IT SPARC Cast

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a massive supply chain attack targeting Axios, one of the most widely used JavaScript libraries in the world.Attackers compromised a maintainer account and injected malicious code into widely distributed versions, turning routine installs into a cross-platform Remote Access Trojan (RAT) deployment.This isn’t just another vulnerability — it’s a breach of trust in the open-source ecosystem that powers modern web applications.⸻📝 Show Notes A major supply chain attack has compromised Axios, a core JavaScript library used in millions of applications across web, mobile, and backend systems.In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt explain how attackers injected malware into trusted Axios packages — impacting potentially tens of millions of environments worldwide.⸻🔎 What HappenedAxios is a widely used open-source library for making HTTP requests in: • Node.js applications • React, Angular, and Vue frontends • Mobile apps (React Native) • SaaS platforms and internal toolsWith over 45 million weekly downloads, its footprint is enormous.Attackers compromised an Axios maintainer’s NPM account and pushed malicious versions: • Axios 1.14.1 • Axios 0.30.4These versions introduced a hidden dependency: • plain-crypto-js@4.2.1This dependency executed a post-install script that deployed a cross-platform Remote Access Trojan (RAT) targeting: • Windows • macOS • LinuxThe malware then: • Contacted a command-and-control (C2) server • Downloaded OS-specific payloads • Executed silently • Deleted itself and restored clean package files to evade detection⸻⚠ Why This Is So DangerousThis attack is particularly severe because: • It does not require direct user action beyond installing dependencies • It affects transitive dependencies (you may be using Axios without knowing it) • It operates during build/install processes (CI/CD pipelines included) • It leaves minimal forensic evidenceThis is a classic supply chain compromise — not a CVE, but arguably more dangerous.⸻🏢 Enterprise IT ImpactIf your organization: • Uses Node.js or modern JavaScript frameworks • Runs CI/CD pipelines • Builds or deploys SaaS platforms • Uses third-party APIs or SDKsYou are likely exposed.Even if you don’t directly install Axios, it may exist deep in your dependency tree.⸻🧠 Key TakeawayThis was not a flaw in code.This was a failure of trust in the supply chain.If your security model assumes dependencies are safe by default — this attack proves otherwise.⸻🔗 Source Articleshttps://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.htmlhttps://www.elastic.co/security-labs/axios-supply-chain-compromise-detections⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down three major moves reshaping the future of AI infrastructure, chip design, and enterprise automation.Elon Musk announces TeraFab, a massive new effort to bring chip fabrication back in-house for greater control over AI hardware and supply chains. Mark Zuckerberg pushes deeper into agentic AI with plans for a personal “AI CEO” to manage workflows and decision-making. And Arm signals a major strategic shift with a new AI-focused chip designed for agent-based systems—putting it in direct competition with its own ecosystem.From supply chain control and custom silicon to AI-driven leadership tools and next-generation chip architectures, this episode explores how the foundation of enterprise IT is rapidly evolving.  ⸻⏱️ Show Notes00:00 – Intro📰 News Bytes00:45 – Elon Musk Announces TeraFab for AI Chips and MemoryElon Musk has announced plans for TeraFab, a massive chip fabrication initiative aimed at regaining full control over chip design and production.The strategy includes:• A prototype fabrication facility for rapid iteration• A large-scale production fab for mass manufacturing• Vertical integration to reduce dependency on external foundries• Faster time-to-market for AI-driven hardwareAs chip demand surges due to AI workloads, companies are reconsidering outsourced manufacturing models. TeraFab represents a return to end-to-end control of silicon development, which could significantly impact supply chains, pricing, and innovation speed.https://x.com/i/broadcasts/1yKAPMzlvgWxb https://en.wikipedia.org/wiki/Terafab 09:46 – Mark Zuckerberg Builds AI CEO to Help Run MetaMark Zuckerberg is developing a personal AI system capable of handling executive-level tasks—effectively functioning as a digital chief of staff or “AI CEO.”The system is designed to:• Retrieve and synthesize information across internal systems• Automate decision-support workflows• Reduce reliance on layers of management• Act as a “second brain” for operational awarenessThis reflects a broader shift toward agentic AI, where intelligent systems proactively execute tasks rather than simply responding to prompts. The discussion also raises key enterprise questions around security, portability, and ownership of personal AI agents.https://www.the-independent.com/tech/mark-zuckerberg-ai-ceo-bot-b2943792.html17:54 – Arm Unveils New AI Chip for Agentic SystemsArm has announced a new AI-focused chip architecture aimed at powering agentic AI and future AGI-style workloads.Key implications include:• A shift from IP licensing to direct chip competition• Increased competition with existing ecosystem partners• Potential acceleration of specialized AI hardware development• Growing relevance of alternative architectures like RISC-VThis move signals a major strategic pivot for Arm, potentially reshaping the competitive landscape for AI infrastructure and creating new dynamics between chip designers, manufacturers, and enterprise buyers.https://www.reuters.com/business/media-telecom/arm-unveils-new-ai-chip-expects-it-add-billions-annual-revenue-2026-03-24/ 🔁 Wrap Up25:24 – Mail BagListener feedback highlights continued interest in emerging compute models, including biological computing, and reinforces the importance of staying ahead of major infrastructure trends.27:01 – Wrap UpJohn and Lou close with thoughts on the convergence of AI, custom silicon, and agent-based workflows, emphasizing that enterprise IT leaders must prepare for a future where infrastructure, software, and decision-making are increasingly intertwined.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break from a single CVE to tackle a broader and increasingly critical issue: router supply chain security.From botnets built on consumer routers to concerns about firmware, silicon-level vulnerabilities, and manufacturing visibility, the conversation explores why your home or small office router may be one of the weakest links in modern cybersecurity.The hosts explain what’s changing in the router market, which vendors are most at risk, and what both consumers and enterprise IT professionals should be doing now to secure the network edge.⸻📝 Show NotesConsumer routers are no longer just simple networking devices — they are now prime targets in large-scale cyberattacks and botnet operations.In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down the growing risks tied to router supply chains, firmware security, and edge network vulnerabilities.Rather than focusing on a single CVE, this discussion highlights a broader shift in how attackers are targeting home routers, small office devices, and prosumer networking gear as entry points into larger networks.⸻🔎 What’s Changing in Router SecurityRecent attack trends show: • Consumer and small-office routers are being used as launch points for larger cyberattacks • Botnets are increasingly built on unpatched or poorly secured edge devices • Attackers are leveraging routers to mask origin and evade detectionThis makes routers one of the most critical — and often overlooked — components of modern security architecture.⸻⚠ The Supply Chain ProblemOne of the biggest concerns discussed in this episode is supply chain visibility.Key risks include: • Limited insight into where hardware components are manufactured • Potential for firmware-level or silicon-level vulnerabilities • Difficulty auditing third-party manufacturing processes • Inability to fully validate device integrityEven when running trusted software (such as open-source firmware), underlying hardware risks may still exist.⸻🏢 Enterprise & Home Network ImpactThis is not just a consumer issue.Organizations must consider: • Remote employees connecting via insecure home routers • Small offices using low-cost networking equipment • IoT devices relying on consumer-grade infrastructure • Edge devices acting as entry points for lateral movementIf the edge is compromised, the rest of the network is exposed.⸻🛠 What IT Teams and Consumers Should Do • Avoid default configurations and credentials • Keep firmware updated consistently • Segment home and corporate network traffic where possible • Evaluate router vendors for security posture and supply chain transparency • Monitor for unusual traffic patterns or device behavior • Plan for longer-term shifts in router procurement and standardsThis is a long-term evolution, not a short-term panic event.⸻📊 Market Impact & Vendor LandscapeThe episode also discusses potential market shifts: • Lower-cost vendors may face increased scrutiny • Vendors with stronger supply chain transparency may benefit • Manufacturing may shift to more trusted and auditable environments • Future devices may require mandatory security features like auto-updating firmware⸻💬 Listener FeedbackListener feedback from X highlights the growing importance of Zero Trust and identity validation, especially in response to recent discussions about insider threats.The takeaway:Security is no longer just about devices — it’s about people, process, and trust models working together.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

