NIST is changing how it handles CVEs after a massive surge in vulnerability submissions—and it could reshape how enterprise IT teams manage risk. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down what this shift means, the risks of incomplete vulnerability data, and how AI-driven attacks are forcing a new security reality.

⸻

📄 Show Notes

🚨 CVE of the Week (Special Edition): NIST Scaling Back CVE Enrichment

This week, instead of a single CVE, we’re covering a major shift in how vulnerabilities are tracked and analyzed.

The National Institute of Standards and Technology (NIST) is scaling back its enrichment of CVEs due to a massive surge in vulnerability submissions—up 263% since 2020.

⸻

🔍 What’s Changing

NIST will no longer fully analyze every CVE submitted to the National Vulnerability Database (NVD).

Instead, they will prioritize:

• Known exploited vulnerabilities
• Critical/high-impact vulnerabilities
• Software used by government systems

Lower-priority CVEs will still be listed—but:

• ❌ No CVSS score
• ❌ Limited or no analysis
• ❌ Minimal context on impact or exploitability

⸻

⚠️ Why This Matters

CVE “enrichment” is what makes vulnerability data actionable. Without it, security teams lose:

• Severity scoring (CVSS)
• Attack vectors and exploit details
• Affected systems and products
• Context for prioritization

👉 In short: more noise, less signal

⸻

🔗 The Hidden Risk: Chained Exploits

This shift introduces a major blind spot:

• Lower-severity vulnerabilities (CVSS 6–7) may not be enriched
• Attackers can chain multiple low-severity flaws
• Result: full compromise equivalent to a critical vulnerability

👉 Two “7s” can still equal a “10” in real-world attacks

⸻

🤖 AI Is Driving the Explosion

The root cause is scale—and AI is accelerating it:

• Automated tools can discover vulnerabilities at massive scale
• Attackers don’t need advanced intelligence—just volume
• Thousands of bots probing systems = exponential growth in CVEs

This is pushing NIST—and the entire vulnerability ecosystem—to its limits.

⸻

🧠 What This Means for Enterprise IT

You can no longer rely solely on NIST/NVD as your source of truth.

New reality:

• CVE databases will be incomplete
• Prioritization gaps will increase
• Attackers will target overlooked vulnerabilities

⸻

🛠️ Recommended Strategy

Immediate Adjustments:

• Monitor third-party threat intelligence sources
• Invest in security subscriptions (threat intel platforms)
• Track research from vendors (e.g., Unit 42, etc.)

Operational Changes:

• Move beyond “patch Tuesday” mentality
• Implement continuous vulnerability assessment
• Use AI/automation for:
• Threat detection
• Prioritization
• Patch validation

⸻

⚖️ Auto-Patching: Risk vs Reward

Listener feedback raised a key point:

• Auto-updates can introduce supply chain risk
• But delaying patches increases exposure to exploits

👉 The answer is not binary:

• Enable auto-updates where safe
• Maintain robust backup and rollback strategies
• Assess risk per system—not globally

⸻

🔄 Key Takeaway

We are entering a transitional phase in cybersecurity:

• Vulnerability volume is exploding
• Traditional scoring systems are breaking down
• AI will eventually help defend—but not yet

👉 Until then: speed, visibility, and adaptability are your best defenses

⸻

💬 Listener Feedback

Thanks to listener Miruxa for highlighting the risks of auto-updating in light of recent supply chain attacks.

Key takeaway:

• You’re exposed if you update too fast
• You’re exposed if you update too slow

Security now requires constant assessment, not fixed policies

⸻

📣 Wrap Up

What do you think—Is NIST making the right call, or does this create more risk than it solves?

📧 Email: [email protected]

🐦 X: @itsparccast

💬 YouTube: Drop a comment—we read them all

⸻

🔗 Social Links

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

Amazon is going all-in on AI—and taking aim at everyone in the process.

In this episode of IT SPARC Cast – News Bytes, we break down:

•Amazon’s massive AI infrastructure push and chip strategy

•Microsoft turning Copilot into an autonomous agent

•Netgear’s key win in the evolving router security landscape

If you’re in enterprise IT, cloud, or security, this episode covers the real shifts happening right now—not just the headlines.

📝 Episode Description 

00:00 – Intro

📰 News Bytes

00:44 – Amazon CEO Takes Aim at Nvidia, Intel, Starlink & More

Amazon is making a massive AI bet, with Andy Jassy justifying huge infrastructure investments and signaling a strategy to control more of the stack. From custom AI chips (Trainium) to satellite internet and ARM-based compute, Amazon is positioning itself as the “picks and shovels” provider for the AI gold rush.

Rather than relying on vendors, Amazon is building vertically to reduce dependency and maximize margins—mirroring moves from other major players.

Key takeaways:

•AI revenue is directly tied to available compute

•Hyperscalers are racing to own infrastructure end-to-end

•Amazon’s strength is selling compute—not just AI models

This isn’t speculation—it’s a long-term land grab for AI dominance.

https://techcrunch.com/2026/04/09/amazon-ceo-takes-aim-at-nvidia-intel-starlink-more-in-annual-shareholder-letter/

⸻

07:53 – Microsoft is Developing Copilot Features Inspired by OpenClaw

Microsoft is evolving Copilot from a reactive assistant into an agentic system capable of acting on behalf of users. Inspired by OpenClaw-style agents, these new capabilities include task automation, proactive recommendations, and role-specific assistants.

The big shift: AI isn’t just answering questions—it’s doing the work.

With deep OS integration, Microsoft has a unique advantage in embedding these agents directly into enterprise workflows. However, this also raises the stakes around security and control.

Key implications:

•Agentic AI adoption is accelerating rapidly across enterprises

•Model Context Protocol (MCP) will be critical for integrations

•Role-based permissions may help contain risk

This is a foundational shift toward autonomous enterprise systems.

https://www.computerworld.com/article/4158553/microsoft-is-developing-copilot-features-inspired-by-openclaw.html

⸻

14:20 – Netgear Scores First Exemption From Router Restrictions

Netgear has secured the first exemption allowing continued sale of new router products under new security-driven certification rules. While temporary and conditional, this signals how vendors will navigate compliance moving forward.

The exemption suggests trust in Netgear’s processes and willingness to meet evolving standards, while also highlighting broader industry pressure around consumer networking security.

Key considerations:

•Existing devices remain unaffected—for now

•More vendors are expected to follow with exemptions

•Security scrutiny on consumer routers is increasing

This is an early indicator of how networking vendors will adapt to tighter requirements.

https://www.pcmag.com/news/netgear-scores-the-first-exemption-from-the-fccs-foreign-made-router-ban

⸻

📬 18:34 – Mail Bag

Listener feedback this week reinforces two ongoing themes:

•AI’s impact on global labor markets

•The growing complexity of data ownership in AI systems

Discussion highlights how AI may disrupt traditional outsourcing models and why tracking data provenance inside AI systems is becoming critical.

⸻

🔚 23:52 – Wrap Up

As AI adoption accelerates, enterprise IT teams must balance innovation with governance—especially around automation, security, and data ownership. Listener engagement continues to shape the show, so reach out and be part of the conversation.

⸻

Social Links

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@JohnBarger on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

A dangerous Adobe Acrobat zero-day vulnerability (CVE-2026-34621) is actively being exploited—allowing attackers to compromise systems simply by getting users to open a malicious PDF. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down how it works, why it’s so dangerous, and what enterprise IT teams must do immediately.

⸻

📄 Show Notes

🚨 CVE of the Week: Adobe Acrobat Zero-Day (CVE-2026-34621)

This week’s vulnerability is about as bad—and as common—as it gets. A zero-day flaw in Adobe Acrobat Reader is actively being exploited in the wild, requiring nothing more than opening a malicious PDF to trigger a full system compromise.

🔍 What Happened

•CVE ID: CVE-2026-34621

•Type: Zero-day (actively exploited before patch release)

•Severity: CVSS 8.6 (High, but misleading in practice)

•Attack Vector: Malicious PDF file

•Impact: Remote Code Execution (RCE), data theft

Adobe issued an emergency out-of-band patch, signaling the urgency and severity of the threat.

⸻

⚠️ Why This Is So Dangerous

This exploit is particularly concerning because:

•No user interaction required beyond opening a file

•Works through phishing and email attachments

•Targets one of the most widely used enterprise tools (PDF readers with ~60–75% market share)

Once triggered, the vulnerability exploits a memory corruption flaw (e.g., use-after-free or buffer overflow), allowing attackers to execute arbitrary code on the system.

⸻

🔗 The Real Threat: Exploit Chaining

On its own, this vulnerability is severe—but in modern environments, it’s even worse:

•Attackers use phishing to deliver the malicious PDF

•Gain access to a user endpoint

•Pivot into:

•Cloud infrastructure

•Container environments

•Internal systems

👉 This is how a “medium-high” CVSS score becomes a critical enterprise breach

⸻

🤖 AI and the Acceleration of Attacks

The pace of exploitation is changing:

•Exploits are now being weaponized within minutes of disclosure

•Attackers can deploy automated agents at scale

•AI-driven reconnaissance reduces time-to-exploit dramatically

This creates a world where patch latency = exposure window.

⸻

🛠️ Mitigation & Recommendations

Immediate Actions:

•✅ Patch Adobe Acrobat immediately (no delay)

•🚫 Do NOT wait for standard patch cycles

•📧 Treat all PDF attachments as potential attack vectors

Enterprise IT Best Practices:

•Enforce auto-updates and forced patching policies

•Consider network access restrictions for unpatched devices

•Implement:

•Zero Trust architectures

•Endpoint monitoring and anomaly detection

⸻

🧠 Strategic Takeaways

•User behavior is still the weakest link

•Patch cycles must shift from scheduled → real-time response

•Vendors must improve update mechanisms:

•Fewer forced reboots

•Better “do not interrupt” intelligence

We are entering a phase where patching speed is a primary security control, not a maintenance task.

⸻

💬 Listener Feedback

Thanks to listener IAPX for pointing out a technical clarification from last week:

•The Docker vulnerability discussed was rooted in Moby, not Docker directly

•Docker remains the primary exposure vector due to its widespread use

Great catch—and exactly the kind of feedback we appreciate.

⸻

📣 Wrap Up

Have thoughts on this vulnerability? Are we underestimating the impact of PDF-based attacks?

📧 Email: [email protected]

🐦 X: @itsparccast

💬 YouTube: Drop a comment—we read them all

⸻

🔗 Social Links

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@JohnBarger on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

A critical Docker vulnerability (CVE-2026-34040) is putting container security at risk by allowing attackers to bypass authorization controls and potentially access host systems. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down the exploit, why it matters, and what enterprise IT teams must do immediately to mitigate risk.

⸻

📄 Show Notes

🚨 CVE of the Week: Docker API Authorization Bypass (CVE-2026-34040)

This week’s CVE highlights a serious vulnerability in Docker Engine that undermines one of the core assumptions of container security: isolation.

🔍 What Happened

•CVE ID: CVE-2026-34040

•CVSS Score: 8.8 (High)

•Affected Systems: Docker Engine / Moby versions prior to 29.3.1

•Root Cause: Improper handling of authorization plugin checks in Docker’s API layer

The vulnerability allows specially crafted API requests to bypass authorization controls by dropping the request body before inspection—while still executing the request.

⸻

⚠️ Why This Matters

This flaw enables attackers to:

•Bypass container security policies

•Create privileged containers

•Access the host file system

•Extract sensitive credentials (SSH keys, cloud keys, etc.)

This effectively breaks container isolation, turning Docker from a security boundary into an attack vector.

⸻

🔗 The Bigger Risk: Chained Attacks

While Docker APIs are typically not exposed publicly, this vulnerability becomes significantly more dangerous in real-world environments:

•Attackers gain initial access via:

•Phishing or spear phishing

•Compromised endpoints

•Malware or trojans

•Then pivot internally to exploit Docker APIs

👉 In these scenarios, the practical severity approaches 9.8–10.0, not 8.8.

