.Wrap Up & Community EngagementThis episode reinforces a core theme: automation without security oversight becomes an enterprise liability. IT teams must partner with business units—not just say “no”—while enforcing continuous audits and rapid patching.Follow & ConnectIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

In this special predictions episode of IT SPARC Cast – News Bytes, John Barger and Lou Schmidt kick off 2026 by trading bold, unfiltered forecasts for enterprise IT, AI, cloud, energy, and geopolitics. With five predictions each—and no prior coordination—they round-robin through what they believe will define the next year in technology.From the deflation of the AI hype cycle and Apple’s inevitable AI acquisition, to quantum computing entering nation-state playbooks, nuclear power reshaping data centers, and lawsuits finally challenging cloud provider accountability, this episode puts both hosts on the record. At the end of the year, they’ll revisit every prediction and grade themselves—so these takes are meant to age in public.⸻⏱️ Show Notes00:00 – IntroJohn and Lou explain the format: ten total predictions for 2026, five each, shared live without coordination—and revisited at the end of the year for accountability.⸻🔮 2026 Predictions01:09 – Lou: The AI Bubble DeflatesAI investment cools as rationalization sets in—money keeps flowing, but weaker players and inflated expectations begin to fall away instead of a full collapse.01:29 – John: Apple Acquires an AI / LLM CompanyApple makes a major AI acquisition to avoid long-term dependence on competitors’ models and regain control over its AI strategy.02:53 – Lou: AI Starts to Get Really UsefulAI shifts from hype to practical value, quietly improving everyday workflows and real-world systems rather than flashy demos.04:11 – John: Nation States Use Quantum ComputingEvidence emerges that a nation-state is actively using quantum computing for espionage or cyber operations, even if never formally acknowledged.04:45 – Lou: AI Sneaks Into Places We Never ExpectedAI embeds itself into overlooked products and environments—especially AR, wearables, and location-aware systems—delivering small but meaningful gains.05:50 – John: Negative Reaction to OpenAI HardwareOpenAI’s hardware announcement is initially panned by the press and competitors, only to be vindicated later as its purpose becomes clear.  06:51 – Lou: Power Gets Real for Data CentersEnergy—not chips—becomes the primary constraint for cloud and enterprise infrastructure, forcing new generation strategies into production.08:00 – John: Small Modular Nuclear Reactors Explode (In a Good Way)SMRs rapidly gain funding, deployments, and valuations as they become the only scalable answer to data center power demand.08:36 – Lou: The Privacy Environment Gets WeirdGeopolitics, AI agents, and shifting borders create inconsistent and unpredictable privacy regimes across regions.10:11 – John: Lawsuits Over Cloud OutagesMajor lawsuits—possibly class actions—emerge after cloud outages cause real-world harm, forcing legal accountability for uptime failures.⸻🔁 Wrap Up11:58 – Wrap UpJohn and Lou invite listeners to submit their own 2026 predictions and commit to revisiting all forecasts at year’s end to see who was right.IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

n this special CVE Year in Review episode of IT SPARC Cast, John Barger and Lou Schmidt break from the usual single-CVE format to count down the five worst IT security failures of 2025.From long-lived remote code execution flaws in enterprise networking gear, to a ransomware attack that shut down a global distributor, to systemic cloud outages that shattered the concept of “five nines” availability, this episode looks at what really went wrong—and why it matters heading into 2026.These weren’t theoretical risks. They were real-world failures that disrupted supply chains, exposed critical infrastructure, and forced the industry to rethink assumptions about resilience, cloud reliability, and operational security.