Cybersecurity Today – Unsupported Edge Devices Present Global Threat, OpenClaw Threats Continue

Host: Jim Love
Date: February 11, 2026

Episode Overview

This episode of Cybersecurity Today dives into urgent threats facing organizations worldwide: the rise of unsupported edge devices as global security risks, recent issues with Microsoft Exchange Online phishing detection, Google’s push for post-quantum cybersecurity preparation, and new research into the lasting fallout from the OpenClaw security incident. Host Jim Love unpacks recent advisories, real-world attacks, and evolving vulnerabilities, providing actionable insights and stark warnings for IT leaders.

Key Discussion Points & Insights

1. Unsupported Edge Devices: A Looming Infrastructure Threat

[01:15] Real-World Incident:
Jim recounts a December 2025 cyber incident in Poland’s energy sector where attackers exploited vulnerable, internet-facing edge devices—like firewalls, routers, and VPNs—permitting deep access into operational technology systems.
- Impacted: Renewable energy sites, a combined heat and power plant, and a manufacturing company.
- Attack Details: Exposed devices were used to deploy wiper malware, damaging remote terminal units, human-machine interfaces (HMIs), and corrupting firmware.
- Consequence: While power generation continued, operators lost visibility and control, risking catastrophic interventions.
- Memorable Quote [03:35]:
  
  “Systems were running, but the people responsible for them couldn’t reliably see what’s happening or intervene if something went wrong. In industrial environments, that's not resilience, that’s just huge risk.” — Jim Love
[04:50] CISA’s Advisory & Directive:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a new binding operational directive (BOD 26) requiring federal agencies to:
- Update supported edge devices immediately.
- Identify all end-of-support devices within three months.
- Remove unsupported devices within a year.
- Rationale: Unsupported devices, lacking vendor patches, become ever-more vulnerable.
- Notable Finding: Attackers in Poland also used default credentials—a recurring, not vendor-specific, failing.
[06:25] Scale of the Problem:
Jim references a Bishop Fox study:
- “Tens of thousands of clearly unsupported internet-exposed devices, and another couple of hundred thousand that could not be definitively classified... That’s one vendor ecosystem, just one.”
- “There are unquestionably hundreds of thousands of exposed edge devices worldwide. When you include other vendors, regions, less-visible deployments, that number plausibly reaches into the millions.”
[07:15] Devices as Vulnerable Perimeters:
These edge devices guard privileged access and are often the last line of defense between the Internet and critical infrastructure—many never meant to be internet-exposed.
- Core Message [08:05]:
  
  “Unsupported edge devices are now one of the most reliable entry points for persistent threat actors.” — Jim Love

2. Microsoft Exchange Online Flags Legitimate Emails as Phishing

[09:00] Recent Outage:
Over the past weekend, Microsoft Exchange Online erroneously flagged and quarantined legitimate emails as phishing worldwide.
- Affected internal and external emails, despite passing SPF, DKIM, and DMARC checks.
- Confused admins struggled to determine if an actual phishing attack was underway or if this was a product failure.
- Quote [10:00]:
  
  “Detection tools fail quietly—they don’t just stop threats, they stop work.”— Jim Love
[10:25] Microsoft’s Response:
MS acknowledged the issue, traced it to anti-phishing detection logic changes, and is adjusting configurations to resolve false positives.
- No evidence of a breach—just a disruptive breakdown in automated trust.
[11:10] Takeaway:
Cloud-hosted, automated security systems offer little transparency to customers, amplifying operational risk when systems misfire.

3. Google: Prepare Now for Post-Quantum Cybersecurity

[11:50] Google’s Warning:
Google urges governments and industry to start now on transitioning to post-quantum cryptography. Waiting until quantum computers are viable will be far too late.
- Threat: “Harvest now, decrypt later”—adversaries steal and store encrypted data today, break it when quantum computers arrive.
- Quote [13:10]:
  
  “Cryptographic transitions are slow, complex, and deeply embedded. Replacing encryption... can take a decade or more.” — Jim Love summarizing Google’s position
[12:45] Google Actions:
Already deploying post-quantum solutions internally, in Chrome, and in Google Cloud.
- Recommends: Start inventorying cryptography use, test quantum-resistant algorithms, and plan migrations.
[14:10] Progress Towards Quantum:
Host plugs sister podcast highlighting tangible progress made by Google towards commercially viable quantum computers.

