Details are almost non-existant as the bugs are currently embargoed. However, it appears that there are a pair of additional attacks taking advantage of speculative execution issues in CPUs.
They are branded as Skyfall and Solace, which will, of course, making playing "Bond Movie or Branded CVE" more difficult. The page to watch is here: https://skyfallattack.com, so we'll see how this unfolds.
If, like the last two, these are really just read-only attacks then at least that is something. However, depending on difficulty and reliability of the exploit, I expect that cloud providers will once again provide the juiciest attack surface.
-- wdf//CISSP, CSSLP