📄 Episode DescriptionIn this episode of IT SPARC Cast – Interview, John Barger sits down with Dr. Ewelina Kurtys of Final Spark to explore one of the most futuristic ideas in computing: building computers from living neurons.Final Spark is a Swiss startup working to create biological computing systems using neurons derived from human stem cells. The goal is to develop a new form of compute that is dramatically more energy-efficient than traditional silicon—potentially by orders of magnitude.In this conversation, John and Dr. Kurtys explore how neurons are sourced, how they are interfaced with traditional systems, and what it will take to build neuron-based data centers. They also discuss the challenges of programming biological systems, the timeline for commercialization, and what enterprise IT professionals should be doing today to prepare for this emerging paradigm.This is a deep dive into the intersection of biology, AI, and infrastructure—and what could become the next major evolution of computing.  ⸻⏱️ Show Notes00:00 – IntroAn introduction to Final Spark and the concept of building computing systems using living neurons as an alternative to traditional silicon-based infrastructure.⸻❓ Questions00:32 - Who Is Final Spark?01:00 - How Do You Source Your Neurons?01:43 - Neuron Quality Control02:43 - Neurons In AI Data Centers03:14 - Benefit Of Using Neurons04:19 - When Will Neuron Based Compute Be Commercially Available05:43 - Operating System Or Programming Language For Neurons06:49 - What Does A Neuron Based Data Center Look Like?07:55 - Containment And Security08:28 - Data Persistence And Memory Erasure09:10 - What Should IT Professionals Do Today To Prepare?12:04 - How Does A Start-Up Get Involved Today?12:44 - How Do You Program Neurons “Bits”? Are They Binary?14:54 - How Do You Connect Neurons To Silicon Based Compute?16:00 - Final Thoughts from Dr. Kurtys⸻https://www.finalspark.comhttps://finalspark.com/articles/⸻🔁 Wrap Up17:19 – Wrap UpJohn reflects on the interview and the long-term implications of neuron-based computing. While still early-stage, the technology represents a potential shift in how compute is delivered—driven by energy efficiency, biological processing models, and new programming paradigms.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down four major stories reshaping enterprise IT, AI infrastructure, and the future of software.Millions of Pokémon Go players unknowingly helped train real-world delivery robots using billions of images. Meanwhile, OpenAI’s ambitious Stargate data center expansion hits a major setback, highlighting the challenges of scaling AI infrastructure.Nvidia pushes the frontier even further with plans for orbital AI data centers powered by its new Vera Rubin Space-1 chip system, while a growing movement suggests the “SaaS apocalypse” may be underway, driven by AI and open-source alternatives reshaping how software is built and consumed.From crowdsourced AI training to space-based compute and the future of enterprise software, this episode explores where the next wave of IT disruption is coming from.  Show Notes00:00 – Intro📰 News Bytes00:45 – Pokémon Go Players Unknowingly Trained Delivery Robots With 30 Billion ImagesNiantic has leveraged years of Pokémon Go gameplay data—over 30 billion images captured by users—to build a highly accurate Visual Positioning System (VPS) capable of centimeter-level location accuracy.The discussion highlights both the brilliance of this crowdsourced data model and broader concerns around data ownership, enterprise data exposure, and unintended data usage.https://www.popsci.com/technology/pokemon-go-delivery-robots-crowdsourcing/?utm_source=chatgpt.com ⸻07:18 – OpenAI’s Massive Stargate Data Center Expansion CanceledPlans to expand a major AI data center tied to the Stargate initiative have been canceled, underscoring the complexity of building large-scale AI infrastructure.Despite the cancellation, demand for AI compute remains extremely high, with other organizations potentially stepping in to utilize available capacity—reinforcing that AI infrastructure demand still far exceeds supply.https://www.tomshardware.com/tech-industry/artificial-intelligence/openais-massive-stargate-data-center-canceled-as-firm-cant-reach-terms-with-oracle-operator-struggles-with-reliability-issues-meta-said-to-be-interested-in-snatching-excess-capacity ⸻11:06 – Nvidia Announces Vera Rubin Space-1 Chip System for Orbital AI Data CentersNvidia is pushing AI infrastructure beyond Earth with its Vera Rubin Space-1 