Hosted on Acast. See acast.com/privacy for more information.
Hosted on Acast. See acast.com/privacy for more information.
In this week’s IT SPARC Cast – News Bytes, John and Lou explore the intersection of AI, hardware, and IT freedom — from creative tension at EA to chipmaking disruption.
First, Electronic Arts (EA) launches ReefGPT, an internal AI design tool meant to boost productivity across studios. Developers say it’s unreliable and fear job losses, while leadership insists AI is the future. John and Lou unpack the deeper message: AI won’t take your job, but someone using AI will.
Then, Qualcomm jumps into the AI data center market with its new AI200 and AI250 chips — scaled-up versions of its mobile neural processors, ready to challenge Nvidia and AMD for inference workloads. The hosts discuss how this could finally relieve the GPU bottleneck driving AI infrastructure costs through the roof.
Next, Ubiquiti declares “SFP Liberation Day.” The new $49 SFP Wizard not only tests but reprograms fiber modules to work with any switch — bypassing vendor lock-ins from Cisco, HPE, and others. John and Lou call it “the jailbreak every network engineer has been waiting for.”
Finally, Substrate, a U.S. startup, unveils an X-ray lithography chipmaking tool that could rival ASML’s $400M EUV machines. Backed by $100M in funding, the company aims to bring advanced chip manufacturing back to the U.S. — potentially reshaping the semiconductor landscape.
00:00 - Intro
00:52 - Electronic Arts (EA) AI Divide
•EA launches ReefGPT to accelerate game design.
•Creatives call it unreliable and fear losing creative control.
04:15 - Qualcomm Joins the AI Arms Race
•Qualcomm announces AI200 (2026) and AI250 (2027) chips for data centers.
•Targets Nvidia’s GPU monopoly with rack-mounted, liquid-cooled solutions.
•Could ease supply pressure and diversify AI compute resources.
https://www.cnbc.com/2025/10/27/qualcomm-ai200-ai250-ai-chips-nvidia-amd.html
11:35 - Ubiquiti Liberates the SFPs
•“SFP Liberation Day” brings a $49 SFP Wizard tool for testing and reprogramming optics.
•Supports SFP, SFP+, and QSFP modules across brands.
•A win for network engineers tired of overpriced vendor modules.
https://blog.ui.com/article/welcome-to-sfp-liberation-day
15:58 - Substrate Announces Chipmaking Tool to Rival ASML
•Substrate reveals an X-ray lithography system
•Rivaling ASML’s EUV tools at lower cost.
•Could reshape semiconductor competition and domestic manufacturing.
https://www.ft.com/content/2496edef-4f1b-47aa-877d-9c01271faaa1
21:02 - Mail Bag & Wrap Up
Hosted on Acast. See acast.com/privacy for more information.
In this special Halloween edition of CVE of the Week, John and Lou dive into a truly chilling scenario — a high-severity DNS poisoning flaw that could be the perfect setup for a wave of phishing attacks and credential theft across enterprise networks.
The star of the episode: CVE-2025-40778, a newly discovered vulnerability in BIND 9’s resolver logic. This flaw allows unauthenticated attackers to inject forged DNS records, redirecting legitimate queries to malicious servers — all without user interaction. With a CVSS score of 8.6, exploits are already active in the wild, and over 5,900 exposed instances have been identified.
But that’s just the start. The hosts explain how major outages at AWS (US-East-1) and Microsoft Azure opened the door for clever phishers to strike when users were most vulnerable — during downtime. Together, these issues illustrate a perfect storm of technical failure and human manipulation.
Lou and John share practical defenses: patch immediately, enable DNSSEC, restrict recursion, and — most importantly — establish a trusted, redundant communication plan for your users before the next outage hits.
⸻
Key Takeaways
•CVE-2025-40778 impacts BIND 9 versions from 9.11 to 9.21.12, including S1 previews.
•Exploits are already circulating — attackers can poison DNS caches remotely.
•Misconfigured DNS and phishing attacks can combine for devastating impact.
•Immediate action: patch, enable DNSSEC, monitor cache entries, and reduce TTLs.
•Prepare for outages — build redundant user communication channels to prevent panic and credential leaks.
