Ledger's Donjon announced that they managed to fault one of the two secure elements included in Coldcard Mk4. The vulnerability was responsibly disclosed to Coinkite and the manufacturer prior to the announcement.

Coinkite detailed how the Ledger team was still unable to access the seed, since doing so requires compromising both secure elements, as well as the main processor.

However, as @joko points out, Ledger's presentation indicates that the 1st secure element was already attacked prior to that. Which would leave us with only the main processor, and leaves me a bit puzzled as to Coinkite's communication.

Anyone got some intel to share?