⸻📋 Show Notes🔥 Top 5 IT Security Fails of 202501:39 - #5 – Ruckus NetworksRuckus suffered from multiple long-lived remote code execution and authentication bypass vulnerabilities that persisted across 2024 and 2025. Impacted products included SmartZone, ZoneDirector, Cloudpath, and ICX switch management interfaces. Several flaws allowed unauthenticated access to management planes, enabling attackers to take over wireless controllers, push malicious firmware, and pivot deeper into enterprise networks. The lack of timely patches and limited communication made remediation especially painful for customers.04:32 - #4 – Ingram MicroA ransomware attack forced one of the world’s largest technology distributors to effectively shut down operations for days. Ordering systems went offline, patch access was disrupted, and thousands of downstream partners and customers were impacted. While it remains unclear whether ransom was paid, the incident highlighted how a single distributor outage can cascade across the IT supply chain, delaying hardware replacements, breaking SLAs, and costing millions in lost revenue.07:21 - #3 – SAP NetWeaverCVE-2025-31324 exposed a critical unauthenticated remote code execution flaw in SAP NetWeaver’s Visual Composer. Actively exploited in the wild before many organizations were aware of its existence, the vulnerability gave attackers potential access to finance, HR, procurement, and supply-chain data. For enterprises running SAP at the core of operations, successful exploitation meant full application takeover and deep visibility into business processes.10:26 - #2 – ReactA severe remote code execution issue in React sent shockwaves through the software ecosystem. With an estimated one-third of cloud applications depending on React, attackers were able to chain exploits involving dependency poisoning, build pipeline compromise, and even client-side execution. While patches were released quickly, the sheer scale of affected deployments meant many systems remained vulnerable well after disclosure—and some still are.12:23 - #1 – Cloud Outages2025 marked the year that “five nines” effectively died. Major outages across AWS, Microsoft Azure, Google Cloud, Microsoft 365, and IBM Cloud caused multi-hour disruptions affecting identity systems, collaboration tools, healthcare platforms, and public-safety infrastructure. Many incidents were caused not by attackers, but by control plane failures, DNS issues, NTP misconfigurations, and cascading dependencies. The result: billions in estimated financial impact and renewed concern over life-critical workloads running entirely in the cloud.Watch Cloud SLA Theater: Why 99.999% Uptime Is a Joke in 2025 - https://www.youtube.com/watch?v=ygcYoFBXdjQ⸻17:19 - Wrap UpIf you think we missed a major security failure—or disagree with our rankings—we want to hear from you. Reach out, leave a comment, or send us feedback. Your insights often shape future episodes.🔗 Connect With UsIT SPARC CastX: @ITSPARCCastLinkedIn: https://www.linkedin.com/company/sparc-sales/John BargerX: @john_VideoLinkedIn: https://www.linkedin.com/in/johnbarger/Lou SchmidtX: @loudoggeekLinkedIn: https://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

This week on IT SPARC Cast, John Barger and Lou Schmidt break down three stories shaping the future of enterprise IT—from continued AI spending despite questionable ROI, to radically new approaches to long-term data storage, and a major consolidation in the online learning market.⸻📰 News Bytes00:46 – CEOs Keep Spending on AI Despite Spotty ReturnsDespite mixed financial outcomes, a growing number of CEOs plan to increase AI investment through 2026, viewing AI as strategically unavoidable rather than immediately profitable.Key discussion points:•Fewer than half of current AI projects are delivering clear ROI•Strong gains in sales, marketing, customer service, and developer productivity•Weak performance in regulated, high-risk areas like legal, HR, compliance, and cybersecurity•Layoffs blamed on AI may result in long-term operational backlashThe hosts argue that AI should augment human expertise, not prematurely replace it—and warn against betting the company on incomplete automation strategies.https://www.msn.com/en-us/technology/artificial-intelligence/ceos-to-keep-spending-on-ai-despite-spotty-returns/ar-AA1SkMcE07:34 – 5D Glass Storage: Crystals for the EnterpriseA UK company, SPhotonix, is advancing 5D glass storage, capable of preserving data for billions of years by etching nanoscale structures into glass