4. OpenClaw Fallout: Infrastructure Exposure, Not AI Runaway

[14:45] Security Scorecard’s Findings:
The OpenClaw incident isn’t about sentient AI or “runaway” machines—instead, it’s about misconfigured, overexposed supporting infrastructure:
- Risks: Weak access controls, exposed APIs/cloud services, rapid deployment outpacing security thinking.
- Research Response: Security Scorecard built a live dashboard to track exposures, with discoveries occurring so frequently it requires real-time monitoring.
- Quote [16:05]:
  
  “The real risk tied to OpenClaw is not runaway AI behavior... it’s exposed infrastructure.”
[16:50] Who’s at Risk:
IT and tech companies are among the most exposed—often through their own rapid, experimental deployments.
[17:30] Lessons Learned:
Today’s problems aren’t about a single breach or fix; it’s about fast-changing systems where security debt builds up quickly as complexity increases and oversight lags.
- Jim's Advice [18:00]:
  
  “Unless you’ve got it totally isolated and you know exactly what you’re doing at the command level, get anything from OpenClaw off your system and have somebody competent check it out.”

Memorable Quotes

“When those edge devices fail, everything’s exposed. It’s a disaster.” — Jim Love [05:30]
“Unsupported devices are enabling sustained cyber campaigns against critical infrastructure.” — Jim Love [06:00]
“When detection tools fail quietly, they don’t just stop threats, they stop work.” — Jim Love [10:00]
“Quantum computing doesn’t need to arrive suddenly to create risk. The risk window opens the moment attackers decide data is worth stealing today so it can be decrypted tomorrow.” — Jim Love [13:35]

Suggested Actions & Takeaways

Audit and update all edge devices; accelerate removal of unsupported hardware.
Strengthen credential and access controls, especially on perimeter devices.
Monitor and test endpoint security/dr detection logic; don’t blindly trust automated tools.
Inventory where cryptography is used and begin migration planning to post-quantum standards.
Proactively check for misconfigurations and exposures, especially after rapid system deployments or experimentation with new tools like OpenClaw.

Highlighted Segments with Timestamps

Unsupported Edge Devices: Advisory & Risks – [01:15–08:15]
Microsoft Exchange Phishing Detection Error – [09:00–11:30]
Google's Post-Quantum Crypto Push – [11:50–14:20]
OpenClaw Exposures and Actionable Advice – [14:45–18:10]

This episode underscores the importance of vigilance, timely updates, and proactive adaptation in the face of evolving, global-scale cyber threats. Jim Love’s insights bring both strategic overviews and practical, urgent warnings for CISOs, IT managers, and technical leaders.

Transcript

A (0:00)

