Only Rails 6.x and 5.2.x are getting security updates. Plan your development accordingly.
https://rubyonrails.org/security/
Jason Karns was kind enough to pass along this awesome upgrade helper for Rails:
https://blog.testdouble.com/posts/2019-09-03-3-keys-to-upgrading-rails
I regularly write apps up for failure to disable autofill, and this article is a good explainer.
https://www.social-engineer.com/disable-autofill-browsers/
Bruce has a really good set of reasoning on why there is no difference between "commercial" encryption and "consumer" encryption.
https://www.schneier.com/blog/archives/2019/08/the_myth_of_con.html
iOS doesn't get a lot of malware love because it's only 12% of the phone market, but the bad guys realized that 12% has a lot of money, so here are a BOATload of exploits that Google found them.
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html?m=1
I also write folks up for clickjacking a lot, and it is making a comeback. It's just a header people, add it.
https://nakedsecurity.sophos.com/2019/08/29/web-clickjacking-fraud-makes-a-comeback-thanks-to-javascript-tricks/
Some RCE flaws discovered in PHP. Update if you can, mitigate if you can't.
https://thehackernews.com/2019/09/php-programming-language.html?m=1
That's the news. Stay safe.