In this episode of IT SPARC Cast – News Bytes, John and Lou break down Ubiquiti’s brand-new UniFi wireless bridging lineup, test drive the surprisingly powerful ChatGPT Group Chat feature, and review the newly released IT Specialist Simulator game—yes, it’s a real thing.

Lou also shares his SuperComputing 25 highlights, covering quantum computing, CXL memory extension, and why this year’s show was one of the most energetic he’s ever seen. A packed week for enterprise IT, networking, AI tooling, and HPC.

⏱️ Show Notes

00:00 – Intro

A preview of the week’s topics: ChatGPT enters the chat, Pixel Team Red makes IT into a game, and UniFi pushes wireless bridging further.

NEWS BYTES

01:21 – All-New UniFi Bridging

Ubiquiti announces an expanded lineup of UniFi bridging hardware, offering new flexibility for building-to-building links and hard-to-cable environments. Key highlights:

•Building Bridge Single Unit – no more buying pairs; units can now be paired or re-paired on demand.

•Device Bridge IoT – tiny 2.4 GHz client bridge for connecting wired devices where Ethernet isn’t available.

•Device Bridge Switch – 2.5GbE PoE switch + Wi-Fi 7 / 6 GHz bridging for high-throughput deployment without new cabling.

•Ideal for renters, campuses, remote buildings, and temporary connectivity.

https://blog.ui.com/article/all-new-unifi-bridging 

05:00 – ChatGPT Group Chats

ChatGPT now offers multi-user group chats, allowing collaborative research, shared notes, and real-time AI-assisted discussions.

•Works like “ChatGPT inside Slack or Teams.”

•No cross-bleed from personal ChatGPT memory—group chats stay isolated.

•Great for brainstorming, problem-solving, and real-time content creation.

•John tests memory segmentation and explains why this feature actually matters for privacy.

https://openai.com/index/group-chats-in-chatgpt/ 

07:38 – IT Specialist Simulator (Game)

A new Steam game, IT Specialist Simulator, lets players start as junior IT techs and work their way up the ladder.

•Tasks include configuring IP addresses, handling tickets, and climbing into management roles.

•John plans to test it using Crossover on his Mac during Thanksgiving vacation.

•Lou questions whether this is secretly a recruitment or training tool.

•Possible educational value for beginners learning networking basics.

https://store.steampowered.com/app/3266090/IT_Specialist_Simulator/

10:16 – Lou’s SuperComputing 25 Overview

Lou shares additional SC25 observations not covered in the shorts:

•Deep dive conversations with quantum computing firms including Alice & Bob.

•IBM’s quantum roadmap and why commercial systems are likely 2030+.

•How quantum computing targets molecular simulation, advanced materials, next-gen drugs, and computational fluid dynamics.

•The rise of CXL, PCIe expansion, and technologies enabling enterprises to extend hardware rather than replace it.

•SC25 was one of the most active HPC events Lou has seen in decades.

Wrap Up

14:42 – Listener Feedback & Wrap Up

Listeners react to recent shorts, including extreme cooling solutions (0.01 Kelvin) and moon-mined Helium-3 for future fusion and quantum workloads.

Full contact and feedback channels below:

Social Links

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast, Lou brings you a packed 8-minute walkthrough of the biggest themes and technologies from SuperComputing 25—the largest and busiest HPC show he’s ever attended.

In this video, Lou covers:

🔥 Cooling Wars: immersion cooling, PG25 liquid loops, cavitation risks, phase-change fluids, and long-term hardware reliability.

🧠 CXL & Memory Expansion: shared GPU pools, multi-host memory fabrics, and how CXL can extend server life.

☁️ Hybrid Cloud AI Platforms: two research-born vendors (including one FedRAMP-compliant) redefining HPC + cloud orchestration.

⚡ Infrastructure Giants: the mind-blowing cooling and power equipment that will shape future enterprise data centers.

And John reads out Listener Feedback regarding AlmaLinux as the successor to CentOS.

If you want a concise, expert-level briefing from the SC25 show floor—this is the one to watch.

