IT SPARC Cast

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a massive ransomware-driven data breach impacting Conduent, a major business process services provider that handles public sector programs, healthcare benefits processing, and corporate HR services.What began as reports of a 10.5 million record breach has now escalated to an estimated 25 million impacted individuals, with the ransomware group SafePay claiming responsibility and alleging over 8 terabytes of data exfiltrated.⸻🔎 What Happened?Conduent, which provides backend processing for government assistance programs and health benefits, confirmed that sensitive personal and corporate information may have been exposed.Reported exposed data includes: • Names • Dates of birth • Addresses • Social Security numbers • Employment records • Financial information • Medical and health insurance details • Internal business documentsSafePay ransomware actors reportedly gained access through compromised credentials and then moved laterally through Conduent’s systems.This is a textbook example of a chained cyberattack, where one small compromise enables full-scale enterprise exposure.⸻🌎 Scope of the ImpactThe breach affects multiple U.S. states and programs, including: • Texas (~15.4 million impacted) • Oregon (~10.5 million impacted) • Delaware • Massachusetts • New Hampshire • Georgia • South Carolina • New Jersey • Maine • New MexicoPrograms potentially affected: • Medicaid • SNAP / EBT food assistance • Unemployment benefits • Health insurance processing (including Blue Cross Blue Shield and Humana) • Corporate employee benefit programsAdditionally, approximately 17,000 Volvo Group North America employees may have been impacted.⸻⚠ Why This Matters for Enterprise ITThis is not “just” a public-sector breach.Many private companies rely on Conduent for backend benefits processing. If your organization uses: • Blue Cross Blue Shield • Humana • Third-party HR / benefits processorsYou must immediately: • Contact your HR and benefits teams • Request incident briefings from vendors • Determine if employee data was exposed • Prepare remediation and communication plans⸻🔐 Security Lessons • Credential compromise remains a primary entry point • Lateral movement amplifies initial footholds • Ransomware groups continue combining encryption with large-scale data exfiltration • Transparency and timely disclosure are criticalConduent acknowledged the breach, engaged forensic investigators, and notified impacted parties — a necessary and responsible response.⸻💬 Listener FeedbackThe episode also includes feedback from Kevin regarding last week’s Apple iOS 26 patch discussion. While some users hesitate to upgrade due to UI and stability concerns, security patches addressing critical vulnerabilities must take priority.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt unpack three stories that expose the real friction points in enterprise IT: AI ethics in defense contracts, looming hardware shortages, and data governance risks in Microsoft Copilot.Anthropic and the Pentagon clash over Claude’s military use, Western Digital reports zero remaining HDD capacity for 2026, and Microsoft confirms a Copilot bug that summarized confidential emails. From supply chain strategy to SaaS risk management, this episode highlights why enterprise IT leaders must think beyond features and focus on contracts, capacity, and control.⸻⏱️ Show Notes00:00 – IntroHard drive shortages, AI contract battles, and Copilot privacy concerns headline a week that reinforces one theme: control over infrastructure and software matters more than ever.⸻📰 News Bytes00:46 – Anthropic and the Pentagon Are Reportedly Arguing Over Claude UsageAnthropic pushes back against unrestricted military use of Claude AI, raising ethical, contractual, and operational questions. The Pentagon may reconsider its $200M relationship, exposing a major risk for organizations deploying AI: what happens when vendor policies change after integration?https://techcrunch.com/2026/02/15/anthropic-and-the-pentagon-are-reportedly-arguing-over-claude-usage/ ⸻07:19 – Western Digital Has No More HDD Capacity Left for 2026Western Digital reports its entire 2026 hard drive production is already spoken for. Similar signals from Seagate suggest storage pricing pressure is imminent. The hosts explain why this isn’t just about spinning disks—it’s about AI data center demand driving up costs across RAM, SSDs, GPUs, and enterprise hardware.https://wccftech.com/western-digital-has-no-more-hdd-capacity-left-out/ ⸻12:06 – Microsoft Says Bug Causes Copilot to Summarize Confidential EmailsMicrosoft confirms a Copilot bug that processed confidential emails stored in drafts and sent folders, despite policy settings meant to block them. Although no data reportedly left the organization, the incident underscores governance, SaaS dependency, and AI access-control risks enterprises must plan for.https://www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-causes-copilot-to-summarize-confidential-emails/ ⸻🔁 Wrap Up16:42 – Mail BagListener Dennis drops a Back to the Future “jigawatt” reference, and Xavier reinforces the importance of AI security hygiene and fine-grained permission management.17:52 – Wrap UpFinal thoughts on vendor lock-in, AI policy control, supply chain modeling, and why IT leaders need stronger collaboration with finance and legal teams.