Links
https://kb.isc.org/docs/cve-2025-40778
https://nvd.nist.gov/vuln/detail/CVE-2025-40778
https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html
https://www.helpnetsecurity.com/2025/10/28/bind-9-vulnerability-cve-2025-40778-poc/
⸻
Wrap-Up – Stay Connected
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s IT SPARC Cast – News Bytes, John and Lou explore the fast-moving world of AI, quantum computing, and cloud reliability.
First up, OpenAI launches Atlas, an AI-powered browser with ChatGPT built in—complete with persistent memory, agent mode, and deep personalization. But as John warns, “If ChatGPT can see everything you do, that includes your company’s data.” Lou connects it to last week’s 7-Zip discussion, emphasizing the need for strict data access policies in enterprises managing shadow AI use.
Then, Google makes a quantum leap with its new Willow chip and Quantum Echoes algorithm, achieving verifiable quantum advantage—13,000x faster than classical supercomputers. The duo discusses its implications for material science, encryption, and the coming “cryptopocalypse.”
Next, Signal gets proactive, introducing Triple Ratchet Encryption—a post-quantum secure update using ML-KEM (Kyber) to protect against future quantum decryption. It’s the first major messaging platform to harden itself against Harvest Now–Decrypt Later attacks.
Finally, in this week’s Hot Take, the hosts analyze the recent AWS DNS outage that took down half the internet. Their verdict? “It’s not just AWS—it’s the apps.” They discuss multi-region design, cloud dependency, and why “Five Nines” uptime might be a thing of the past.
⸻
⏱️ Show Notes
00:00 - Intro
01:24 - OpenAI Debuts AI-Powered Browser (Atlas)
07:27 - Google Launches New Quantum Chip and Algorithm
https://blog.google/technology/research/quantum-echoes-willow-verifiable-quantum-advantage/
09:31 - Signal Stays Ahead of the Game — Triple Ratchet Encryption
⸻
12:03 - Hot Take: Amazon Web Services (AWS) DNS Outage
John recounts debugging his Ring cameras—before realizing the culprit was AWS.
•Cascading DNS failure caused a self-inflicted denial of service
•Exposed lack of redundancy and poor multi-region design
•50% of the internet went down, despite AWS only running 30% of it
Lou’s takeaway: “Cloud isn’t inherently resilient—it’s only as resilient as you design it to be.”
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of CVE of the Week, John and Lou unpack a fresh pair of vulnerabilities affecting one of the most common tools on Windows desktops — 7-Zip.
Tracked as CVE-2025-11001 and CVE-2025-11002, these directory traversal flaws allow attackers to craft malicious archives that can escape the extraction folder, overwrite arbitrary files, and potentially lead to remote code execution (RCE). The hosts discuss how the vulnerabilities impact not just individual users but also automated systems such as CI/CD pipelines, backup servers, and antivirus scanners that automatically unpack archives.
They also cover how this seemingly moderate (CVSS 7.0) issue highlights a deeper problem — shadow IT and uncontrolled software installation inside enterprise environments. From patching strategies to user privilege escalation controls, this episode offers real-world guidance for keeping your organization secure.
⸻
Key Takeaways
•Two new 7-Zip vulnerabilities (CVE-2025-11001 & CVE-2025-11002) enable directory traversal and code execution.
•Impacts Windows desktops and automated extraction workflows in enterprise systems.
•Proof-of-concept exploits are already public on GitHub.
•The fix: Update 7-Zip immediately, disable automatic extraction of untrusted files, and audit your endpoint permissions.
•Also, define a clear policy for software installation to minimize risk from unmanaged tools.
⸻
Stay Connected
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou cover the latest updates from Ubiquiti, Google, and the global supply chain.
First, UniFi Network 9.5 rolls out with Channel AI, a next-gen visualization tool that uses AI to map RF interference, optimize channels, and improve roaming performance. Add in wired port anomaly detection, Bonjour and multicast enhancements, and it’s clear—Ubiquiti’s aiming straight at the enterprise.
Then, a new report from UC San Diego and the University of Maryland reveals that half of all geostationary satellites are transmitting unencrypted data—including in-flight Wi-Fi, phone calls, and even critical infrastructure telemetry. Lou calls it “the coffee shop Wi-Fi of enterprise networking.”
Finally, Microsoft, AWS, and Google are all cutting China out of their supply chains, relocating server, switch, and AI chip production to India, Thailand, and Vietnam to reduce risk and geopolitical exposure. The move may reshape where tomorrow’s cloud is built.
