Account Takeover by chaining two vulnerabilities.

CSRF Bypass Using Domain Confusion Leads To ATO

Interesting Story of an Account Takeover Vulnerability

Self-XSS to ATO via Site Features

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center