OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect

Interesting Story of an Account Takeover Vulnerability

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Forced SSO Session Fixation

Account takeover on 8 years old public program

$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover