Oauth Misconfiguration lead to complete account takeover

CSRF Bypass Using Domain Confusion Leads To ATO

AI Under Siege: Discovering and Exploiting Vulnerabilities

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

Self XSS + Login CSRF + OAuth = Account Takeover

Interesting Story of an Account Takeover Vulnerability