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt examine a critical Apple security vulnerability patched in iOS, iPadOS, macOS, watchOS, tvOS, and visionOS 26.3.The focus: CVE-2026-20700, a memory corruption flaw in Apple’s dynamic link layer that could allow attackers to break out of the sandbox and achieve remote code execution (RCE).Although exploitation requires physical access, the definition of “physical” in today’s hybrid enterprise world is broader than it sounds. Remote management tools, compromised accounts, lost devices, or improperly secured BYOD endpoints can all create real-world exposure.With Apple’s unified “26” operating system line now spanning every platform, this patch affects: • iOS 26.3 • iPadOS 26.3 • macOS 26.3 • watchOS 26.3 • tvOS 26.3 • visionOS 26.3Security researchers are classifying this vulnerability as critical/high severity, and enterprises are urged to patch immediately.⸻🔎 CVE-2026-20700 Details • Type: Memory corruption • Impact: Sandbox escape → Remote Code Execution • Exploit Path: Physical or logical device access • Risk Level: High/Critical (no official CVSS published) • Fix: Upgrade to Apple OS version 26.3⸻⚠ Why This Matters for Enterprise IT1️⃣ BYOD Risk SurfaceBring-Your-Own-Device policies mean iPhones, iPads, and Macs often connect to corporate networks without full administrative control. A vulnerable device on your network increases lateral movement risk.2️⃣ Physical Access Isn’t Just “Someone in the Room”Remote tools, compromised Apple IDs, or stolen devices expand the meaning of physical access.3️⃣ Upgrade Hesitation Is RealApple’s 26 release introduced major UI changes (including the controversial glass interface). Stability concerns have led some users to delay upgrades — increasing exposure time.Security must outweigh aesthetic or usability concerns.⸻🛠 Enterprise Recommendations • Immediately communicate required upgrade to 26.3 • Enforce OS minimum versions where possible • Review BYOD policies and mobile device controls • Audit Apple device access on corporate networks • Educate users about lost/stolen device risk⸻💬 Listener FeedbackThe episode also includes commentary from Chris, a general counsel and chief risk officer, who responded to last week’s Notepad RCE discussion. He raises an important point about expanding application functionality increasing attack surface — a lesson that applies here as well.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down a week where enterprise IT collided with energy policy, nuclear power, and outer space. UniFi Network 10.1 pushes further into enterprise territory with improved scalability and Wi-Fi visibility. Meanwhile, the White House explores voluntary agreements to manage rising energy costs from AI data centers.Then things escalate: hyperscalers begin signing real contracts for next-generation nuclear power, and Elon Musk gets serious about orbital data centers—suggesting that the future of compute may extend beyond the planet. If you’re tracking AI infrastructure, network evolution, and the power constraints shaping the industry, this episode connects the dots.⸻⏱️ Show Notes00:00 – IntroJohn and Lou preview a week dominated by UniFi upgrades, federal energy discussions, nuclear power tipping points, and serious momentum toward data centers in space.⸻📰 News Bytes00:44 – UniFi Network 10.1Ubiquiti releases UniFi Network 10.1 with major stability and scalability improvements, Wi-Fi Doctor diagnostics, UI refinements, enhanced policy visibility, and optimizations for Wi-Fi 7 and multi-gig deployments. The hosts discuss why UniFi continues its march toward true enterprise credibility while remaining accessible for SMB and prosumer environments.https://blog.ui.com/article/introducing-unifi-network-10-1 ⸻05:13 – White House Eyes Data Center Agreements Amid Energy Price SpikesAs AI data center expansion drives regional energy price pressure, the White House explores voluntary agreements with major tech companies to shift infrastructure costs away from consumers. The conversation explores the economics of AI growth, the inevitability of nuclear power, and whether energy becomes the defining constraint of the AI race.https://www.politico.com/news/2026/02/09/trump-administration-eyes-data-center-agreements-amid-energy-price-spikes-00772024 ⸻09:02 – Next-Gen Nuclear’s Tipping Point: Meta and Hyperscalers Sign DealsMeta and other