system, designed for use in orbital data centers.While challenges remain—especially around cooling and radiation—this represents a major step toward space-based AI infrastructure as demand for compute continues to surge.https://www.cnbc.com/2026/03/16/nvidia-chips-orbital-data-centers-space-ai.html ⸻17:50 – The SaaS Apocalypse Is Open Source’s Greatest OpportunityA growing trend suggests that traditional SaaS models may be under pressure as AI dramatically lowers the cost of building custom software.The hosts highlight real-world examples of AI enabling individuals to build production-ready applications in hours, signaling a potential return to highly customized, in-house systems—powered by AI instead of large dev teams.https://hackernoon.com/the-saas-apocalypse-is-opensources-greatest-opportunity ⸻🔁 Wrap Up25:28 – Mail BagListener Tim flags an issue with a previous episode upload, helping quickly resolve a distribution problem. A reminder of how valuable engaged listeners are to maintaining quality and consistency.⸻26:52 – Wrap UpJohn and Lou close with thoughts on how rapidly the IT landscape is evolving—from AI-driven infrastructure and orbital compute to the reinvention of software delivery models—and encourage listeners to stay adaptable as these shifts accelerate.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a rapidly growing cybersecurity threat: North Korean operatives posing as remote IT workers inside enterprise environments.These actors are not just external attackers — they are getting hired, accessing corporate systems, and creating persistent insider threats that are extremely difficult to detect.The episode explores how the scheme works, why traditional security controls fail, and what enterprise IT teams must do to defend against this evolving attack vector.⸻📝 Show NotesA new cybersecurity threat is emerging that flips the traditional attack model on its head.Instead of breaking into your network, attackers are getting hired into your company.In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt analyze the growing threat of North Korean IT worker schemes, where operatives pose as legitimate remote employees to gain direct access to enterprise systems.⸻🔎 How the Scheme WorksThreat actors: • Apply for remote IT jobs using stolen or synthetic identities • Pass interviews and onboarding processes • Gain legitimate access to corporate systems • Use that access to exfiltrate data, generate revenue, or stage future attacksThese individuals often work through: • VPN masking • Proxy networks • Identity laundering through third partiesOnce inside, they operate as trusted insiders, making detection significantly more difficult than traditional external threats.⸻⚠ Why This Is So DangerousThis is not a vulnerability in software — it’s a failure in process, identity, and trust models.Key risks include: • Direct access to internal systems and data • Ability to bypass perimeter security controls • Long-term persistence without detection • Potential for data exfiltration, espionage, or ransomware stagingUnlike typical breaches, these actors are: • Authenticated • Approved • Operating under legitimate credentials⸻🏢 Enterprise IT ImpactThis threat directly impacts: • Remote-first organizations • Companies hiring globally • Teams using contractors or third-party staffing firms • Organizations without strict identity verification processesIf your company hires remote developers, engineers, or IT staff — this is your problem.⸻🔐 Key Security TakeawaysTo mitigate this risk, organizations should: • Strengthen identity verification during hiring • Require multi-factor authentication across all systems • Monitor for unusual behavior from “trusted” accounts • Implement least-privilege access controls • Audit remote employee access regularly • Coordinate with HR on security-aware hiring practicesThis is a cross-functional problem — IT, Security, and HR must work together.⸻🔗 Source Articlehttps://www.nbcnews.com/investigations/north-korea-it-worker-scheme-nisos-fbi-rcna245025⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Oooops. We uploaded the wrong audio. It's been fix now.In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt explore four major stories shaping enterprise IT, open-source software, AI infrastructure, and the future of data centers.A new report reveals that two-thirds of Node.js installations are running outdated versions, creating major security and operational risks across modern software stacks. Meanwhile, Meta hires the creators of Moltbook, a platform designed as a social network for AI agents to communicate and collaborate.Nvidia enters the agentic AI race with plans for an open-source enterprise AI agent platform, while Oracle’s massive investments in AI data centers spark debate