Breaking TikTok: Our Journey to Finding an Account Takeover Vulnerability

Self-XSS to ATO via Site Features

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS

Self XSS + Login CSRF + OAuth = Account Takeover

Interesting Story of an Account Takeover Vulnerability