hyperscalers begin signing legally binding agreements with next-generation nuclear companies like TerraPower and Oklo. John and Lou explain why signed contracts—not press releases—mark the true tipping point for small modular reactors powering AI infrastructure.https://www.aol.com/articles/next-gen-nuclear-tipping-point-214209248.html ⸻11:34 – Elon Musk Gets Serious About Orbital Data CentersFollowing strategic moves linking xAI and SpaceX, Musk pivots attention toward orbital and lunar infrastructure. The hosts unpack the logic behind space-based data centers, cooling challenges, Starlink integration, and why the economics may be less crazy than they first appear.https://techcrunch.com/2026/02/05/elon-musk-is-getting-serious-about-orbital-data-centers/ ⸻🔁 Wrap Up18:59 – Mail BagListener Jonah questions whether massive AI infrastructure financing signals a bubble. John and Lou explain why AI demand is currently compute-constrained—not hype-driven—and why any financial correction would look very different from the dot-com era.21:52 – Wrap UpFinal thoughts on nuclear inevitability, orbital infrastructure, and the reality that energy—not chips—may define the next decade of enterprise IT.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/John Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a shocking vulnerability: CVE-2026-2841, a Remote Code Execution (RCE) flaw in the modern Windows 11 Notepad application distributed via the Microsoft Store.Yes — even Notepad isn’t safe anymore.This vulnerability stems from a command injection flaw in the modern Windows 11 Store version of Notepad (11.x prior to patch). The issue allows malicious .md (Markdown) files containing crafted links or interactive content to execute arbitrary code when opened and clicked by a user.With a CVSS score of 8.8, this vulnerability becomes especially dangerous when chained with other exploits.⸻🔎 What You Need to KnowCVE-2026-2841 – Windows Notepad RCE • Affects: Windows 11 modern Notepad (Microsoft Store version 11.x prior to Patch Tuesday update) • Does NOT affect: Legacy Notepad on Windows 10, Windows 7, or classic versions • Attack Vector: Malicious .md file delivered via phishing • Trigger: User opens file and clicks embedded link • Impact: Remote Code Execution with user-level permissions • Severity: CVSS 8.8 (High)⸻⚠ Why This Matters • Perfect phishing vehicle: malicious Markdown attachment • Executes arbitrary code under the user’s permissions • Ideal for lateral movement in enterprise environments • Dangerous when combined with other exploits • Many organizations delay Patch Tuesday updates — this one should NOT wait⸻🛠 Mitigation & Recommendations • Immediately update Notepad via Microsoft Store • Audit Windows 11 endpoints for modern Notepad version • Train users to avoid opening unknown .md attachments • Consider simpler text editors for baseline editing tasks • Evaluate enterprise endpoint protection against command injection vectors⸻💻 Alternative Editors (With Security Awareness)John and Lou discuss safer editing alternatives including: • Notepad++ • Visual Studio Code / Codeium • Sublime Text • Atom • Vim / NeoVim / Emacs • JetBrains IDEsReminder: More features = more attack surface.⸻💬 Wrap UpJohn and Lou also respond to listener feedback from Andrew regarding their recent OpenClaw security discussion. They clarify their stance: • They are not anti-AI. • They are pro-security. • Bleeding-edge tech requires controlled rollout and sandboxing. • Enterprises must protect privileged data access.Security-first thinking is not fear — it’s responsible IT leadership.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Agentic AI systems like OpenClaw represent the future of automation, productivity, and intelligent workflows — but today, they also represent a serious and underappreciated enterprise security risk.In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down why running OpenClaw (and related platforms like MoltBook) on corporate hardware or with access to enterprise data is dangerous right now, even if the long-term vision is compelling.The discussion centers on three types of OpenClaw users: 1. Sandbox Experimenters – Users running OpenClaw in isolated labs or test environments with no access to corporate data. 2. Dedicated VM / Hardware Users – Users running OpenClaw separately, but still granting it access to cloud services, email, or internal APIs. 3. Daily Driver Users – Users installing OpenClaw directly on work PCs and giving it full access to files, email, chat, and automation tools.John and Lou argue that only the first group is safe today.Groups #2 and #3 dramatically expand the attack surface, introducing risks such as credential exfiltration, indirect prompt injection, data leakage, and supply-chain style compromises via third-party “skills.”The episode uses a “bio hotcell” analogy: OpenClaw can be used safely only when isolated, constrained, monitored, and treated as potentially hazardous. Without those controls, it becomes a silent data-exfiltration engine operating entirely inside allowed enterprise workflows.The takeaway for IT leaders is clear:HR and IT must act together now to define policies that prohibit OpenClaw and MoltBook from running on corporate devices or accessing corporate data until proper governance, tooling, and security controls exist.