⸻
⏱️ Show Notes
00:00 - Intro
John & Lou tee up the week’s biggest IT stories with a mix of insight, humor, and caffeine.
⸻
00:48 - Introducing UniFi Network 9.5
•Major update to UniFi’s platform with Channel AI for real-time RF visualization.
•Enhanced roaming for Apple devices.
•New wired port anomaly detection and better multicast handling.
•Lou calls it “the most enterprise-ready version of UniFi yet.”
https://blog.ui.com/article/releasing-unifi-network-9-5
⸻
06:18 - Satellites Found Exposing Unencrypted Data
•Researchers intercepted sensitive traffic from half of all GEO satellites.
•Data included calls, in-flight Wi-Fi, and industrial telemetry.
•Some providers, like AT&T and T-Mobile Mexico, are still unpatched.
•John warns: “Satellites are the coffee shop Wi-Fi of enterprise networks.”
•Encrypt your traffic at the endpoint—don’t rely on the carrier.
https://techcrunch.com/2025/10/14/satellites-found-exposing-unencrypted-data-including-phone-calls-and-some-military-comms/
⸻
12:24 - Microsoft, AWS, and Google Are Reducing China’s Role in Their Supply Chains
•Microsoft aims for 80% of Surface, Xbox, and server production outside China by 2026.
•AWS and Google shifting to India, Thailand, and Vietnam.
•Lou notes: “The white boxes in your rack probably started in a hyperscaler design lab.”
•Reduced tariffs, diversified supply, and fewer geopolitical risks ahead.
https://techcrunch.com/2025/10/16/microsoft-aws-and-google-are-trying-to-drastically-reduce-chinas-role-in-their-supply-chains/
⸻
18:05 - Mail Bag & Wrap Up
Listener Tom writes in, celebrating Synology’s decision to restore third-party drive compatibility:
“They’re back at the top of my list.”
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
A suspected state-sponsored attack has breached F5 Networks, compromising source code, customer data, and production systems. With F5 handling 85% of global load balancing, this could expose countless organizations to new zero-day vulnerabilities.
John and Lou break down how it happened, what’s at risk, and what you should do right now if your infrastructure depends on F5 BIG-IP or related systems.
✅ Learn how to prepare for cascading exploits
✅ Why this breach could redefine patch management and Zero Trust
✅ What AI means for future vulnerability discovery
Like, subscribe, and share to stay ahead of the next major exploit.
Follow us:
IT SPARC Cast — @ITSPARCCast on X | https://www.linkedin.com/company/sparc-sales/
John Barger — @john_Video on X | https://www.linkedin.com/in/johnbarger/
Lou Schmidt — @loudoggeek on X | https://www.linkedin.com/in/louis-schmidt-b102446/
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou break down three big stories that touch nearly every corner of enterprise IT—from power to code to storage.
First, Ubiquiti expands into the UPS market with the new UniFi Uninterruptible Power Supply, combining network management integration, graceful shutdown control, and plug-and-play simplicity for small offices and home labs.
Then, they explore Google DeepMind’s latest breakthrough—CodeMender, an AI tool that not only finds software vulnerabilities but also rewrites and tests patches automatically before submitting them upstream.
Finally, Synology caves to user backlash, walking back its controversial policy that restricted third-party drives in 2025 NAS models. The nerd uprising worked, restoring support for Seagate, WD, and other drives under DSM 7.3.
⏱️ Show Notes
00:00 - Intro
00:51 - Ubiquiti Is Launching a New UniFi Uninterruptible Power Strategy
Ubiquiti enters the UPS market with the UniFi UPS Tower ($159) and UniFi UPS 2U Rackmount ($279).
•Fully integrates with UniFi OS for device-wide graceful shutdown.
•Simplifies UPS monitoring—no scripting or manual config needed.
https://blog.ui.com/article/introducing-uninterruptible-power
06:00 - Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them
Google DeepMind’s CodeMender is the next step in automated software security.
•Detects, rewrites, and self-tests patches before submitting them.
•Refactors vulnerable code to prevent flaw reoccurrence.