using femtosecond lasers.Highlights include:•360 TB per 5-inch glass disk•Designed for permanent archival, not hot or warm storage•Potential replacement for long-term tape archives•Early write speeds are slow, but roadmap improvements are promisingThis technology positions itself as a future-proof solution for enterprises, governments, universities, and cultural institutions facing long-term data retention challenges.https://www.tomshardware.com/pc-components/storage/sphotonix-pushes-5d-glass-storage-toward-data-center-pilots15:00 – Coursera Acquires Udemy for $930 MillionOnline education giant Coursera is acquiring Udemy in a deal valued at approximately $930 million, creating a dominant force in enterprise and consumer e-learning.Discussion points:•Udemy’s strong practitioner-led course model•Coursera’s academic and credentialing reach•Expanded use of AI for assessments, personalization, and skills validation•Potential shift toward a “market-driven university” modelThe hosts see this consolidation as a net positive for enterprise IT teams responsible for compliance training, upskilling, and leadership development.https://techcrunch.com/2025/12/17/coursera-and-udemy-enter-a-merger-agreement-valued-at-around-2-5b/🔁 Wrap Up20:00 – Listener Feedback⭐ Community Call-Out: Abdullah’s React Audit ToolA special shout-out to Abdullah ( https://x.com/ozkayabd ) who responded on X after a previous React CVE episode and shared an open-source tool to help teams audit their environments:👉 React Audit Scannerhttp://rsc-auditor.vercel.appThis tool allows teams to quickly check whether they may be impacted by recent React vulnerabilities. As always, review and validate any third-party tool before using it in production.A special shout-out to Megan, who reached out after the episode with thoughtful feedback—and who’s doing important work to tackle a problem far too many people experience: ghosting of job applicants by recruiters and HR teams.Megan is actively pushing for better communication, transparency, and basic professionalism in the hiring process. It’s a reminder that while we talk a lot about AI, automation, and efficiency, the human side of tech and hiring still matters. Follow her on LinkedIn:https://www.linkedin.com/in/megan-julianoConnect with the hosts and the show:IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a long-overdue security move from Microsoft: disabling the RC4 cipher by default across Windows authentication infrastructure. After more than two decades of known cryptographic weaknesses, RC4 is finally being deprecated in favor of modern encryption standards like AES.The discussion covers why RC4 persisted for so long, how legacy Active Directory and Kerberos environments kept it alive, and why attackers have continued to exploit it through techniques like Kerberoasting. The hosts also highlight the new logging, auditing, and PowerShell tools Microsoft released to help enterprises identify and eliminate lingering RC4 dependencies—without breaking production systems.⸻📋 Show Notes🔐 Main Topic: Microsoft Disables RC4 by Default•Microsoft is removing RC4 (Rivest Cipher 4) as a default cipher in Windows authentication after more than 25 years.•RC4 has been known to be cryptographically broken for decades and has been actively exploited in real-world attacks.•The change impacts Kerberos authentication across Windows Server 2008 and later.•RC4 will still function only if explicitly re-enabled—which is strongly discouraged.⚠️ Why RC4 Is Dangerous•RC4 has been abused in Kerberoasting attacks against Active Directory environments.•Weak encryption allows attackers to extract service account credentials offline.•Keeping RC4 enabled significantly increases the blast radius of a compromised domain.🛠️ What Microsoft Did Right This Time•Added enhanced Kerberos logging (Event IDs 4768 and 4769) to identify RC4 usage.•Released PowerShell scripts to audit domain controllers for RC4 dependencies.•Published clear migration guidance to move environments to AES-SHA1 and stronger encryption.•Provided visibility before enforcing the change, helping admins avoid outages.🎧 Listener Feedback Highlight•A YouTube listener praised the CVE of the Week format as being highly valuable from an ops and security standpoint.