The vulnerability has been known for a long time as have others, there are dozens, perhaps 100s of state sponsored actors like North Korea, actively going people funds. If there was a real substantial risk the coins would have been moved long ago.
But a quick internet search shows that North Korea are continuing to steal coins through various "hacks". And then there are the cases like Atomic wallet, which has been around for years, suddenly losing millions of dollars worth of coins. Just because something hasn't been hacked
yet doesn't mean it's secure indefinitely. If I generated a private key with 50 bits of entropy, then it might last long enough to fund and and then spend from within a day or two, but if you store coins on it long term then they
will be stolen eventually.
The fact that people are still generating wallets that hold real amounts of funds with just a PC / phone and not a hardware device or a 2nd airgapped machine is more of a risk.
You will still see lots of people on this forum "recommend" that people download bitaddress or iancoleman and run it on an airgapped machine in order to generate a private key or seed phrase. While these tools should obviously be ran on an airgapped when using them to interact with pre-existing private keys or seed phrases, I've long argued against using any website, airgapped or not, to generate entropy from scratch.