about whether the industry is heading toward an infrastructure bubble.From open-source sustainability to AI infrastructure strategy, this episode breaks down what these developments mean for enterprise IT leaders, developers, and technology investors. Show Notes00:00 – Intro📰 News Bytes00:43 – Two Thirds of Node.js Installations Are OutdatedA new report from the OpenJS Foundation reveals that roughly two-thirds of Node.js deployments are running outdated or end-of-life versions, creating serious security and stability concerns across modern applications.To address this, the Node.js LTS Upgrade and Modernization Program is connecting enterprises with trusted service providers audit, plan, and modernize their deployments.The initiative also helps fund open-source development by directing a portion of service revenue back to the OpenJS Foundation.https://openjsf.org/blog/nodejs-lts-upgrade-program04:59 – Meta Hires the Duo Behind MoltbookMeta has hired the creators of Moltbook, a platform designed as a collaboration network where AI agents can verify identity, exchange information, and coordinate tasks.Meta’s move suggests a strategy to become the central hub for AI agent interaction, positioning the company to support a future where large numbers of autonomous software agents perform tasks for individuals and businesses.https://www.axios.com/2026/03/10/meta-facebook-moltbook-agent-social-network10:20 – Nvidia to Launch an Open-Source AI Agent PlatformNvidia is preparing to release NemoClaw, an open-source AI agent platform designed to help enterprises deploy autonomous agents capable of automating workflows, managing data, and performing complex multi-step tasks.Key aspects of the platform include:• Enterprise-focused agent orchestration• Open-source accessibility• Compatibility beyond Nvidia hardware• Integration with major enterprise software vendorsThe move signals Nvidia’s growing interest in the agentic AI ecosystem, which could dramatically increase demand for GPU-accelerated compute infrastructure.https://www.wired.com/story/nvidia-planning-ai-agent-platform-launch-open-source/⸻14:27 – Oracle Is Building Yesterday’s Data Centers With Tomorrow’s DebtOracle is investing heavily in new AI data centers, financing much of the expansion through debt as it competes with other hyperscale cloud providers.Some analysts have raised concerns that rapid advances in AI hardware could outpace the construction timelines of new facilities, potentially creating financial risk.However, the hosts point out that building data centers requires long lead times for power infrastructure, networking, and facilities, while the compute hardware itself is typically installed later in the deployment process.The discussion highlights the importance of evaluating technology investment stories critically and considering both infrastructure realities and market narratives.https://www.cnbc.com/2026/03/09/oracle-is-building-yesterdays-data-centers-with-tomorrows-debt.html⸻20:14 – Wrap up⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt explore four major stories shaping enterprise IT, open-source software, AI infrastructure, and the future of data centers.A new report reveals that two-thirds of Node.js installations are running outdated versions, creating major security and operational risks across modern software stacks. Meanwhile, Meta hires the creators of Moltbook, a platform designed as a social network for AI agents to communicate and collaborate.Nvidia enters the agentic AI race with plans for an open-source enterprise AI agent platform, while Oracle’s massive investments in AI data centers spark debate about whether the industry is heading toward an infrastructure bubble.From open-source sustainability to AI infrastructure strategy, this episode breaks down what these developments mean for enterprise IT leaders, developers, and technology investors.  00:00 – Intro📰 News Bytes00:43 – Two Thirds of Node.js Installations Are OutdatedA new report from the OpenJS Foundation reveals that roughly two-thirds of Node.js deployments are running outdated or end-of-life versions, creating serious security and stability concerns across modern applications.To address this, the Node.js LTS Upgrade and Modernization Program is connecting enterprises with trusted service providers that can:• Audit existing deployments• Plan phased upgrades• Modernize dependencies• Maintain production stabilityhttps://openjsf.org/blog/nodejs-lts-upgrade-program04:59 – Meta Hires the Duo Behind MoltbookMeta has hired the creators of Moltbook, a platform designed as a collaboration network where AI agents can verify identity, exchange information, and coordinate tasks.Meta’s move suggests a strategy to become the central hub for AI agent interaction, positioning