Their "cyber pandemic" claim was over a Windows DNS vulnerability which - 3 years later - never got exploited in the wild. At some stage I need to make a public database of vendor security claims, and then keep track over time which ones are actually correct.