A security researcher discovered a vulnerability in Avelo Airlines' reservation API that allowed a brute-force attack to access sensitive passenger information. The flaw stemmed from missing last name verification and lack of rate limiting, enabling attackers to retrieve personal data in just hours.

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress has a serious vulnerability that lets subscribers access any file on the server, risking exposure of sensitive information. Versions 4.23.81 and earlier are affected, but a patch was released shortly after the issue was reported. Users are advised to update their plugin to avoid potential attacks.