What it on Youtube Here - https://youtu.be/Ve57fs7efFY

00:00 – Intro

01:08 – Greeting from Super Computing 25

Lou sets the stage after returning from SuperComputing 25, describing the massive scale of the show, packed floors, and how SC25 has effectively replaced events like Interop and SuperComm.

NEWS & TECH BREAKDOWN

02:22 – The Major Theme: Cooling, Cooling, Cooling

Lou explains that cooling dominated the show, with two primary approaches emerging:

1. Immersion Cooling

•Full-system submersion in mineral oil or engineered fluids

2. Active Liquid Cooling (PG25 Mix)

•Issues explored: erosion, cavitation, biological growth, thermal cycling, solder fatigue

3. Phase-Change Approaches

•Solutions that vaporize at fixed temperatures (e.g., 55°C boiling point phase-change fluids)

Why It Matters: Enterprise hardware longevity, reduced thermal stress, and predictable cooling efficiency.

05:41 – CXL & Memory Expansion: The Future of Server Life Extension

Lou discusses a major standout category: CXL (Compute Express Link) technologies allowing:

•Shared memory pools & GPUs across multiple hosts

•Extending server life by adding external memory instead of replacing hardware

•Switching architectures enabling dynamic assignment of terabytes of memory to GPUs

Enterprise takeaway: “Do more with less” becomes practical—critical during recessionary or budget-tight periods.

⸻

07:55 – Hybrid Cloud AI Platforms

Lou meets with two research-born companies offering advanced hybrid cloud and orchestration stacks:

•One FedRAMP-compliant, built for U.S. federal and defense workloads

•One European research derivative, designed for container-heavy hybrid environments without VMware reliance

These solutions focus on orchestration, HPC-to-cloud overflow, container scheduling, and distributed compute for AI.

09:19 – Wrap Up

John closes by encouraging viewers to watch the upcoming shorts and emphasizing how SC25 showcased the next generation of enterprise-class tech. He also covers Listener Feedback on our first short from SC25 regarding AlmaLinux

Social Links

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John and Lou tackle a wild week in enterprise IT—from grounded aircraft disrupting hardware logistics, to open-source maintainers calling out Google, to sophisticated VM-based malware hiding inside Windows systems, to Santa Clara’s power grid collapsing under the weight of the AI boom.

First, a tragic UPS MD-11 crash in Louisville forces both UPS and FedEx to ground all MD-11 aircraft—creating ripple effects for enterprise sparing strategies and next-day hardware replacement SLAs. John and Lou explain how events outside the IT bubble can quietly break your uptime guarantees.

Then, the maintainers of FFmpeg publicly call out Google: either fund the project or stop flooding it with fuzz-generated bugs. The hosts explore the broader lesson: organizations relying on open source must contribute—code, money, or both.

Next, the team walks through a jaw-dropping Hyper-V evasion technique, where Russian hackers spin up hidden Alpine Linux VMs to run malware undetected by EDR tools. Lou calls it “one of the most clever attack chains we’ve seen in years,” and John argues that Windows security must evolve to detect surprise VM creation.

Finally, Santa Clara—Nvidia’s hometown—has data centers sitting empty because the city literally has no power left to give. With AI megaprojects like Project Stargate on the horizon, John and Lou warn that the grid crisis is about to become every CIO’s problem.

Show Notes

00:00 – Intro

NEWS BYTES

01:05 – UPS and FedEx Ground Planes After Louisville Crash

•A UPS MD-11 crashes, triggering a fleetwide grounding of MD-11 cargo aircraft.

•Immediate supply-chain impact for next-day server replacements and enterprise sparing.

•John and Lou highlight why IT leaders must monitor “non-IT” news that affects logistics.

•A reminder: SLA = logistics, and logistics depends on the real world.

https://www.nbcnews.com/news/us-news/ups-grounds-md-11-fleet-type-plane-louisville-crash-sources-say-rcna242711 

04:19 – FFmpeg to Google: Fund Us or Stop Sending Bugs

•Google’s fuzzing system floods FFmpeg with nonstop bug reports.

•Maintainers say the project is overwhelmed and demand Google contribute.

•Discussion: the ethical and practical responsibility companies have to support open source.

https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs 

07:25 – Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

•Threat actor Curly Comrades uses Hyper-V to run hidden Alpine Linux VMs.

•Malware (CurlyShell & CurlyCat) routes through host NAT, appearing as normal traffic.

•Hard to detect: tiny VM footprint, few forensic artifacts, zero EDR visibility.

•John: Windows Defender should alert when a new VM spins up—“Did you mean to do this?”

https://thehackernews.com/2025/11/hackers-weaponize-windows-hyper-v-to.html  

13:08 – Data Centers in Nvidia’s Hometown Stand Empty Awaiting Power

•Two new Santa Clara data centers cannot turn on due to a power shortage.

•Signals a coming crisis as AI mega-facilities exceed grid capacity.

•Power costs and grid constraints may soon drive enterprise IT budgeting changes.

https://finance.yahoo.com/news/data-centers-nvidia-hometown-stand-100009877.html  

15:56 – Mail Bag & Wrap Up

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this week’s IT SPARC Cast, John and Lou break down a Cisco security double feature—three critical vulnerabilities impacting Cisco ASA, Cisco Secure Firewall (FTD), and Cisco Identity Services Engine (ISE). These flaws include authentication bypass, chained remote code execution, and a CVSS 10.0 root-level compromise via an undocumented ISE API.

We explain how CVE-2025-20333, CVE-2025-20362, and the newly revealed CVE-2025-20337 work, why federal agencies issued emergency patch directives, and what immediate mitigation steps enterprise defenders must take. If you manage Cisco firewalls or identity systems, this episode is mandatory listening.

00:00 - Intro

01:05 - CVEs of the Week – Cisco ASA & FTD (CVE-2025-20333 & CVE-2025-20362)

• Two actively exploited Cisco firewall vulnerabilities enable authentication bypass and chained remote code execution.

• Attackers linked to ArcaneDoor/Storm-1849 are using CVE-2025-20362 to bypass authentication, paired with CVE-2025-20333 for full RCE device takeover.

• Compromised devices show unexpected reloads, disabled logs, and firmware persistence via ROMMON modification.

• Over 50,000 ASA/FTD systems remain exposed, many still unpatched.

• Emergency guidance from CISA and NCSC stresses immediate patching, disabling WebVPN/SSL, IP whitelisting, and checking for persistence or odd CLI behavior.

• Lou and John emphasize the need for a multi-vendor firewall strategy to avoid single-vendor blast-radius failures.

⸻

05:00 - Cisco ISE – CVE-2025-20337 (Root-Level RCE via Undocumented API)

• Amazon’s threat intelligence team discovered in-the-wild exploitation of an undocumented ISE API endpoint.

• This CVSS 10.0 vulnerability allows deserialization attacks leading to unauthenticated root-level access.

• Attackers deploy an advanced, stealthy web-shell (“IdentityAuditAction”) featuring:

– In-memory execution

– Java reflection thread injection

– Custom DES-encrypted C2

– No disk artifacts

• Exploitation activity dates back to at least May and may be earlier.

• Mitigation requires updating to patched ISE versions, segmenting management networks, monitoring unexpected listeners, and tightening inbound firewall policies.

• John and Lou reiterate that identity remains the “universal attack surface,” and poor segmentation continues to amplify enterprise risk.

⸻

09:26 - Listener Feedback

A viewer asked whether the F5 BIG-IP source code leak affects only the management plane or the data plane.

Answer: Both. Because the entire codebase was leaked, any subsystem could harbor latent zero-day attack surfaces—further stressing the importance of aggressive patching and hardened segmentation.

⸻

10:28 - Wrap Up

We appreciate every question, comment, and suggestion. Keep them coming.

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this week’s IT SPARC Cast – News Bytes, John and Lou go galactic—covering AI data centers in orbit, Microsoft’s blunders, and a nasty new Windows backdoor exploiting OpenAI’s API.