•Uses multi-AI feedback loops to ensure accuracy before final submission.
https://thehackernews.com/2025/10/googles-new-ai-doesnt-just-find.html
11:03 - Synology Walks Back Controversial Compatibility Policy for 2025 NAS Units
User backlash works—Synology reverses its decision to block third-party drives in the Plus Series 2025 NAS lineup.
•DSM 7.3 restores compatibility with non-Synology drives.
•Synology pledges a new third-party drive validation program.
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s episode of IT SPARC Cast - CVE of the Week, John Barger and Lou Schmidt dive deep into CVE-2025-49844, a newly discovered and critical remote code execution vulnerability in Redis—the in-memory database that powers over 75% of cloud services. This flaw, dubbed “RediShell”, scores a perfect 10.0 CVSS and affects Redis instances using Lua scripting, allowing attackers to execute arbitrary code and gain full system control.
This 13-year-old bug stems from a use-after-free memory corruption issue that lets attackers escape the Lua sandbox, run malicious code, exfiltrate data, deploy crypto miners, or move laterally inside cloud environments. Even worse—more than 60,000 internet-exposed Redis servers have no authentication, leaving them completely open to exploitation.
John and Lou discuss how this happened, what you can do to secure your infrastructure, and why “cloud-hosted” doesn’t always mean “secure.”
✅ Key Takeaways:
•Update to patched versions immediately (8.2.2, 8.0.4, 7.4.6, 7.2.11, 6.2.20)
•Restrict network access with ACLs
•Rotate all credentials and API keys
•Don’t run Redis as root
•Isolate any compromised hosts before investigation
Lou calls it “a 10 on the oh-crap-ometer”—and he’s not wrong.
https://thehackernews.com/2025/10/13-year-redis-flaw-exposed-cvss-100.html
https://www.darkreading.com/cloud-security/patch-now-redishell-redis-rce
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou dive into three stories that blur the line between security, AI, and sci-fi becoming reality.
First, a jaw-dropping report reveals landlords using tenant-screening services to demand employee workplace logins—scraping paystubs directly from systems like ADP. It’s not only unethical—it’s potentially illegal. John and Lou unpack the security, HR, and legal nightmare this poses for corporate IT teams.
Next, OpenAI and Samsung team up under the Stargate project, with Samsung dedicating nearly 40% of its DRAM output to fuel OpenAI’s next wave of AI data centers—potentially even floating ones. The AI arms race is expanding into new dimensions.
Finally, a newly disclosed exploit gives attackers full control over Unitree robots—including humanoids and quadrupeds—via Bluetooth. The flaw, dubbed UniPwn, allows worms to spread across fleets of robots. Lou calls it “Runaway with Tom Selleck meets Star Trek: The Borg.”
⸻
⏱️ Show Notes
00:00 - Intro
John and Lou set up this week’s stories on privacy violations, AI chip deals, and robot exploits.
⸻
00:48 - Landlords Demand Tenants’ Workplace Logins to Scrape Their Paystubs
Landlords and tenant-screening services are asking renters to log into employer systems so they can scrape payroll data.
•Platforms like Argyle and Approve Shield are at the center of the controversy.
•This violates employee data access policies and may breach federal hacking laws.
•IT leaders should issue internal advisories and enforce MFA to prevent credential leaks.
https://www.404media.co/landlords-demand-tenants-workplace-logins-to-scrape-their-paystubs/
⸻
07:05 - OpenAI, Samsung & the Stargate Chip Pact
OpenAI partners with Samsung and SK Hynix under the Stargate project.
•Samsung to provide 900,000 DRAM wafers monthly—40% of its capacity.
•Floating, green data centers are in the works.
•May overlap with Nvidia’s 10GW expansion announced last week.
https://www.theverge.com/news/789687/openai-samsung-stargate-chips
⸻
10:51 - Exploit Allows Takeover of Fleets of Unitree Robots
Researchers uncovered CVE-2025-60251, a wormable flaw in Unitree’s robot lineup.
•Bluetooth handshake vulnerability allows remote takeover.
•Affects quadrupedal GO2/B2 and humanoid G1/H1 robots.
•Attackers can form botnets, move robots, or exfiltrate data.
