CISA Adds Ivanti EPMM to KEV Catalog
CISA has added CVE-2026-1281 to its Known Exploited Vulnerabilities catalog. This code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) allows unauthenticated remote code execution. Federal agencies are mandated to remediate this vulnerability by February 1, 2026, signaling extreme urgency for the private sector.
Microsoft Reports “Trillion Token” Momentum
During the Q2 2026 earnings call, CEO Satya Nadella reported that 250+ customers are on track to process 1 trillion tokens annually on Azure Foundry. Microsoft is now optimizing for “tokens per watt per dollar,” signaling that AI has moved from speculative investment to an industrial-scale infrastructure utility.
FedRAMP Cybersecurity Service Launch
Director Pete Waterman announced a new internal “Cybersecurity Service” to automate the FedRAMP authorization process. By hiring dedicated security engineers, GSA intends to move away from legacy manual reviews toward real-time, automated monitoring for Cloud Service Providers (CSPs).
NSA Zero Trust ZIGs Released
The NSA has published the Discovery and Phase Two Zero Trust Implementation Guidelines (ZIGs). These documents provide a modular blueprint for aligning with the Department of Defense Zero Trust Strategy, focusing on continuous authentication and inventory-driven enforcement.
California SB 53: Active Enforcement
As of February 1, 2026, the “Frontier AI Act” (SB 53) is in active enforcement. Developers of foundation models trained above 10²⁶ (10 to the 26th power) FLOPs must maintain standardized safety frameworks and incident reporting protocols or face penalties up to $1 million per violation.
Sources:
* https://www.cisa.gov/news-events/alerts/2026/01/29/cisa-adds-one-known-exploited-vulnerability-catalog
* https://www.microsoft.com/en-us/investor
* https://www.meritalk.com/articles/waterman-teases-new-fedramp-cybersecurity-service-for-2026/
* https://www.nsa.gov/Press-Room/
* https://leginfo.legislature.ca.gov/
Topics We’re Tracking (But Didn’t Make the Cut):
* CISA KEV: Microsoft Office Security Feature Bypass (CVE-2026-21509).
* GSA “FedRAMP 20x” Phase Two pilot cohort announcements.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit theexchangedaily.substack.com
