Story of Abusing a Fully Secured Redirect URI in an OAuth Flow

Interesting Story of an Account Takeover Vulnerability

Self-XSS to ATO via Site Features

CSRF Bypass Using Domain Confusion Leads To ATO

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System