•Security professionals must begin planning IoT and robotics policies now.
https://spectrum.ieee.org/unitree-robot-exploit
⸻
17:01 - Mail Bag & Wrap Up
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this eye-opening episode of IT SPARC Cast - CVE of the Week, John Barger and Lou Schmidt explore a shocking vulnerability that doesn’t exploit code — it exploits hardware. Specifically, they dive into how Intel and AMD’s Trusted Execution Environments (TEEs), once hailed as unbreakable, can be compromised via physical attacks. From voltage glitching to signal probing, these advanced threats are no longer theoretical and could sidestep your most hardened security measures.
The episode highlights real-world methods like side-channel probing, interposers, and even fault injection used to extract secrets directly from servers. If a malicious actor can gain physical access to your systems, all bets are off. Lou breaks down the Heracles attack on both AMD SEV and Intel SGX. The hosts emphasize just how crucial physical access controls, chassis alarms, and access logs really are.
Don’t underestimate your weakest link — your data center lock and key.
⸻
🔗 Social Links (Wrap Up Section):
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou break down three stories reshaping enterprise IT and beyond. Nvidia plans to pour up to $100B into OpenAI, funding 10 gigawatts of new data center capacity—raising big questions about power, infrastructure, and the AI arms race.
Next, we explore a moon helium deal that marks the biggest-ever purchase of natural resources from space. A Finnish firm is set to buy Helium-3 for quantum computing and potential fusion—science fiction turning into enterprise reality.
Finally, Microsoft backtracks on Windows 10’s end of life by offering one year of free security updates, buying time for millions of organizations still running legacy systems.
⸻
⏱️ Show Notes
00:00 - Intro
Kicking off this week’s IT digest with energy, space, and security updates.
00:58 - Nvidia to Invest up to $100B into OpenAI
•Nvidia commits up to $100B to build data centers for OpenAI.
•Target: 10 gigawatts of compute capacity—unprecedented in scale.
•Raises concerns over power, sustainability, and regulation.
•Could fast-track nuclear projects and reshape U.S. energy policy.
07:22 - Moon Helium Deal: Biggest Purchase of Natural Resources from Space
•Finnish company BlueForce signs deal with Interloon to mine Helium-3 on the moon.
•Contract: up to 10,000 liters per year between 2028–2037.
•Helium-3 critical for quantum computing cooling and nuclear fusion fuel.
•Moves lunar mining from sci-fi dream to IT-impacting reality.
12:43 - Microsoft Offers Free Windows 10 Security Updates for One Year
•Windows 10 scheduled to end support October 2025.
•Microsoft extends free security updates through October 2026.
•Affects ~53% of PCs still running Windows 10.
•Likely to extend again due to huge install base.
https://www.straitstimes.com/world/united-states/microsoft-offers-no-cost-windows-10-lifeline
⸻
17:19 - Wrap Up
Thanks for tuning in—let us know your thoughts on Nvidia’s investment, lunar helium mining, or Microsoft’s Windows 10 strategy.
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down CVE-2025-20352, a serious SNMP vulnerability impacting Cisco’s IOS and IOS XE software. Rated CVSS 7.7, this flaw allows attackers with read-only SNMP credentials to crash your system—and with admin credentials, it can escalate to full remote code execution as root. That’s right—root.
We explain why this threat is more dangerous than the score suggests, how it fits into broader supply-chain and chain-attack patterns, and why outdated or unsupported infrastructure makes this even worse. The team also shares mitigation tips and why you might need to shut off SNMP entirely if you’re running legacy gear.
If you’re managing Cisco infrastructure, especially with SNMPv2c or earlier, this episode is a must-listen. Don’t wait for this to be part of a multi-vector attack—lock it down now.
⸻
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou cover three stories that hit at the core of enterprise IT and the global tech economy. Ubiquiti expands its portfolio with a new UniFi NAS lineup, featuring everything from 2-bay PoE-powered appliances to rackmount Pro units with 10G and redundant power. The move puts UniFi in direct competition with Synology—but with its own unique twists.
Then, they turn to India’s outsourcing industry, where AI is hollowing out the entry-level coding, QA, and documentation jobs that fueled its decades-long tech boom. What does this mean for global IT services, and can India climb the value chain before it’s too late?
Finally, Nvidia just dropped a $5B investment in Intel, snapping up common stock and setting the stage for joint chip development. Could this be a “promise ring” for an eventual acquisition—and what does it mean for the U.S. semiconductor landscape?
⏱️ Show Notes
00:00 - Intro
John and Lou set the stage for this week’s enterprise IT news rundown.
00:55 - UniFi’s Next-Gen Storage Lineup
Ubiquiti announces four new NAS appliances:
•UNAS 2: $200, 2-bay, 2.5G, PoE-powered, targeted at home & small office.
•UNAS 4: $380, 4-bay, adds NVMe cache slots, PoE+++, ships Q4.
•UNAS Pro 4: $500, 1RU rackmount, multiple 10G ports, MCLAG support.
•UNAS Pro 8: $800, 2RU rackmount, 8 bays, dual PSUs, enterprise-ready.
No container compute like Synology, but excellent backup/cloud integration and PoE flexibility make these compelling.
https://blog.ui.com/article/all-new-next-gen-of-unifi-storage
06:46 - AI is Gutting the Entry-Level Jobs That Powered India’s Tech Boom
•Entry-level coding, QA, and tech writing roles are being automated away.
•Hiring has dropped drastically, with unemployment among young engineers rising.
•Outsourcing’s model is collapsing, replaced by AI’s first-pass coding, testing, and documentation.
What’s next: India must move up the value chain—or face major economic disruption.
https://indiadispatch.com/p/hollow-at-the-base
12:33 - Nvidia is Investing $5 Billion in Intel
•Nvidia buys $5B in Intel stock at $23.28/share.
•Strategic partnership to co-develop chips for data centers and PCs.
•Could this be the start of Nvidia acquiring Intel?
•Implications for U.S. chip sovereignty, competition with AMD, and the AI infrastructure arms race.
https://www.investopedia.com/nvidia-bets-big-on-intel-with-usd5b-investment-11812508
17:32 - Listener Feedback
John & Lou respond to a listener’s thoughtful comments on UniFi vs. Cisco enterprise support, exploring VAR roles, RMA challenges, and whether UniFi is ready for global scale.
21:11 - Wrap Up
Thanks for tuning in! Drop your feedback via email, X, or YouTube comments—we read them all.
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s episode of IT SPARC Cast - CVE of the Week, John Barger and Lou Schmidt dive into CVE-2025-10585, a newly discovered and actively exploited Chrome zero-day vulnerability that targets the V8 JavaScript engine. This type confusion flaw opens the door to arbitrary code execution — and yes, it’s already being used in the wild. With 70% of the browser market affected, this isn’t just a theoretical risk.
John and Lou break down the exploit mechanics, what V8 is and why it’s so critical, and how this CVE marks the sixth Chrome zero-day in 2025 alone. They also discuss mitigation steps and the ripple effects for Chromium-based browsers like Edge, Brave, and Opera. As a bonus, the duo interprets a cryptic (and possibly alarming) listener comment involving fileless malware, COFF loaders, and HTTPS delivery — spooky stuff.
⸻
🔗 IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
🎙️ John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
🎙️ Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou explore three stories that could reshape IT’s future. GitHub’s launch of SpecKit signals the end of “vibe coding” as we know it—ushering in a new era of spec-driven development that empowers product managers to become builders. Next, we dive deep (literally) into the nuclear startup Deep Fission, which just went public via a SPAC with a plan to drill tiny nuclear reactors into the earth near data centers. Finally, OpenAI is teaming up with Broadcom to launch a custom AI chip by 2026, intensifying the race for compute power.
If you’re interested in dev workflows, energy innovation, or AI hardware strategy—this is one you don’t want to miss.
⸻
⏱️ Show Notes
00:00 - Intro
00:49 - GitHub Just Killed Vibe Coding
GitHub’s new Spec-Kit toolkit enables spec-driven development, allowing teams to move from document to executable with dramatically fewer handoffs. Product managers can now define specs, environments, and target platforms, letting tools like LLMs and automation build apps directly.
John calls it a “product manager’s dream,” while Lou warns it could disrupt the delicate balance between engineering and PM teams.
https://github.com/github/spec-kit
https://youtu.be/em3vIT9aUsg?si=ND9GlREU7ccDaV0H
https://www.reddit.com/r/GithubCopilot/comments/1n7v2pv/kiro_is_cooked_githubs_spec_kit/
07:15 - Nuclear Startup Deep Fission Goes Public in a Curious SPAC
Deep Fission just raised $30M by reverse merging with Surfside Acquisition. Their bold plan? Small modular nuclear reactors dropped a mile underground—powering AI-hungry data centers with ultra-local energy.
