IT SPARC Cast

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break format to examine two high-impact security and privacy stories that every enterprise IT and security leader should be paying attention to.First, we dive into a new lawsuit alleging that Meta can access or infer WhatsApp message contents, despite years of public claims that WhatsApp is fully end-to-end encrypted. We unpack what “access” really means in modern encrypted messaging systems, including metadata, client-side processing, backups, and enterprise risk implications—especially for organizations using WhatsApp for daily business communications.https://www.bloomberg.com/news/articles/2026-01-25/lawsuit-claims-meta-can-see-whatsapp-chats-in-breach-of-privacyNext, we examine a major data exposure involving Chat & Ask AI, a popular AI chatbot aggregator with tens of millions of users. Due to a backend Firebase misconfiguration, hundreds of millions of private conversations—including highly sensitive topics—were left publicly accessible. This incident highlights the growing risk of Shadow AI inside enterprises and the dangers of third-party AI wrappers that lack enterprise-grade security controls.https://www.404media.co/massive-ai-chat-app-leaked-millions-of-users-private-conversations/The episode closes with listener feedback on a previously covered UniFi Access vulnerability and a broader discussion on how organizations should educate, monitor, and protect users without resorting to blunt enforcement.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt dig into three stories that highlight how enterprise IT is quietly—but fundamentally—restructuring itself. From executives questioning the long-term future of traditional ERP systems, to Ubiquiti introducing a new orchestration-driven take on network fabrics, to a grounded discussion on whether the AI bubble is real and why OpenAI may be far less fragile than critics assume.The conversation connects enterprise software evolution, network architecture at scale, and the hard economic realities of AI infrastructure—especially power and compute. If you’re responsible for enterprise platforms, networking strategy, or long-term IT planning, this episode provides context that goes beyond the headlines.⸻⏱️ Show Notes00:00 – IntroJohn and Lou preview the episode, touching on ERP’s looming transformation, UniFi’s new Fabric approach, and why AI demand—especially at OpenAI—is driven by hard infrastructure realities, not hype.⸻📰 News Bytes00:48 – ERP Isn’t Dead Yet – But Most Execs Are Planning the WakeA survey of more than 4,300 executives shows growing skepticism about ERP’s long-term dominance, even as most organizations remain satisfied with current systems. John and Lou explain why AI-driven, modular, and agentic ERP models are likely evolutions—not rip-and-replace events—and what enterprise IT teams should be doing now to prepare.https://www.theregister.com/2026/01/19/erp_survey_rimini_street/ ⸻06:28 – Ubiquiti Introduces UniFi FabricUbiquiti unveils UniFi Fabric, a centralized orchestration layer designed to manage policies, identity-based networking, Zero Trust, and multi-site environments without cloud licensing. The discussion compares UniFi’s approach to traditional network fabrics like VXLAN and SPBM, highlighting why this controller-first model could appeal to MSPs and mid-sized enterprises.https://blog.ui.com/article/introducing-unifi-fabrics ⸻14:14 – AI Bubble? Maybe. OpenAI Risk? Not Anytime Soon.John breaks down why OpenAI’s revenue growth is directly tied to available compute capacity, not speculative demand. Using concrete megawatt, gigawatt, and ARR figures, the hosts explain why AI may see valuation corrections—but why companies like OpenAI, NVIDIA, and Anthropic are unlikely to disappear.https://openai.com/index/a-business-that-scales-with-the-value-of-intelligence/ ⸻🔁 Wrap Up24:16 – Mail BagListener feedback reinforces the growing link between AI growth and power infrastructure, with discussion around electrical safety, regulation, and why energy expertise may be one of the most valuable skills in the coming decade.27:39 – Wrap UpJohn and Lou close with a reminder that enterprise IT leaders will increasingly be asked to validate power, nuclear, and infrastructure decisions at the executive level—and that staying informed now is critical.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break from the traditional single-CVE format to examine VoidLink, a newly discovered Linux malware framework that represents a major shift in how cyberattacks may be built and executed going forward.Rather than focusing on one vulnerability, VoidLink is designed to chain together many smaller flaws across Linux, containers, and cloud platforms like AWS, Azure, GCP, Docker, and Kubernetes—creating a stealthy, long-term access platform. Researchers believe VoidLink was developed rapidly using AI assistants, offering a rare look at how next-generation malware may be authored, iterated, and deployed. This episode explains why VoidLink matters, how defenders should think about chained exploits, and why this may be an early warning sign for the future of cloud and container security.