Some context on the source:

c't is a German computer magazine that has been around since the early 80s. It has a very good reputation for journalistic quality, expertise and thoroughness of investigations.

heise is the publisher that owns c't, hence the url.

There is now an official english translation: https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multipl...

c't and heise are not known to make statements like this willy-nilly. If they say it's serious, I would assume it is indeed serious.

Does anybody know why this is still not page 1?

Current Place 41:

33 points 3 hours ago, 4 comments

For comparison:

25. Differentiable Programming: A Semantics Perspective (barghouthi.github.io) 54 points by matt_d 12 hours ago | flag | hide | 11 comments

26. The Pain Hustlers (nytimes.com) 62 points by farseer 10 hours ago | flag | hide | 17 comments

Looks like there is some penalty involved.

TLDR;

The bugs are currently exclusive to c't (a German IT magazine closely linked to heise.de) and they could confirm those bugs "in several ways".

[IMO: c't and heise.de are considered both first class sources in Germany]

Technical details won't be published in order to give manufacturers time to respond.

Still, they are a consequence of the same architectural problem as Specter, hence labelled Specter-NG

There are indications that at least some ARM CPUs are vulnerable and AMD CPUs are still being tested.

Intel estimates the risk to be "high" for four and "medium" for another four.

C't itself considers at least one "extremely high" because it would allow for controlling the host system from within a VM, or accessing other VMs on the same system. This was also possible for the original specter bugs but this specific attack would be much easier as it required "much less detailed knowledge".

Here is the google translation: https://translate.google.com/translate?hl=de&sl=de&tl=en&u=h...

Guru3d: http://www.guru3d.com/news-story/eight-new-spectre-variant-v...