315
Secure Boot is completely broken on 200+ models from 5 big device makers
(arstechnica.com)
This is a most excellent place for technology news and articles.
Right. Their advice for the general public is a mix of "best practice" and risk. If an exploit is not actively exploited in the wild, they'll probably sit on it for intelligence purposes and instead recommend best practices (which are good) that doesn't impact their ability to use the exploit.
So trust them when they say do X, but don't take silence to mean you're good.