This week we discuss AMD's release of their long-awaited Spectre variant 2 microcode patches, the end of Telegram Messenger in Russia, the on-time arrival of Drupalgeddon2, Firefox and TLS v1.3, the new and widespread UPnProxy attacks, Microsoft's reversal on no longer providing Windows security updates without AV installed, Google Chrome's decision to prematurely remove HTTP cookies, the Android "patch gap," renewed worries over old and insecure Bitcoin crypto, new attacks on old IIS, a WhatsApp photo used for police forensics, and an IoT vulnerability from our You Can't Make This Stuff Up department.