⸻Show Notes (Podcast)Episode OverviewThis week’s CVE of the Week focuses on VoidLink, a newly identified Linux malware framework designed for persistence, stealth, and modular exploitation across cloud and container environments. While not a single CVE, VoidLink highlights how attackers are moving toward framework-driven, AI-assisted exploit chaining rather than isolated vulnerabilities.Key Topics Covered • What VoidLink is and why it’s different from traditional malware • How chaining low-severity vulnerabilities can result in full compromise • Targeted environments: Linux, Docker, Kubernetes, AWS, Azure, and GCP • Use of loaders, implants, evasion techniques, and modular plugins • Evidence suggesting AI-assisted development with rapid iteration • Why this gives defenders a rare opportunity to observe a threat early in its lifecycle • The implications for cloud security, container hardening, and future CVEsWhy This MattersVoidLink represents a shift from one-off exploits to malware platforms—essentially an “IDE for hacking.” Understanding how these frameworks are built and how they operate is critical for anticipating future attacks and improving detection strategies before they become widespread.⸻Listener Feedback HighlightWe’d like to give a shout-out to Nihal for his thoughtful LinkedIn comment on our earlier Top 10 Operating System Failures episode—specifically his hot take defending Windows ME and critiquing Windows XP’s compatibility break. We love informed debate like this and appreciate listeners who challenge conventional wisdom.⸻Wrap-Up & Social LinksThat wraps up this episode of IT SPARC Cast – CVE of the Week. We couldn’t do this without listeners like you.Did we miss something? Do you have a topic you want us to cover?Send feedback to feedback@itsparccast.com or reach out on social.IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down a week of moves that signal where enterprise AI, cloud platforms, and data center infrastructure are really headed. From Apple officially leaning on Google to power its AI ambitions, to Microsoft giving IT admins the ability to remove Copilot, this episode highlights growing tension between vendor momentum and enterprise control.They also explore Google’s push to standardize AI-driven commerce through agent protocols and why Meta locking down more than 6 GW of nuclear power may be the clearest sign yet that energy—not silicon—is becoming the limiting factor for AI at scale. If you’re tracking AI strategy, platform lock-in, and the future of data centers, this episode connects the dots.📌 Show Notes00:00 – IntroThis week on IT SPARC Cast, John Barger and Lou Schmidt break down a week dominated by AI power shifts, enterprise pushback, and the growing reality that energy—not compute—may be the biggest constraint on AI’s future.📰 News Bytes00:52 – It’s Official: Apple Going with Google for AIApple confirms it will rely on Google’s Gemini models to power the next generation of Siri and Apple Intelligence. John and Lou discuss what this says about Apple’s AI strategy, the risks of deep vendor lock-in, and whether Apple can realistically switch models later without breaking workflows.https://techcrunch.com/2026/01/12/googles-gemini-to-power-apples-ai-features-like-siri/05:44 – Microsoft to Allow IT Admins to Uninstall CopilotMicrosoft is testing new Windows policies that allow enterprise IT teams to remove the consumer Copilot app from managed devices. The conversation explores enterprise data governance, Intune controls, and why this signals a broader shift toward AI choice rather than forced adoption.https://www.bleepingcomputer.com/news/microsoft/microsoft-may-soon-allow-it-admins-to-uninstall-copilot-on-managed-devices/09:46 – Google Announces a New Protocol for AI-Driven CommerceGoogle introduces the Universal Commerce Protocol (UCP), an open standard designed to let AI agents handle shopping, payments, and transactions across retailers. With backing from major brands and payment networks, John and Lou unpack why agent-driven commerce may become one of AI’s first truly mainstream use cases.https://techcrunch.com/2026/01/11/google-announces-a-new-protocol-to-facilitate-commerce-using-ai-agents/12:47 – Meta Signs Nuclear Power Deals for AI Data CentersMeta secures long-term nuclear power contracts totaling more than 6 GW to fuel its AI infrastructure. The discussion focuses on why power—not chips—is becoming the true bottleneck for AI expansion and why nuclear energy is rapidly moving from “controversial” to “necessary.”https://techcrunch.com/2026/01/09/meta-signs-deals-with-three-nuclear-companies-for-6-plus-gw-of-power/🔚 Wrap Up16:49 – Mail BagListener feedback revisits cross-platform AI agents, Apple’s closed ecosystem, and whether enterprises can afford to exclude Mac users as agentic AI becomes more central to daily workflows.18:53 – Wrap UpJohn and Lou close the episode by reinforcing a key theme: AI’s future will be defined as much by energy, policy, and interoperability as by model performance.