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at meter.com CST Unsupported Edge devices are becoming a global infrastructure risk Microsoft Exchange Online flags legitimate emails as phishing. Google warns governments to start preparing now for post quantum cybersecurity and open claw. Fallout continues as new research finds growing infrastructure exposure this is Cybersecurity Today. I'm your host Jim Love. A new advisory from the Cybersecurity and Infrastructure Security Agency CISA landed this week with little noise it shouldn't have. It describes a problem that's already playing out in the real world in a big way. The update follows a cyber incident in Poland's energy sector. Attackers got into operational technology systems by exploiting vulnerable Internet facing edge devices. These are the systems that sit at the edge of the network firewalls, routers, VPN appliances, the gear that decides what gets in and what stays out. The incident itself is documented by SERT Polska and It happened in December 2025. We've covered it. It affected renewable energy sites, a combined heat and power plant and a manufacturing company. The attackers broke in through exposed edge devices, deployed wiper malware, damaged remote terminal units, wiped human machine interfaces, and corrupted firmware on operational technology equipment. Power generation fortunately continued, but but operators lost visibility and control. And that matters. Systems were running, but the people responsible for them couldn't reliably see what's happening or intervene if something went wrong. In industrial environments, that's not resilience, that's just huge risk. In power systems that can have a huge impact. If you pull a power system offline quickly, it can take the whole network with it in the same way. In industrial environments, this is not resilience, it's just risk. So CISA's message is straightforward. Unsupported edge devices are now one of the most reliable entry points for persistent threat actors. Once these devices reach end of vendor support, they stop receiving security updates. Any vulnerability that becomes public stays exploitable forever. In the Polish case, attackers also relied on default credentials to move deeper into industrial control systems. That's not a vendor specific flaw, it's a pattern we keep seeing across sectors and countries. When those edge devices fail, everything's exposed. It's a disaster. This advisory is tied to CISA's new binding Operational Directive 26. It orders US federal agencies to immediately update supported edge devices, identify all end of support devices within three months and remove those unsupported devices entirely over the following year. The language is calm, but the assessment is not Unsupported devices are enabling sustained cyber campaigns against critical infrastructure, and the scale of this problem is where things get uncomfortable. CISA didn't publish its internal list of end of support devices, probably for good reason, but independent research gives us a partial view. There was a study by Bishop Fox that identified tens of thousands of clearly unsupported Internet exposed devices and another couple of hundred thousand. Yes, I said it. A couple of hundred thousand that could not be definitively classified as because of visibility and configuration limits. And it's important to be clear about what that represents. That's one vendor ecosystem, one set of devices, just one. There are no reliable global counts, at least that I can find. But once numbers reach this type of range, precision stops being the point. There are unquestionably hundreds of thousands of exposed edge devices worldwide. When you include other vendors regions less visible deployments, that number plausibly reaches into the millions. And these devices aren't peripheral. They sit at the network perimeter. They hold and regulate privileged access, and they are often the only barrier between the Internet and operational technology that was never designed to be exposed in the first place. The Polish incident didn't cause a blackout, which is good news. The bad news is it showed how easily control and visibility can disappear when that edge quietly fails. Microsoft is investigating an issue in Exchange Online where legitimate emails are being incorrectly flagged as phishing and quarantined. The problem surfaced over the weekend and has affected organizations globally. According to reporting by Bleeping Computer, the false positives appear to be tied to Microsoft's anti phishing systems rather than customer misconfiguration. In many cases, emails sent from trusted external or even internal domains were suddenly classified as malicious, even though they passed standard authentication checks like spf, dkim and dmarc. For affected organizations, the impact was immediate and operational. Legitimate business emails were being diverted into quarantine, delayed or even blocked outright, with administrators left scrambling to determine whether they were facing an actual phishing campaign or a detection failure. In some cases, users were told messages were unsafe when they were anything but. Microsoft has acknowledged the issue and said it's reviewing recent changes to its detection logic. While the company has not confirmed a single root cause, it's indicated that adjustments were being made to reduce the false positives and restore normal mail flow. No evidence has been reported that the emails were genuinely malicious or that customer environments were compromised, so this is not a breach, but it's still a reminder of how much trust organizations place in automated security systems. When detection tools fail quietly, they don't just stop threats, they stop work. And when those tools sit inside managed cloud services, customers have limited visibility into what changed, when it changed, or why. Google is warning governments and industry that the transition to post quantum cybersecurity needs to start now, not later. In a new policy push and technical briefing, the company is arguing that waiting until practical quantum computers arrive will be too late to protect sensitive data. In a post published on the Google blog, the company says that the harvest now decrypt later threat is already real. Adversaries can steal encrypted data today and store it until future quantum systems are powerful enough to break widely used encryption methods like RSA and elliptic curve cryptography. Google's message is not that quantum computers are about to crack encryption tomorrow. It's that cryptographic transitions are slow, complex and deeply embedded. Replacing encryption across operating systems, cloud services, network devices and industrial systems can take a long time, they say, maybe even a decade or more. So the company is urging governments to accelerate adoption of post quantum cryptography standards, particularly those finalized by the U.S. national Institute of Standards and Technology. Google says organizations should begin inventorying where cryptography is used, testing quantum resistant algorithms, and planning staged migrations. Google's role here is notable. It has already deployed post quantum protections in parts of Chrome, Google Cloud and its internal infrastructure, giving it real experience with the trade offs involved. The core point is simple. Quantum computing doesn't need to arrive suddenly to create risk. The risk window opens the moment attackers decide data is worth stealing today so it can be decrypted tomorrow. And for anyone who thinks that quantum computers are a distant or theoretical problem, our sister podcast trending is running a story today on how Google has made real progress towards a commercially viable quantum computer. You can find it@technewsday.com under podcasts or just search for trending and Jim Love wherever you get your podcasts. Just when it seemed the Open Claw security incident might be settling down, new research shows the situation is still evolving, and in some ways it's getting worse. A report from Security Scorecard says the real risk tied to openclaw is not runaway AI behavior or speculative superintelligence fears it's exposed infrastructure. According to researchers, systems connected to OpenClaw are continuing to surface online with misconfigurations, weak access controls and unnecessary Internet exposure. Security Scorecard says the pace of discovery has been so fast that it's been necessary to build a live public dashboard to track all the newly identified exposures as they appear. That alone tells you this is not a static cleanup problem. The research highlights a familiar pattern rapid deployment, complex architectures and security controls that lag behind functionality. As organizations rushed to experiment with these agent based Systems and interconnected AI services supporting infrastructure, APIs, cloud services, orchestration layers were often left more exposed than intended. What's notable is what the report does not claim. There's no suggestion of sentient AI or science fiction scenarios, just exposed services over permissive access Internet facing systems that were never meant to be public. One detail in security Scorecard's live dashboard really stands out when exposures are broken down by industry, one of the leading adopters and the most exposed IT and technology companies themselves. There's no public data showing exactly how those systems are configured or how exposed they are internally. But given what we've already seen with Open Claw deployments, it's hard to rule anything out. So the Open Claw story is no longer about a single breach or a single fix. It's about how quickly modern systems can change and how easily security debt can accumulate when complexity outpaces visibility and architecture. What can we do? Well, check your organization. Check to see if you have any exposures and this is just my opinion, but I've said it many times. Unless you've got it totally isolated and you know exactly what you're doing at the command level, get anything from OpenClaw off your system and have somebody competent check it out. That's our show. We'd like to thank Meter for their support in bringing you this podcast. Meter delivers full stack networking infrastructure, wired, wireless and cellular to leading enterprises. Working with their partners, Meter designs, deploys and manages everything required to get performant, reliable and secure connectivity in a space. They design the hardware, the firmware, build the software, manage deployments and even run support. It's a single integrated solution that scales from branch offices to warehouses to large campuses, all the way to data centers. You can book a demo@meter.com CST that's M E T E R.com CST. I'm your host Jim Love. Thanks for listening.

