3rd party verification is needed indeed... but, I'd be willing to bet these are all/mostly all real, just blown out of proportion.
EDIT: https://safefirmware.com/CTO+Letter.pdf
I don't think that letter changes the situation at all, at least IMO.
I do think that technically the attack vectors are real, but as you said, blown completely out of proportion and also their attack on the firmware of the PSP was already known with a fix incoming. They tweaked it slightly but it's basically the same thing (as far as we can tell without any real technical details) and the fix should still apply in their case.