⸻

🤖 AI-Driven Threat Amplification

Modern attack frameworks—especially those leveraging AI—can:

•Automatically scan for exposed APIs

•Execute chained exploits without human intervention

•Scale attacks across thousands of targets simultaneously

This dramatically reduces the skill barrier for attackers.

⸻

🛠️ Mitigation & Recommendations

Immediate Actions:

•✅ Upgrade Docker to version 29.3.1 or later

•🔒 Restrict and lock down Docker API access

•🚫 Ensure APIs are not externally exposed

Strategic Recommendations:

•Enable auto-updates where operationally safe

•Conduct a full network audit (hosts, containers, firmware, network gear)

•Patch beyond servers:

•BIOS / firmware

•Network infrastructure (switches, routers)

•Break down silos between:

•Enterprise IT security

•Data center / cloud security

⸻

🔄 Key Takeaway

Containerization is not a silver bullet for security. Misconfigurations and API exposure can turn Docker into a high-impact attack surface—especially when combined with modern, automated attack chains.

⸻

💬 Listener Feedback

Thanks to listener PutlerLXO for correcting last week’s Axios stat:

•Actual weekly downloads: 100 million, not 45 million

We appreciate the feedback—keep it coming!

⸻

📣 Wrap Up

Have thoughts on this vulnerability? Think it’s overblown—or even worse than we described?

📧 Email: [email protected]

🐦 X: @itsparccast

💬 YouTube & LinkedIn: Drop a comment—we read them all

⸻

🔗 Social Links

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger and Lou Schmidt break down the latest enterprise IT headlines with sharp insight and zero fluff.

Are tech CEOs using AI as cover for layoffs? Are emergency patches from major vendors signaling deeper systemic risk? And what’s really behind OpenAI’s decision to shut down Sora?

Plus, listener feedback sparks a deep dive into home router security and the best options for every level—from plug-and-play to prosumer setups.

If you’re in enterprise IT, security, or just trying to stay ahead of the curve, this is your weekly signal through the noise.

⸻

📌 Show Notes

00:00 – Intro

•Overview of the week’s biggest enterprise IT stories

•AI layoffs, patch failures, and shifting priorities in AI platforms

⸻

📰 News Bytes

00:49 – Tech CEOs Suddenly Love Blaming AI for Mass Job Cuts

•Increasing trend: layoffs attributed to “AI efficiency gains”

•Reality check: cost-cutting, restructuring, and execution failures

•Market dynamics:

•“AI-driven efficiency” messaging can stabilize or boost stock prices

•Traditional layoffs often trigger negative investor reactions

•Key takeaway:

•AI is becoming a narrative shield for leadership decisions

•Career insight:

•Job security = being a problem solver, not just a role filler

•Enterprise angle:

•Evaluate vendor stability when layoffs are framed as “AI transformation”

https://www.bbc.com/news/articles/cde5y2x51y8o

⸻

07:06 – Emergency Microsoft & Oracle Patches Point to Wider Cyber Issues

•Rise in out-of-band (emergency) patching

•Key incidents:

•Critical remote code execution vulnerability (CVSS 9.8)

•Broken update causing login failures

•Core issue:

•Patch reliability vs. urgency tradeoff is collapsing

•Enterprise implications:

•Traditional patch windows are becoming obsolete

•Delayed patching = increased exposure risk

•New reality:

•Mandatory, rapid patch deployment is now required

•Strategic shift:

•Move toward live patching architectures (already common in Linux/cloud)

•Root causes:

•Faster release cycles

•Increased reliance on automation

•Reduced staffing depth

https://www.computerweekly.com/news/366640648/Emergency-Microsoft-Oracle-patches-point-to-wider-cyber-issues

⸻

13:28 – Why OpenAI Really Shut Down Sora

•Contrary to speculation: not a collapse signal

•Actual drivers:

•Compute constraints

•Resource prioritization

•Revenue alignment

•Market dynamics:

•AI arms race: speed, capability, and scale

•Product reality:

•Video generation = extremely compute-intensive

•Limited sustained user demand vs. cost

•Strategic takeaway:

•Focus shifting toward:

•Coding tools

•Agentic platforms

•High-ROI capabilities

•Key insight:

•AI growth is currently compute-bound, not idea-bound

https://techcrunch.com/2026/03/29/why-openai-really-shut-down-sora/

⸻

📬 16:54 – Mail Bag & Home Router Recommendations

Listener Feedback Topics:

•Router security concerns

•Safer alternatives to high-risk vendors

Recommended Router Tiers:

🟢 Entry-Level (Simple / Plug-and-Play)

•Netgear

•Strong open-source firmware support (OpenWRT, Tomato)

•U.S.-based company with supply chain flexibility

•High accountability and responsiveness

🟡 Mid-Tier (Mesh / Larger Homes)

•Eero (Amazon-owned)

•Strong performance and ease of use

•Consistent updates and long-term viability

🔵 Prosumer / Advanced

•Ubiquiti (UniFi)

•Best-in-class price/performance

•Full ecosystem: networking + security + cameras

•No recurring cloud fees

•Strong automation and patch responsiveness

⸻

🔚 26:54 – Wrap Up

•Call for listener feedback

•Engage via email, X, YouTube, or LinkedIn

•Reminder to like, subscribe, and enable notifications

⸻

🌐 Social Links

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a massive supply chain attack targeting Axios, one of the most widely used JavaScript libraries in the world.

Attackers compromised a maintainer account and injected malicious code into widely distributed versions, turning routine installs into a cross-platform Remote Access Trojan (RAT) deployment.

This isn’t just another vulnerability — it’s a breach of trust in the open-source ecosystem that powers modern web applications.

⸻

📝 Show Notes 

A major supply chain attack has compromised Axios, a core JavaScript library used in millions of applications across web, mobile, and backend systems.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt explain how attackers injected malware into trusted Axios packages — impacting potentially tens of millions of environments worldwide.

⸻

🔎 What Happened

Axios is a widely used open-source library for making HTTP requests in:

•Node.js applications

•React, Angular, and Vue frontends

•Mobile apps (React Native)

•SaaS platforms and internal tools

With over 45 million weekly downloads, its footprint is enormous.

Attackers compromised an Axios maintainer’s NPM account and pushed malicious versions:

•Axios 1.14.1

•Axios 0.30.4

These versions introduced a hidden dependency:

•[email protected]

This dependency executed a post-install script that deployed a cross-platform Remote Access Trojan (RAT) targeting:

•Windows

•macOS

•Linux

The malware then:

•Contacted a command-and-control (C2) server

•Downloaded OS-specific payloads

•Executed silently

•Deleted itself and restored clean package files to evade detection

⸻

⚠ Why This Is So Dangerous

This attack is particularly severe because:

•It does not require direct user action beyond installing dependencies

•It affects transitive dependencies (you may be using Axios without knowing it)

•It operates during build/install processes (CI/CD pipelines included)

•It leaves minimal forensic evidence

This is a classic supply chain compromise — not a CVE, but arguably more dangerous.

⸻

🏢 Enterprise IT Impact

If your organization:

•Uses Node.js or modern JavaScript frameworks

•Runs CI/CD pipelines

•Builds or deploys SaaS platforms

•Uses third-party APIs or SDKs

You are likely exposed.

Even if you don’t directly install Axios, it may exist deep in your dependency tree.

⸻

🧠 Key Takeaway

This was not a flaw in code.

This was a failure of trust in the supply chain.

If your security model assumes dependencies are safe by default — this attack proves otherwise.

⸻

🔗 Source Articles

https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html

https://www.elastic.co/security-labs/axios-supply-chain-compromise-detections

⸻

🔗 Connect With Us

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down three major moves reshaping the future of AI infrastructure, chip design, and enterprise automation.

