Disclosing an actively used exploit is is usually not treated the same as a typical vulnerability report.