•Strong validation that actionable vulnerability analysis resonates with enterprise IT teams.⭐ Community Call-Out: Abdullah’s React Audit ToolA special shout-out to Abdullah ( https://x.com/ozkayabd ) who responded on X after a previous React CVE episode and shared an open-source tool to help teams audit their environments:👉 React Audit Scannerhttp://rsc-auditor.vercel.appThis tool allows teams to quickly check whether they may be impacted by recent React vulnerabilities. As always, review and validate any third-party tool before using it in production.⸻🔚 Wrap Up & Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John and Lou tackle one of the most emotionally charged weeks in enterprise IT. Google CEO Sundar Pichai openly acknowledges that AI-driven layoffs will cause real pain before progress—a statement that sparks a candid Hot Take on disruption, job loss, and opportunity.From there, the show dives deep into the mounting backlash against U.S. data centers, with over 200 environmental groups demanding a halt to new builds—ironically accelerating plans for orbital data centers. The conversation then turns optimistic as the inventor of the Super Soaker unveils a breakthrough technology that converts waste heat directly into electricity, potentially reshaping geothermal and data center power economics.Finally, the guys explore Boom Supersonic’s unexpected pivot—using jet engines as grid-scale power generators for data centers—and Google’s launch of managed MCP servers that allow AI agents to plug directly into core Google services with minimal integration effort.⸻⏱️ Show Notes00:00 – IntroThis week: Google admits AI pain is coming, environmentalists push data centers toward orbit, waste heat becomes power, and AI agents get a universal plug.⸻HOT TAKE00:55 – Google CEO on AI Layoffs: “We’re All Going to Have to Suffer Through It”•Sundar Pichai acknowledges widespread layoffs and economic strain tied to AI adoption.•John and Lou discuss why AI-driven efficiency gains are being used as justification for premature workforce cuts.•Key argument: AI doesn’t replace people—it amplifies small teams and enables entrepreneurship.https://www.msn.com/en-us/money/companies/google-ceo-says-we-re-all-going-to-have-to-suffer-through-it-as-ai-puts-society-through-the-woodchipper/ar-AA1S5Pzx ⸻NEWS BYTES06:11 – More Than 200 Environmental Groups Demand Halt to New U.S. Data Centers•Greenpeace and others cite water usage, power demand, and CO₂ emissions.•~$64 billion in data center projects already delayed or halted.•Lou explains why this pressure is accelerating interest in orbital data centers—one FCC license vs. hundreds of local permits.https://www.theguardian.com/us-news/2025/dec/08/us-data-centers ⸻10:26 – Super Soaker Inventor Wants to Turn Waste Heat into Electricity•Lonnie Johnson (inventor of the Super Soaker) unveils the Johnson Thermal Electrochemical Converter (JTEC).•Works with small temperature differentials—no turbines, no moving parts.•Could dramatically change how data centers source supplemental power.https://www.ajc.com/business/2025/11/earth-needs-more-energy-atlantas-super-soaker-creator-may-have-a-solution/ ⸻13:08 – Boom Supersonic Uses Jet Engines to Power Data Centers•Boom Supersonic repurposes its jet engine designs into natural gas turbines for data centers.•Each turbine outputs ~42 MW; initial orders exceed 1.2 GW and are rapidly increasing.•First deliveries expected in 2027; turbine factory opening next year.•John and Lou connect this to job creation across manufacturing, operations, and IT management.https://techcrunch.com/2025/12/10/google-is-going-all-in-on-mcp-servers-agent-ready-by-design/ ⸻16:44 – Google Launches Managed MCP Servers for AI Agents•Google introduces managed Model Context Protocol (MCP) servers on GCP.•MCP creates a universal “language” for AI agents to interact with tools and services.•Reduces API complexity—ask questions, get results, take action.•Free during public preview for enterprise customers.•Lou calls this a major step toward AI-native enterprise workflows.https://techcrunch.com/2025/12/10/google-is-going-all-in-on-mcp-servers-agent-ready-by-design/ ⸻Wrap Up20:38 – Mail Bag & Wrap Up•Listener feedback highlights interest in portable and containerized data centers.IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.