Elon Musk announces TeraFab, a massive new effort to bring chip fabrication back in-house for greater control over AI hardware and supply chains. Mark Zuckerberg pushes deeper into agentic AI with plans for a personal “AI CEO” to manage workflows and decision-making. And Arm signals a major strategic shift with a new AI-focused chip designed for agent-based systems—putting it in direct competition with its own ecosystem.

From supply chain control and custom silicon to AI-driven leadership tools and next-generation chip architectures, this episode explores how the foundation of enterprise IT is rapidly evolving.  

⸻

⏱️ Show Notes

00:00 – Intro

📰 News Bytes

00:45 – Elon Musk Announces TeraFab for AI Chips and Memory

Elon Musk has announced plans for TeraFab, a massive chip fabrication initiative aimed at regaining full control over chip design and production.

The strategy includes:

• A prototype fabrication facility for rapid iteration

• A large-scale production fab for mass manufacturing

• Vertical integration to reduce dependency on external foundries

• Faster time-to-market for AI-driven hardware

As chip demand surges due to AI workloads, companies are reconsidering outsourced manufacturing models. TeraFab represents a return to end-to-end control of silicon development, which could significantly impact supply chains, pricing, and innovation speed.

https://x.com/i/broadcasts/1yKAPMzlvgWxb 

https://en.wikipedia.org/wiki/Terafab 

09:46 – Mark Zuckerberg Builds AI CEO to Help Run Meta

Mark Zuckerberg is developing a personal AI system capable of handling executive-level tasks—effectively functioning as a digital chief of staff or “AI CEO.”

The system is designed to:

• Retrieve and synthesize information across internal systems

• Automate decision-support workflows

• Reduce reliance on layers of management

• Act as a “second brain” for operational awareness

This reflects a broader shift toward agentic AI, where intelligent systems proactively execute tasks rather than simply responding to prompts. The discussion also raises key enterprise questions around security, portability, and ownership of personal AI agents.

https://www.the-independent.com/tech/mark-zuckerberg-ai-ceo-bot-b2943792.html

17:54 – Arm Unveils New AI Chip for Agentic Systems

Arm has announced a new AI-focused chip architecture aimed at powering agentic AI and future AGI-style workloads.

Key implications include:

• A shift from IP licensing to direct chip competition

• Increased competition with existing ecosystem partners

• Potential acceleration of specialized AI hardware development

• Growing relevance of alternative architectures like RISC-V

This move signals a major strategic pivot for Arm, potentially reshaping the competitive landscape for AI infrastructure and creating new dynamics between chip designers, manufacturers, and enterprise buyers.

https://www.reuters.com/business/media-telecom/arm-unveils-new-ai-chip-expects-it-add-billions-annual-revenue-2026-03-24/ 

🔁 Wrap Up

25:24 – Mail Bag

Listener feedback highlights continued interest in emerging compute models, including biological computing, and reinforces the importance of staying ahead of major infrastructure trends.

27:01 – Wrap Up

John and Lou close with thoughts on the convergence of AI, custom silicon, and agent-based workflows, emphasizing that enterprise IT leaders must prepare for a future where infrastructure, software, and decision-making are increasingly intertwined.

⸻

🔗 Connect With Us

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break from a single CVE to tackle a broader and increasingly critical issue: router supply chain security.

From botnets built on consumer routers to concerns about firmware, silicon-level vulnerabilities, and manufacturing visibility, the conversation explores why your home or small office router may be one of the weakest links in modern cybersecurity.

The hosts explain what’s changing in the router market, which vendors are most at risk, and what both consumers and enterprise IT professionals should be doing now to secure the network edge.

⸻

📝 Show Notes

Consumer routers are no longer just simple networking devices — they are now prime targets in large-scale cyberattacks and botnet operations.

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down the growing risks tied to router supply chains, firmware security, and edge network vulnerabilities.

Rather than focusing on a single CVE, this discussion highlights a broader shift in how attackers are targeting home routers, small office devices, and prosumer networking gear as entry points into larger networks.