This week on IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down CVE-2025-20393, a CVSS 10.0 zero-day vulnerability affecting Cisco Secure Email Gateway (SEG) and related AsyncOS-based email security products.The flaw is actively exploited in the wild, remains unpatched, and—ironically—uses the spam filtering engine itself as the attack vector. With no user interaction required and evidence of nation-state activity, this vulnerability represents a worst-case scenario for organizations relying on Cisco’s email security stack.If you run Cisco Secure Email Gateway or Email Security Appliances, this is an emergency-level issue that demands immediate attention.⸻📌 Show Notes🚨 CVE of the Week: CVE-2025-20393 • Severity: CVSS 10.0 (Critical) • Status: Actively exploited, no patch available • Vendor: Cisco🎯 Affected Products • Cisco Secure Email Gateway (SEG) • Cisco Email Security Appliance (ESA) • Cisco Secure Email and Web Manager (SEWM) • All affected systems run Cisco AsyncOS🔓 How the Exploit Works • Attackers deliver a specially crafted email that is processed before a spam verdict is reached • The payload is executed during email parsing, attachment handling, or content inspection • No user interaction required • The malicious email never needs to reach an inbox💥 Real-World Impact • Full remote code execution on the email gateway • Email interception and exfiltration (espionage risk) • Persistent access for follow-on attacks • Credential harvesting and downstream phishing using trusted infrastructure • Log wiping, making detection extremely difficult🌍 Threat Activity • Exploits observed as early as November 2025 • Linked to Chinese state-aligned actors • Tracked under UAT-9686, associated with groups such as APT41 and UNC5174 • Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog🛡️ Mitigation Guidance (No Patch Available) • Immediately restrict and segment management interfaces • Tighten ACLs and allow lists • Treat SEG as Tier-Zero-adjacent infrastructure • If compromise is suspected: full system rebuild required • Assume persistence due to log tampering🧠 Commentary • The exploit weaponizes the very system designed to stop malicious email • Lack of a patch from a vendor of Cisco’s size raises serious concerns • For some organizations, this may prompt reevaluation of email security platforms altogether⸻🔚 Wrap-Up & Listener FeedbackWe want to thank listeners who continue to engage with the show and help shape the conversation: • GFABasic32 wrote:“Thanks for the emergency update on n8n. I love the balance of technical deep dives and high-level strategy. You guys make keeping up with CVEs actually entertaining.” • Dennis added:“I love the CVE of the Week. These episodes are like exposure therapy.”That’s exactly the goal—helping you face what’s happening in security so you can respond, not react.Have thoughts on this CVE or want us to cover another one? Reach out.⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

CES may be a consumer show, but this week it sent shockwaves through enterprise IT. In this episode of IT SPARC Cast – News Bytes, John Barger and Lou Schmidt break down why nearly every major chip vendor chose CES to unveil next-generation CPUs, what Lenovo’s new agentic AI strategy means for IT teams, and why Microsoft embedding Copilot deep into Windows could fundamentally change how operating systems work.From Intel’s attempt at a comeback, to AMD and Qualcomm’s positioning against NVIDIA, to growing concerns about trust, security, and AI agents living inside your OS, this episode separates meaningful signals from CES noise—and explains why power efficiency, autonomy, and control are becoming the real battlegrounds.⸻⏱️ Show Notes00:00 – IntroJohn and Lou frame CES as the unexpected epicenter of enterprise IT announcements, explaining why CPUs, AI, and robotics dominated the show—and why IT teams should care.⸻📰 News Bytes00:54 – New CPUs AnnouncedCES saw major CPU launches from Intel, AMD, Qualcomm, and NVIDIA—signaling a shift toward mainstream AI hardware announcements. Intel launched Panther Lake, AMD expanded Ryzen AI, Qualcomm pushed Snapdragon X2 for AI agents, and NVIDIA moved Rubin into full production.⸻09:45 – Lenovo’s New AI AgentLenovo unveiled Qira, an agentic AI designed to work across PCs, phones, wearables, and enterprise systems alongside Microsoft Copilot. The move highlights a growing push toward cross-device AI coordination—and raises questions about Apple’s closed ecosystem.⸻12:40 – Microsoft Integrates Copilot Deep into WindowsMicrosoft is embedding AI agent launchers directly into Windows, allowing third-party applications to register system-wide AI agents. While this may keep operating systems relevant, it introduces serious trust and security concerns around deep OS-level access.https://blogs.windows.com/windows-insider/2025/12/19/announcing-windows-11-insider-preview-build-26220-7522-dev-beta-channels/⸻🔁 Wrap Up19:03 – Mail BagListener feedback sparks a discussion on cloud outages, cost structures, and whether on-prem alternatives are becoming viable again for certain businesses.22:15 – Wrap UpJohn and Lou emphasize that resilience in the cloud is still possible—but only if organizations are willing to pay for it—and invite listeners to share what CES announcements stood out to them.IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/