The Qualys Threat Research Unit analysis of one billion CISA KEV remediation records across 10,000 organizations documents a structural patch-lag crisis: exploitation of high-profile vulnerabilities is occurring an average of seven days before enterprises begin remediation, and the share of critical vulnerabilities open at Day 7 post-disclosure has worsened from 56% to 63% despite organizations closing more vulnerabilities in absolute terms. This is a strategic finding directly relevant to the other items in this rollup — Marimo was exploited within 10 hours of disclosure, Ivanti’s KEV remediation deadline is today, and Fortinet has a hotfix-only state with a full patch pending. Organizations should audit their KEV backlog immediately, establish a pre-authorized emergency patch track for KEV-class findings, and ensure compensating controls (EDR, network segmentation, exploit prevention) are active on public-facing systems during patching gaps.