⸻

🔎 What’s Changing in Router Security

Recent attack trends show:

•Consumer and small-office routers are being used as launch points for larger cyberattacks

•Botnets are increasingly built on unpatched or poorly secured edge devices

•Attackers are leveraging routers to mask origin and evade detection

This makes routers one of the most critical — and often overlooked — components of modern security architecture.

⸻

⚠ The Supply Chain Problem

One of the biggest concerns discussed in this episode is supply chain visibility.

Key risks include:

•Limited insight into where hardware components are manufactured

•Potential for firmware-level or silicon-level vulnerabilities

•Difficulty auditing third-party manufacturing processes

•Inability to fully validate device integrity

Even when running trusted software (such as open-source firmware), underlying hardware risks may still exist.

⸻

🏢 Enterprise & Home Network Impact

This is not just a consumer issue.

Organizations must consider:

•Remote employees connecting via insecure home routers

•Small offices using low-cost networking equipment

•IoT devices relying on consumer-grade infrastructure

•Edge devices acting as entry points for lateral movement

If the edge is compromised, the rest of the network is exposed.

⸻

🛠 What IT Teams and Consumers Should Do

•Avoid default configurations and credentials

•Keep firmware updated consistently

•Segment home and corporate network traffic where possible

•Evaluate router vendors for security posture and supply chain transparency

•Monitor for unusual traffic patterns or device behavior

•Plan for longer-term shifts in router procurement and standards

This is a long-term evolution, not a short-term panic event.

⸻

📊 Market Impact & Vendor Landscape

The episode also discusses potential market shifts:

•Lower-cost vendors may face increased scrutiny

•Vendors with stronger supply chain transparency may benefit

•Manufacturing may shift to more trusted and auditable environments

•Future devices may require mandatory security features like auto-updating firmware

⸻

💬 Listener Feedback

Listener feedback from X highlights the growing importance of Zero Trust and identity validation, especially in response to recent discussions about insider threats.

The takeaway:

Security is no longer just about devices — it’s about people, process, and trust models working together.

⸻

🔗 Connect With Us

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

📄 Episode Description

In this episode of IT SPARC Cast – Interview, John Barger sits down with Dr. Ewelina Kurtys of Final Spark to explore one of the most futuristic ideas in computing: building computers from living neurons.

Final Spark is a Swiss startup working to create biological computing systems using neurons derived from human stem cells. The goal is to develop a new form of compute that is dramatically more energy-efficient than traditional silicon—potentially by orders of magnitude.

In this conversation, John and Dr. Kurtys explore how neurons are sourced, how they are interfaced with traditional systems, and what it will take to build neuron-based data centers. They also discuss the challenges of programming biological systems, the timeline for commercialization, and what enterprise IT professionals should be doing today to prepare for this emerging paradigm.

This is a deep dive into the intersection of biology, AI, and infrastructure—and what could become the next major evolution of computing.  

⸻

⏱️ Show Notes

00:00 – Intro

An introduction to Final Spark and the concept of building computing systems using living neurons as an alternative to traditional silicon-based infrastructure.

⸻

❓ Questions

00:32 - Who Is Final Spark?

01:00 - How Do You Source Your Neurons?

01:43 - Neuron Quality Control

02:43 - Neurons In AI Data Centers

03:14 - Benefit Of Using Neurons

04:19 - When Will Neuron Based Compute Be Commercially Available

05:43 - Operating System Or Programming Language For Neurons

06:49 - What Does A Neuron Based Data Center Look Like?

07:55 - Containment And Security

08:28 - Data Persistence And Memory Erasure

09:10 - What Should IT Professionals Do Today To Prepare?

12:04 - How Does A Start-Up Get Involved Today?

12:44 - How Do You Program Neurons “Bits”? Are They Binary?

14:54 - How Do You Connect Neurons To Silicon Based Compute?

16:00 - Final Thoughts from Dr. Kurtys

⸻

https://www.finalspark.com

https://finalspark.com/articles/

⸻

🔁 Wrap Up

17:19 – Wrap Up

John reflects on the interview and the long-term implications of neuron-based computing. While still early-stage, the technology represents a potential shift in how compute is delivered—driven by energy efficiency, biological processing models, and new programming paradigms.