⸻🔚 Wrap Up & LinksFollow and connect with us:IT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down three stories that reveal how enterprise IT is being reshaped by workforce realities, infrastructure constraints, and custom silicon. From mounting evidence that work-from-office mandates are driving top talent out the door, to a Los Angeles startup using SpaceX rocket technology to cool data centers without water, to Microsoft unveiling a massive new AI inference chip designed to scale efficiently.The discussion connects culture, power, cooling, and compute—showing why AI growth isn’t just about models and GPUs, but about solving the physical and human constraints that come with them. If you’re responsible for enterprise IT strategy, infrastructure planning, or talent retention, this episode delivers context you won’t get from headlines alone.⸻⏱️ Show Notes00:00 – IntroJohn and Lou preview a packed episode covering remote-work backlash, radical new data-center cooling approaches, and Microsoft’s latest move to control its AI destiny with custom silicon.⸻📰 News Bytes01:00 – Work-From-Office Mandate? Expect Top Talent Turnover and Culture RotNew research highlighted by CIO Magazine shows that strict return-to-office mandates are driving increased attrition among top performers, longer hiring cycles, and declining trust. John and Lou unpack why “butts-in-seats” metrics fail modern organizations and how poor remote-management skills—not productivity—are often the real problem.https://www.cio.com/article/4119562/work-from-office-mandate-expect-top-talent-turnover-culture-rot.html ⸻08:14 – L.A. Startup Uses SpaceX Tech to Cool Data Centers With Less Power and No WaterAn LA-based startup is applying SpaceX rocket turbopump technology and supercritical CO₂ to dramatically reduce data-center cooling power, footprint, and water usage. The hosts explain why cooling—not chips—is becoming one of the biggest bottlenecks in AI expansion and how innovations like this could unlock sustainable growth.https://finance.yahoo.com/news/l-startup-uses-spacex-tech-175628363.html⸻14:11 – Microsoft Announces a Powerful New Chip for AI InferenceMicrosoft unveils the Maia 200, a custom AI inference accelerator built on TSMC’s 3-nm process with 100 billion transistors. John and Lou break down why inference-optimized chips matter, how this fits into a broader trend of hyperscalers building custom silicon, and why efficiency per watt is becoming the defining metric for AI at scale.https://techcrunch.com/2026/01/26/microsoft-announces-powerful-new-chip-for-ai-inference/⸻🔁 Wrap Up19:49 – Mail BagListener feedback revisits classic operating systems, early AI roots, and why distributed computing concepts from decades ago are suddenly relevant again.22:47 – Wrap UpJohn and Lou close by emphasizing that AI’s future depends on solving power, cooling, and organizational challenges—not just shipping faster chips.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/Lou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break format to examine two high-impact security and privacy stories that every enterprise IT and security leader should be paying attention to.First, we dive into a new lawsuit alleging that Meta can access or infer WhatsApp message contents, despite years of public claims that WhatsApp is fully end-to-end encrypted. We unpack what “access” really means in modern encrypted messaging systems, including metadata, client-side processing, backups, and enterprise risk implications—especially for organizations using WhatsApp for daily business communications.https://www.bloomberg.com/news/articles/2026-01-25/lawsuit-claims-meta-can-see-whatsapp-chats-in-breach-of-privacyNext, we examine a major data exposure involving Chat & Ask AI, a popular AI chatbot aggregator with tens of millions of users. Due to a backend Firebase misconfiguration, hundreds of millions of private conversations—including highly sensitive topics—were left publicly accessible. This incident highlights the growing risk of Shadow AI inside enterprises and the dangers of third-party AI wrappers that lack enterprise-grade security controls.https://www.404media.co/massive-ai-chat-app-leaked-millions-of-users-private-conversations/The episode closes with listener feedback on a previously covered UniFi Access vulnerability and a broader discussion on how organizations should educate, monitor, and protect users without resorting to blunt enforcement.