First, it’s “IT in SPAAAAAACE!” as Google unveils Project Suncatcher, an effort to launch radiation-hardened Tensor Processing Units (TPUs) into orbit for solar-powered, space-based AI compute. Then, SpaceX announces plans to build low-Earth-orbit data centers using its Starlink satellite infrastructure and Tesla’s upcoming AI chips—pushing the data center arms race off-planet.

Next up in “Really, Microsoft?” — the latest Windows 11 bug means “Update and Shut Down” doesn’t actually shut down. It just reboots. But the real danger comes from the newly discovered SesameOp backdoor, which uses the OpenAI Assistants API as its command-and-control channel—making it nearly invisible to traditional security tools.

Finally, Microsoft ends volume pricing discounts for enterprise customers, sparking frustration across IT departments already battling licensing complexity.

Show Notes

00:00 - Intro

John and Lou open with a new segment: “IT in Space!” as data centers literally leave Earth’s surface.

01:02 - Google’s Next Moonshot: Project Suncatcher

•Google to launch Project Suncatcher—solar-powered AI compute nodes using Tensor Processing Units (TPUs) in orbit.

•Partners with Planet Labs for radiation-hardened TPU testing.

•Orbiting clusters could provide 8x more energy efficiency than Earth-based systems.

•Challenges include cooling, radiation shielding, and debris avoidance.

https://9to5google.com/2025/11/04/google-project-suncatcher/

03:41 - SpaceX Plans Data Centers in Low-Earth Orbit

•SpaceX confirms Starlink v3 satellites will support data center modules.

•Tied to Tesla’s AI5 and upcoming AI6 chip platforms.

•Starship will be used to deploy orbital compute clusters.

•Laser interlinks and orbital energy capture could redefine distributed computing.

https://x.com/dimazeniuk/status/1984613494629503484?s=61&t=vt5DZTzMzVaVQd0cNd8iuA

06:55 - “Update and Shut Down” No Longer Restarts PC

•Microsoft’s November 2025 preview patch fixes a long-standing issue: “Update and Shut Down” reboots instead of powering off.

•Optional fix available under Windows 11 build 26200.7019.

•Another headache in Windows’ long list of quality-of-life bugs.

https://www.windowslatest.com/2025/11/02/update-and-shut-down-no-longer-restarts-pc-as-windows-11-25h2-patch-addresses-a-decades-old-bug/

08:10 - SesameOp Backdoor Using OpenAI Assistants API

•SesameOp discovered by Microsoft’s DART Team.

•Uses OpenAI’s Assistants API as a stealthy command-and-control (C2) channel.

•No patch yet—only firewall whitelisting and Defender rules recommended.

https://thehackernews.com/2025/11/microsoft-detects-sesameop-backdoor.html

13:53 - Microsoft Ends Volume Pricing

•As of Nov 1, Microsoft has eliminated tiered volume discounts for Enterprise Agreements.

•Large customers will now pay the same flat rate as smaller ones.

•Could increase software spend by double digits at renewal.

https://www.cio.com/article/4079004/microsoft-ends-volume-pricing-potentially-costing-companies-millions.html

15:29 - Mail Bag & Wrap Up

https://daily.jstor.org/when-the-push-button-was-new-people-were-freaked/

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt dive deep into CVE-2025-52665, a critical 10.0 CVSS vulnerability impacting Ubiquiti’s UniFi Access Management API. This flaw blends physical security and cybersecurity risks — allowing unauthenticated attackers to execute remote code, manipulate door access, or even lock users inside buildings.

John and Lou break down how this misconfigured API opens the door (literally) to full network takeover and discuss the real-world implications of smart building vulnerabilities. They cover the affected UniFi Access versions (3.3.22 to 3.4.31) and emphasize updating immediately to version 4.0.21 or later.

Beyond the technical details, they debate the broader question: Are smart buildings worth the risk? From API hygiene to network segmentation, the hosts offer actionable strategies to secure IoT infrastructure and ensure that “smart” doesn’t become “unsafe.”

⸻

Social Links:

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this week’s IT SPARC Cast – News Bytes, John and Lou explore the intersection of AI, hardware, and IT freedom — from creative tension at EA to chipmaking disruption.

