Portswigger has some good research on a new angle for cross-site leak attacks:
https://portswigger.net/research/xs-leak-leaking-ids-using-focus
Serverless inftastructures are slipping through the cracks as far as security testing goes. Here's a new tool for Amazon Lambda - hopefully it leads to more.
https://www.darknet.org.uk/2019/10/lambdaguard-aws-lambda-serverless-security-scanner/
Mozilla isolated an interesting RCE bug in iTerm2:
https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/
Eric Lawrence (of Fiddler fame) has a good writeup on Chrome's new direction for cookies:
https://textslashplain.com/2019/09/30/same-site-cookies-by-default/
And that's the news.