Cybersecurity Today – Unsupported Edge Devices Present Global Threat, OpenClaw Threats Continue

Host: Jim Love
Date: February 11, 2026

Episode Overview

Key Discussion Points & Insights

1. Unsupported Edge Devices: A Looming Infrastructure Threat

[01:15] Real-World Incident:
Jim recounts a December 2025 cyber incident in Poland’s energy sector where attackers exploited vulnerable, internet-facing edge devices—like firewalls, routers, and VPNs—permitting deep access into operational technology systems.
- Impacted: Renewable energy sites, a combined heat and power plant, and a manufacturing company.
- Attack Details: Exposed devices were used to deploy wiper malware, damaging remote terminal units, human-machine interfaces (HMIs), and corrupting firmware.
- Consequence: While power generation continued, operators lost visibility and control, risking catastrophic interventions.
- Memorable Quote [03:35]:
  
  “Systems were running, but the people responsible for them couldn’t reliably see what’s happening or intervene if something went wrong. In industrial environments, that's not resilience, that’s just huge risk.” — Jim Love
[04:50] CISA’s Advisory & Directive:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a new binding operational directive (BOD 26) requiring federal agencies to:
- Update supported edge devices immediately.
- Identify all end-of-support devices within three months.
- Remove unsupported devices within a year.
- Rationale: Unsupported devices, lacking vendor patches, become ever-more vulnerable.
- Notable Finding: Attackers in Poland also used default credentials—a recurring, not vendor-specific, failing.
[06:25] Scale of the Problem:
Jim references a Bishop Fox study:
- “Tens of thousands of clearly unsupported internet-exposed devices, and another couple of hundred thousand that could not be definitively classified... That’s one vendor ecosystem, just one.”
- “There are unquestionably hundreds of thousands of exposed edge devices worldwide. When you include other vendors, regions, less-visible deployments, that number plausibly reaches into the millions.”
[07:15] Devices as Vulnerable Perimeters:
These edge devices guard privileged access and are often the last line of defense between the Internet and critical infrastructure—many never meant to be internet-exposed.
- Core Message [08:05]:
  
  “Unsupported edge devices are now one of the most reliable entry points for persistent threat actors.” — Jim Love

2. Microsoft Exchange Online Flags Legitimate Emails as Phishing

[09:00] Recent Outage:
Over the past weekend, Microsoft Exchange Online erroneously flagged and quarantined legitimate emails as phishing worldwide.
- Affected internal and external emails, despite passing SPF, DKIM, and DMARC checks.
- Confused admins struggled to determine if an actual phishing attack was underway or if this was a product failure.
- Quote [10:00]:
  
  “Detection tools fail quietly—they don’t just stop threats, they stop work.”— Jim Love
[10:25] Microsoft’s Response:
MS acknowledged the issue, traced it to anti-phishing detection logic changes, and is adjusting configurations to resolve false positives.
- No evidence of a breach—just a disruptive breakdown in automated trust.
[11:10] Takeaway:
Cloud-hosted, automated security systems offer little transparency to customers, amplifying operational risk when systems misfire.