⸻

🔗 Connect With Us

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

In this episode of IT SPARC Cast – News Bytes, John Barger & Lou Schmidt break down four major stories reshaping enterprise IT, AI infrastructure, and the future of software.

Millions of Pokémon Go players unknowingly helped train real-world delivery robots using billions of images. Meanwhile, OpenAI’s ambitious Stargate data center expansion hits a major setback, highlighting the challenges of scaling AI infrastructure.

Nvidia pushes the frontier even further with plans for orbital AI data centers powered by its new Vera Rubin Space-1 chip system, while a growing movement suggests the “SaaS apocalypse” may be underway, driven by AI and open-source alternatives reshaping how software is built and consumed.

From crowdsourced AI training to space-based compute and the future of enterprise software, this episode explores where the next wave of IT disruption is coming from.  

Show Notes

00:00 – Intro

📰 News Bytes

00:45 – Pokémon Go Players Unknowingly Trained Delivery Robots With 30 Billion Images

Niantic has leveraged years of Pokémon Go gameplay data—over 30 billion images captured by users—to build a highly accurate Visual Positioning System (VPS) capable of centimeter-level location accuracy.

The discussion highlights both the brilliance of this crowdsourced data model and broader concerns around data ownership, enterprise data exposure, and unintended data usage.

https://www.popsci.com/technology/pokemon-go-delivery-robots-crowdsourcing/?utm_source=chatgpt.com 

⸻

07:18 – OpenAI’s Massive Stargate Data Center Expansion Canceled

Plans to expand a major AI data center tied to the Stargate initiative have been canceled, underscoring the complexity of building large-scale AI infrastructure.

Despite the cancellation, demand for AI compute remains extremely high, with other organizations potentially stepping in to utilize available capacity—reinforcing that AI infrastructure demand still far exceeds supply.

https://www.tomshardware.com/tech-industry/artificial-intelligence/openais-massive-stargate-data-center-canceled-as-firm-cant-reach-terms-with-oracle-operator-struggles-with-reliability-issues-meta-said-to-be-interested-in-snatching-excess-capacity 

⸻

11:06 – Nvidia Announces Vera Rubin Space-1 Chip System for Orbital AI Data Centers

Nvidia is pushing AI infrastructure beyond Earth with its Vera Rubin Space-1 system, designed for use in orbital data centers.

While challenges remain—especially around cooling and radiation—this represents a major step toward space-based AI infrastructure as demand for compute continues to surge.

https://www.cnbc.com/2026/03/16/nvidia-chips-orbital-data-centers-space-ai.html 

⸻

17:50 – The SaaS Apocalypse Is Open Source’s Greatest Opportunity

A growing trend suggests that traditional SaaS models may be under pressure as AI dramatically lowers the cost of building custom software.

The hosts highlight real-world examples of AI enabling individuals to build production-ready applications in hours, signaling a potential return to highly customized, in-house systems—powered by AI instead of large dev teams.

https://hackernoon.com/the-saas-apocalypse-is-opensources-greatest-opportunity 

⸻

🔁 Wrap Up

25:28 – Mail Bag

Listener Tim flags an issue with a previous episode upload, helping quickly resolve a distribution problem. A reminder of how valuable engaged listeners are to maintaining quality and consistency.

⸻

26:52 – Wrap Up

John and Lou close with thoughts on how rapidly the IT landscape is evolving—from AI-driven infrastructure and orbital compute to the reinvention of software delivery models—and encourage listeners to stay adaptable as these shifts accelerate.

⸻

🔗 Connect With Us

IT SPARC Cast

@ITSPARCCast on X

https://www.linkedin.com/company/sparc-sales/ on LinkedIn

John Barger

@john_Video on X

https://www.linkedin.com/in/johnbarger/ on LinkedIn

Lou Schmidt

@loudoggeek on X

https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.