Alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise to Russia last week, three agencies published a joint advisory (Advisory) warning of the Russian Foreign Intelligence Service’s (SVR) exploitation of five publicly known vulnerabilities. We unpack the details of the Advisory, including the steps it offers companies to protect their systems against the SVR’s malicious cyber activities, and discuss its impact, vulnerability management challenges and how to achieve a more mature overall information security program. See our two-part series on digital identity management in a post-pandemic world: “A Framework for Identity-Centric Cybersecurity” (Mar. 24, 2021); “SolarWinds, Zero Trust and the Challenges Ahead” (Mar. 17, 2021).