First, Electronic Arts (EA) launches ReefGPT, an internal AI design tool meant to boost productivity across studios. Developers say it’s unreliable and fear job losses, while leadership insists AI is the future. John and Lou unpack the deeper message: AI won’t take your job, but someone using AI will.

Then, Qualcomm jumps into the AI data center market with its new AI200 and AI250 chips — scaled-up versions of its mobile neural processors, ready to challenge Nvidia and AMD for inference workloads. The hosts discuss how this could finally relieve the GPU bottleneck driving AI infrastructure costs through the roof.

Next, Ubiquiti declares “SFP Liberation Day.” The new $49 SFP Wizard not only tests but reprograms fiber modules to work with any switch — bypassing vendor lock-ins from Cisco, HPE, and others. John and Lou call it “the jailbreak every network engineer has been waiting for.”

Finally, Substrate, a U.S. startup, unveils an X-ray lithography chipmaking tool that could rival ASML’s $400M EUV machines. Backed by $100M in funding, the company aims to bring advanced chip manufacturing back to the U.S. — potentially reshaping the semiconductor landscape.

00:00 - Intro

00:52 - Electronic Arts (EA) AI Divide

•EA launches ReefGPT to accelerate game design.

•Creatives call it unreliable and fear losing creative control.

https://www.businessinsider.com/inside-ai-divide-roiling-video-game-giant-electronic-arts-2025-10?op=1  

04:15 - Qualcomm Joins the AI Arms Race

•Qualcomm announces AI200 (2026) and AI250 (2027) chips for data centers.

•Targets Nvidia’s GPU monopoly with rack-mounted, liquid-cooled solutions.

•Could ease supply pressure and diversify AI compute resources.

https://www.cnbc.com/2025/10/27/qualcomm-ai200-ai250-ai-chips-nvidia-amd.html 

11:35 - Ubiquiti Liberates the SFPs

•“SFP Liberation Day” brings a $49 SFP Wizard tool for testing and reprogramming optics.

•Supports SFP, SFP+, and QSFP modules across brands.

•A win for network engineers tired of overpriced vendor modules.

https://blog.ui.com/article/welcome-to-sfp-liberation-day 

15:58 - Substrate Announces Chipmaking Tool to Rival ASML

•Substrate reveals an X-ray lithography system

•Rivaling ASML’s EUV tools at lower cost.

•Could reshape semiconductor competition and domestic manufacturing.

https://www.reuters.com/world/asia-pacific/us-startup-substrate-announces-chipmaking-tool-that-it-says-will-rival-asml-2025-10-28/

https://www.ft.com/content/2496edef-4f1b-47aa-877d-9c01271faaa1

https://www.wsj.com/tech/peter-thiel-backed-startup-secures-100-million-to-make-chips-in-u-s-baff93ac

21:02 - Mail Bag & Wrap Up

Hosted on Acast. See acast.com/privacy for more information.

In this special Halloween edition of CVE of the Week, John and Lou dive into a truly chilling scenario — a high-severity DNS poisoning flaw that could be the perfect setup for a wave of phishing attacks and credential theft across enterprise networks.

The star of the episode: CVE-2025-40778, a newly discovered vulnerability in BIND 9’s resolver logic. This flaw allows unauthenticated attackers to inject forged DNS records, redirecting legitimate queries to malicious servers — all without user interaction. With a CVSS score of 8.6, exploits are already active in the wild, and over 5,900 exposed instances have been identified.

But that’s just the start. The hosts explain how major outages at AWS (US-East-1) and Microsoft Azure opened the door for clever phishers to strike when users were most vulnerable — during downtime. Together, these issues illustrate a perfect storm of technical failure and human manipulation.

Lou and John share practical defenses: patch immediately, enable DNSSEC, restrict recursion, and — most importantly — establish a trusted, redundant communication plan for your users before the next outage hits.

⸻

Key Takeaways

•CVE-2025-40778 impacts BIND 9 versions from 9.11 to 9.21.12, including S1 previews.

•Exploits are already circulating — attackers can poison DNS caches remotely.

•Misconfigured DNS and phishing attacks can combine for devastating impact.

•Immediate action: patch, enable DNSSEC, monitor cache entries, and reduce TTLs.

•Prepare for outages — build redundant user communication channels to prevent panic and credential leaks.

Links

https://kb.isc.org/docs/cve-2025-40778 

https://nvd.nist.gov/vuln/detail/CVE-2025-40778

https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html 

https://www.helpnetsecurity.com/2025/10/28/bind-9-vulnerability-cve-2025-40778-poc/ 

⸻

Wrap-Up – Stay Connected

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this week’s IT SPARC Cast – News Bytes, John and Lou explore the fast-moving world of AI, quantum computing, and cloud reliability.

First up, OpenAI launches Atlas, an AI-powered browser with ChatGPT built in—complete with persistent memory, agent mode, and deep personalization. But as John warns, “If ChatGPT can see everything you do, that includes your company’s data.” Lou connects it to last week’s 7-Zip discussion, emphasizing the need for strict data access policies in enterprises managing shadow AI use.

Then, Google makes a quantum leap with its new Willow chip and Quantum Echoes algorithm, achieving verifiable quantum advantage—13,000x faster than classical supercomputers. The duo discusses its implications for material science, encryption, and the coming “cryptopocalypse.”

Next, Signal gets proactive, introducing Triple Ratchet Encryption—a post-quantum secure update using ML-KEM (Kyber) to protect against future quantum decryption. It’s the first major messaging platform to harden itself against Harvest Now–Decrypt Later attacks.

Finally, in this week’s Hot Take, the hosts analyze the recent AWS DNS outage that took down half the internet. Their verdict? “It’s not just AWS—it’s the apps.” They discuss multi-region design, cloud dependency, and why “Five Nines” uptime might be a thing of the past.

⸻

⏱️ Show Notes

00:00 - Intro

01:24 - OpenAI Debuts AI-Powered Browser (Atlas)

https://tech.slashdot.org/story/25/10/21/1725235/openai-debuts-ai-powered-browser-with-memory-and-agent-features 

07:27 - Google Launches New Quantum Chip and Algorithm

https://blog.google/technology/research/quantum-echoes-willow-verifiable-quantum-advantage/ 

09:31 - Signal Stays Ahead of the Game — Triple Ratchet Encryption

https://signal.org/blog/spqr 

⸻

12:03 - Hot Take: Amazon Web Services (AWS) DNS Outage

John recounts debugging his Ring cameras—before realizing the culprit was AWS.

•Cascading DNS failure caused a self-inflicted denial of service

•Exposed lack of redundancy and poor multi-region design

•50% of the internet went down, despite AWS only running 30% of it

Lou’s takeaway: “Cloud isn’t inherently resilient—it’s only as resilient as you design it to be.”

https://youtu.be/ygcYoFBXdjQ 

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this episode of CVE of the Week, John and Lou unpack a fresh pair of vulnerabilities affecting one of the most common tools on Windows desktops — 7-Zip.

Tracked as CVE-2025-11001 and CVE-2025-11002, these directory traversal flaws allow attackers to craft malicious archives that can escape the extraction folder, overwrite arbitrary files, and potentially lead to remote code execution (RCE). The hosts discuss how the vulnerabilities impact not just individual users but also automated systems such as CI/CD pipelines, backup servers, and antivirus scanners that automatically unpack archives.

They also cover how this seemingly moderate (CVSS 7.0) issue highlights a deeper problem — shadow IT and uncontrolled software installation inside enterprise environments. From patching strategies to user privilege escalation controls, this episode offers real-world guidance for keeping your organization secure.

⸻

Key Takeaways

•Two new 7-Zip vulnerabilities (CVE-2025-11001 & CVE-2025-11002) enable directory traversal and code execution.

•Impacts Windows desktops and automated extraction workflows in enterprise systems.

•Proof-of-concept exploits are already public on GitHub.

•The fix: Update 7-Zip immediately, disable automatic extraction of untrusted files, and audit your endpoint permissions.

•Also, define a clear policy for software installation to minimize risk from unmanaged tools.

⸻

Stay Connected

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.