The initial scan reported 7 Security Hotspots in my code with an E rating. Sonarcloud rescanned when I made update to the README.md file and the new code is showing 0 Security Hotspots with an A rating. Am I missing something here?
It sounds like you have 7 hotspots on Overall Code, but none of New Code since the second scan (you can consider the first scan a baseline, and everything after being considered New). Read more about Clean as You Code here.
If you filter to Overall Code on the Security Hotspots tab of your project, are the hotspots there?