100% agree that this is not a comprehensive analysis.

For instance, recently a core Monero dev published something called OSPEAD which is a proposed fix to the "Map Decoder Attack" which he also publicly disclosed at the same time : https://github.com/Rucknium/OSPEAD

The TLDR is that Monero has about 75% less privacy than anybody thought, and this attack is still "live" in production. It requires a mandatory upgrade by every node on the network to fix and as far as I know, no fix has been decided upon yet. The attack can be combined with other attacks to completely de-anonymize transactions. I recently wrote about the bug and my proposed mitigation that users can do to regain privacy here: https://duke.hush.is/memos/6/ . AMA, if you desire.

This attack (and mitigation) is not getting the attention it deserves, partially because it is technical and hard to explain and partially because it does not serve the interests of content marketers and Monero influencers.

Monero is indeed moving to ZK proofs because they are mathematically superior in every way. At a very high level, they are moving towards being more like Zcash but they are not using Zcash ZK machinery, they are rolling their own. They are called "Full Chain Membership Proofs" or FCMPs. You can read the paper about those here: https://github.com/kayabaNerve/fcmp-plus-plus-paper/blob/dev...

As another example, recently an anonymous researcher published http://maldomapyy5d5wn7l36mkragw3nk2fgab6tycbjlpsruch7kdninh... (you will need Tor Browser to access that) which explains how the Monero network is being spied on by malicious nodes, with the end result being that transaction id's can be linked to IP addresses.

There are various other examples of de-anonymization attacks on Monero but OSPEAD and network spying (which can be combined) are some of the worst, because they are very inexpensive and effective.