They seem to have developed a new

Also, instead of providing the actual vulnerability, they are providing a zk proof of it:

we rigorously substantiate our resource estimates by sharing a cryptographic zero-knowledge (ZK) proof [41,42] that enables trustless third parties to cryptographically verify the estimates without access to the underlying attack details. Specifically, we publish a ZK proof that we have compiled two quantum circuits for solving the 256-bit ECDLP: one with 1200 logical qubits and 90 million Toffoli gates and one with 1450 logical qubits and 70 million Toffoli gates.

They distinguish between slow-clock quantum computers and fast-clock quantum computers based on superconducting materials. Apparently this is where they think the speed up in private key cracking can be found.

They do claim that this might make it possible to crack a private key in the 10 minute window that would be relevant to mempool attacks (on-spend attacks), but it's important to note that one needs a 500,000 physical qubit quantum computer to do this, and what they have now is at most 1200.

They also describe a new type of attack (not just trying to crack a key from a previously exposed public key, nor trying to crack a key from a newly exposed public key in the mempool. But this attack is not relevant to Bitcoin:

Attacks targeting fixed public protocol parameters that produce a universal reusable backdoor into a cryptographic protocol. The backdoor is created by means of a one-time off-line quantum computation on a CRQC and subsequent attacks utilizing it are executed on a classical computer. For example, an on-setup attack may involve the use of Shor’s algorithm to recover the so-called “toxic waste” discarded in a powers-of-tau trusted setup ceremony [69]. While the Bitcoin blockchain is immune to on-setup attacks, some scaling solutions, such as Ethereum’s Data Availability Sampling mechanism, and privacy protocols, such as Tornado Cash [70], are vulnerable to this especially insidious attack mode.