They’re partnering with Endeavor to co-develop 2GW of underground capacity and have been tapped for a DOE reactor pilot program.
https://techcrunch.com/2025/09/08/nuclear-startup-deep-fission-goes-public-in-a-curious-spac/
11:47 - OpenAI to Launch Its First AI Chip in 2026 with Broadcom
OpenAI and Broadcom are building a new AI chip that will power OpenAI’s internal workloads starting in 2026.
• It won’t be publicly available (at least at launch).
• It’s the latest in a growing trend of custom silicon from AI giants.
• Lou & John break down why this signals a hardware arms race and the compute bottlenecks that still plague the AI industry.
⸻
15:30 - Wrap Up
Thanks for tuning in! We want your feedback:
📩 feedback@itsparccast.com
📣 Social Links
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt unravel the truth behind PromptLocker — the so-called first “AI-powered ransomware.” Initially flagged by ESET and widely misunderstood as an active cyber threat, PromptLocker was actually part of a controlled academic research project from NYU’s Tandon School of Engineering, known as “Ransomware 3.0.”
We break down how this proof-of-concept malware used LLMs to dynamically generate malicious code, how it slipped into threat databases, and why this isn’t a crisis — but rather, a warning. With the ability to generate malware instructions on-the-fly without any static payload, this project forces a rethink of traditional security detection methods. The cost? About 70 cents using commercial APIs — or virtually free with open-source models. Join us for a grounded, insightful conversation about what’s real, what’s hype, and what you should be doing next.
⸻
🔗 Social Links
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou unpack OpenAI’s controversial decision to escalate certain ChatGPT conversations to law enforcement—and what that means for user privacy and corporate risk. They then turn to Shadow AI: the unsanctioned use of ChatGPT, Claude, and others by employees, and how enterprises can detect, monitor, and respond without overreacting.
Finally, they spotlight LayerX, a Japanese SaaS startup leading the charge on back-office AI automation—proof that even traditionally conservative markets are embracing next-gen AI for business transformation.
⸻
📝 Show Notes:
00:00 - Intro
A quick rundown of the week’s hottest IT headlines and opinions with John & Lou.
⸻
00:49 - OpenAI Is Reporting ChatGPT Conversations to Law Enforcement
OpenAI has quietly updated its policy: if human reviewers believe a user poses an imminent threat of serious harm, the company may escalate to law enforcement—even without a formal legal request. This has sparked online outrage and privacy concerns, with many calling it a betrayal of OpenAI’s past promises of near-therapist-level confidentiality. John and Lou break down the policy, review real-world implications, and share perspectives on transparency, self-regulation, and the risk of human bias in the review loop.
https://futurism.com/people-furious-openai-reporting-police
⸻
08:05 - Can Your Security Stack See ChatGPT? Why Network Visibility Matters
Shadow AI is on the rise. Employees are bypassing sanctioned tools like Microsoft Copilot and quietly using ChatGPT, Claude, and others to boost productivity. But most corporate security stacks aren’t monitoring these tools. John shares insights into URL filtering, file upload tracking, and behavior-based flags to detect Shadow AI usage. Lou reminds us: education—not punishment—should be your first move.
https://thehackernews.com/2025/08/can-your-security-stack-see-chatgpt-why.html
⸻
15:52 - LayerX: Japan’s AI Answer to Back Office Drudgery
Japan-based LayerX just raised $100M to accelerate AI-powered back-office automation. Their platform—already used by 15,000+ companies—handles expense reports, invoicing, and corporate card ops. John and Lou discuss the implications of conservative Japanese enterprises adopting AI at scale, and what this signals for global enterprise IT adoption.
⸻
21:06 - Listener Feedback & Wrap Up
John gives a shoutout to listener BJ for chiming in on last week’s FTC encryption story. Keep the feedback coming: feedback@itsparccast.com
⸻
Social Links:
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – CVE of the Week, John and Lou dive into a stealthy supply chain attack involving a malicious npm package impersonating NodeMailer. This package—nodejs-smtp—was designed to exploit unsuspecting developers by mimicking legitimate behavior while secretly stealing funds from popular cryptocurrency wallets like Atomic Wallet and Exodus on Windows systems.
The attack was cleverly disguised, executed through Electron-based payloads, and capable of repackaging the victim’s wallet apps to reroute crypto transactions to attacker-controlled wallets. Even build and CI pipelines could miss the infection due to the module’s deceptive functionality. With only 347 downloads before removal, the attack still presents a clear and present danger due to how easily it could be missed or reused.
John and Lou break down how this was discovered, how it works, why it’s dangerous, and what every developer and crypto user should do to protect themselves. They also reflect on how AI-assisted code review, registry controls, and isolated environments are now must-haves for any serious dev or security-conscious user.
⸻
🔗 Social Links (Wrap Up Section)
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou dissect the tension between privacy and surveillance as the FTC doubles down on encryption protection amid global pressures. Then it’s into the shadows as hackers weaponize generative AI to write malware, exploit zero-days, and outpace defenses. Finally, the hosts break down Nvidia’s record-shattering revenue report and explore what it means for enterprise IT and AI infrastructure at scale.
From the frontlines of cybersecurity to the bleeding edge of AI acceleration, this episode is packed with insights, expert banter, and real-world context.
⸻
⏱️ Timestamps & Show Notes
00:00 - Intro
Welcome to another edition of IT SPARC Cast – News Bytes, your trusted short-form rundown of this week’s enterprise IT headlines.
⸻
00:46 - Holding the Line on Encryption: FTC Pushes Back
The Federal Trade Commission is standing firm against global efforts to weaken end-to-end encryption, asserting that consumer privacy and data security cannot be compromised. This marks a pivotal stance as world governments call for encryption “backdoors” to aid law enforcement.
• Key talking points include political tensions, IPA debates, and the FTC’s broader data security agenda.
05:21 - Hackers Unlock the Power of AI
New research shows hackers are weaponizing generative AI to:
• Write polymorphic malware
• Bypass defenses with zero-day obfuscation
• Rapidly scale attacks
Lou and John unpack how this changes threat modeling and what defenders must do to keep up with AI-fueled exploits.
https://thehackernews.com/2025/08/anthropic-disrupts-ai-powered.html
https://thehackernews.com/2025/08/someone-created-first-ai-powered.html
11:50 - Nvidia Sets New Revenue Record as AI Demand Soars
Nvidia’s Q2 earnings shatter expectations, with $42 billion in revenue driven by skyrocketing demand for AI chips and GPU infrastructure.
• Enterprise implications
• Cloud vendor reactions
• Supply chain pressures
The team also discusses how Nvidia is shifting from a chipmaker to a full AI platform vendor.
https://finance.yahoo.com/news/nvidia-reports-record-sales-ai-211839151.html
17:00 - Mail Bag
18:26 - Wrap Up
Thanks for tuning in to IT SPARC Cast! Be sure to subscribe, leave a review, and follow us for more weekly insights into the evolving world of enterprise IT.
Social Links
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
Russian state-sponsored hackers are actively exploiting a seven-year-old Cisco vulnerability—CVE-2018-0171—and turning forgotten infrastructure into surveillance tools. On this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down how outdated Cisco hardware is being targeted through the Smart Install feature and how the FSB-linked group “Berserk Bear” is using them to extract credentials and embed persistent access.
You’ll learn:
•Why legacy hardware in manufacturing, education, and telecom is at risk
•How attackers are using configuration harvesting for long-term access
•What “Cisco zombies” really means—and why it’s the wrong term
•Practical steps for discovery, mitigation, and infrastructure hygiene
From drop-ceiling surprises to international espionage, this episode is a must-listen for every IT leader responsible for aging infrastructure. Patch early. Patch often. And for the love of security, don’t feed the hackers.
⸻
📢 Wrap Up & Social Links
Got a similar story? Or maybe you’ve walked into a nightmare network too? Share it with us:
📩 feedback@itsparccast.com
💬 @ITSPARCCast on X
🔗 https://www.linkedin.com/company/sparc-sales/
Follow the hosts:
👤 John Barger
X: @john_Video
LinkedIn: https://www.linkedin.com/in/johnbarger/
👤 Lou Schmidt
X: @loudoggeek
LinkedIn: https://www.linkedin.com/in/louis-schmidt-b102446/
Be sure to Like, Subscribe, and Enable Notifications so you don’t miss the next vulnerability breakdown.
Hosted on Acast. See acast.com/privacy for more information.