3. Google: Prepare Now for Post-Quantum Cybersecurity

[11:50] Google’s Warning:
Google urges governments and industry to start now on transitioning to post-quantum cryptography. Waiting until quantum computers are viable will be far too late.
- Threat: “Harvest now, decrypt later”—adversaries steal and store encrypted data today, break it when quantum computers arrive.
- Quote [13:10]:
  
  “Cryptographic transitions are slow, complex, and deeply embedded. Replacing encryption... can take a decade or more.” — Jim Love summarizing Google’s position
[12:45] Google Actions:
Already deploying post-quantum solutions internally, in Chrome, and in Google Cloud.
- Recommends: Start inventorying cryptography use, test quantum-resistant algorithms, and plan migrations.
[14:10] Progress Towards Quantum:
Host plugs sister podcast highlighting tangible progress made by Google towards commercially viable quantum computers.

4. OpenClaw Fallout: Infrastructure Exposure, Not AI Runaway

[14:45] Security Scorecard’s Findings:
The OpenClaw incident isn’t about sentient AI or “runaway” machines—instead, it’s about misconfigured, overexposed supporting infrastructure:
- Risks: Weak access controls, exposed APIs/cloud services, rapid deployment outpacing security thinking.
- Research Response: Security Scorecard built a live dashboard to track exposures, with discoveries occurring so frequently it requires real-time monitoring.
- Quote [16:05]:
  
  “The real risk tied to OpenClaw is not runaway AI behavior... it’s exposed infrastructure.”
[16:50] Who’s at Risk:
IT and tech companies are among the most exposed—often through their own rapid, experimental deployments.
[17:30] Lessons Learned:
Today’s problems aren’t about a single breach or fix; it’s about fast-changing systems where security debt builds up quickly as complexity increases and oversight lags.
- Jim's Advice [18:00]:
  
  “Unless you’ve got it totally isolated and you know exactly what you’re doing at the command level, get anything from OpenClaw off your system and have somebody competent check it out.”

Memorable Quotes

“When those edge devices fail, everything’s exposed. It’s a disaster.” — Jim Love [05:30]
“Unsupported devices are enabling sustained cyber campaigns against critical infrastructure.” — Jim Love [06:00]
“When detection tools fail quietly, they don’t just stop threats, they stop work.” — Jim Love [10:00]
“Quantum computing doesn’t need to arrive suddenly to create risk. The risk window opens the moment attackers decide data is worth stealing today so it can be decrypted tomorrow.” — Jim Love [13:35]

Suggested Actions & Takeaways

Audit and update all edge devices; accelerate removal of unsupported hardware.
Strengthen credential and access controls, especially on perimeter devices.
Monitor and test endpoint security/dr detection logic; don’t blindly trust automated tools.
Inventory where cryptography is used and begin migration planning to post-quantum standards.
Proactively check for misconfigurations and exposures, especially after rapid system deployments or experimentation with new tools like OpenClaw.

Highlighted Segments with Timestamps

Unsupported Edge Devices: Advisory & Risks – [01:15–08:15]
Microsoft Exchange Phishing Detection Error – [09:00–11:30]
Google's Post-Quantum Crypto Push – [11:50–14:20]
OpenClaw Exposures and Actionable Advice – [14:45–18:10]

wavePod

Unsupported Edge Devices Present Global Threat, OpenClaw Threats Continue - Cybersecurity Today

Summary

Cybersecurity Today – Unsupported Edge Devices Present Global Threat, OpenClaw Threats Continue

Episode Overview

Key Discussion Points & Insights

1. Unsupported Edge Devices: A Looming Infrastructure Threat

2. Microsoft Exchange Online Flags Legitimate Emails as Phishing

3. Google: Prepare Now for Post-Quantum Cybersecurity

4. OpenClaw Fallout: Infrastructure Exposure, Not AI Runaway

Memorable Quotes

Suggested Actions & Takeaways

Highlighted Segments with Timestamps

Transcript

Summary

Cybersecurity Today – Unsupported Edge Devices Present Global Threat, OpenClaw Threats Continue

Episode Overview

Key Discussion Points & Insights

1. Unsupported Edge Devices: A Looming Infrastructure Threat

2. Microsoft Exchange Online Flags Legitimate Emails as Phishing

3. Google: Prepare Now for Post-Quantum Cybersecurity

4. OpenClaw Fallout: Infrastructure Exposure, Not AI Runaway

Memorable Quotes

Suggested Actions & Takeaways

Highlighted Segments with Timestamps