So it's the usual
Media are having a fieldday over someone overstating their own non-peer-reviewed embiggened "research conclusion". Color me surprised...
(We need a "Nicolas Cage/You don't say" icon)
Just as quickly as a panic emerged about vulnerable 4096-bit RSA keys, it's been defused. The discussion started with this brief post at Loper-OS, with the headline claim that: “I am pleased to announce that we have now broken a 4096-bit RSA key, as well as its factor-sharing counterpart (yet to be determined, but won’t wait …
The thing is that anyone reading the original article would notice that p could be divided by 3. Which was a dead giveaway that either the key was broken, or that particular RNG was, or the key validation procedure was b0rked. Even the dude that published that was less concerned with cracking a 4096 bit key and more concerned on what would generate a key with a stupidly small prime number.