the company to support a future where large numbers of autonomous software agents perform tasks for individuals and businesses.https://www.axios.com/2026/03/10/meta-facebook-moltbook-agent-social-network10:20 – Nvidia to Launch an Open-Source AI Agent PlatformNvidia is preparing to release NemoClaw, an open-source AI agent platform designed to help enterprises deploy autonomous agents capable of automating workflows, managing data, and performing complex multi-step tasks.The move signals Nvidia’s growing interest in the agentic AI ecosystem, which could dramatically increase demand for GPU-accelerated compute infrastructure.https://www.wired.com/story/nvidia-planning-ai-agent-platform-launch-open-source/14:27 – Oracle Is Building Yesterday’s Data Centers With Tomorrow’s DebtOracle is investing heavily in new AI data centers, financing much of the expansion through debt as it competes with other hyperscale cloud providers.Some analysts have raised concerns that rapid advances in AI hardware could outpace the construction timelines of new facilities, potentially creating financial risk.The discussion highlights the importance of evaluating technology investment stories critically and considering both infrastructure realities and market narratives.https://www.cnbc.com/2026/03/09/oracle-is-building-yesterdays-data-centers-with-tomorrows-debt.html🔁 Wrap Up20:14 – Mail BagListener Mel asks whether laser-based networking technologies, like the TaaraConnect system discussed in a previous episode, could help improve internet access in mountainous rural areas.While line-of-sight laser connectivity could offer high speeds, weather conditions like fog and cloud cover could require backup connections such as radio or wired infrastructure.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

A new malware campaign has compromised more than 14,000 ASUS routers, creating a resilient botnet that security researchers say is unusually difficult to dismantle.In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt examine the KadNap router malware, which targets unpatched ASUS routers and installs a persistent backdoor designed to survive typical remediation efforts.The malware was identified by researchers at Lumen’s Black Lotus Labs, who discovered that infected routers are being used as part of a botnet capable of proxying internet traffic and enabling other malicious activities.Unlike many botnets that rely on centralized command servers, KadNap uses peer-to-peer control mechanisms similar to BitTorrent, making it significantly harder for security teams to disrupt.⸻🔎 What the KadNap Router Malware DoesThe malware exploits vulnerabilities in ASUS routers that have not been patched or configured securely.Once installed, KadNap: • Creates a persistent backdoor on the router • Survives reboots and firmware updates • Enables remote control of the router • Connects the device to a distributed botnet network • Routes malicious traffic through compromised residential internet connectionsResearchers also discovered the infected routers are being used by a fee-based proxy service called Doppelganger, allowing customers to route their internet traffic through unsuspecting victims’ home networks.⸻⚠ Why This Is DangerousBecause the traffic originates from compromised home routers, victims could unknowingly appear responsible for malicious activity such as: • Network attacks • Surveillance operations • Illegal browsing activity • Staging points for additional cyber intrusionsThis makes detection and attribution far more difficult.⸻🏢 Enterprise IT RiskThis vulnerability is not limited to home users.ASUS also produces small-business routers, meaning organizations or small offices using these devices could be exposed.IT professionals should also remember that compromised routers can provide attackers with a network foothold for lateral movement, especially if IoT or remote-user networks are poorly segmented.⸻🛠 How to Detect and Remove KadNapSecurity experts recommend checking routers for signs of compromise:Look for: • SSH enabled unexpectedly • Remote administration enabled • Unknown certificates or scheduled tasks • Suspicious entries in device logsBecause the malware attaches to configuration files, simply rebooting or restoring a configuration backup will not remove it.The proper remediation process: 1. Perform a full factory reset 2. Update the router firmware immediately 3. Manually reconfigure the router (do not restore backups)Experts also recommend changing default internal network ranges, such as moving away from the common 192.168.1.x subnet.⸻🔗 Source Articlehttps://arstechnica.com/security/2026/03/14000-routers-are-infected-by-malware-thats-highly-resistant-to-takedowns/⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn