Sub Domain Takeover
This consists in someone pointing their legit subdomain to a 3rd party service's subdomain, such as Heroku, Amazon S3, etc. and never claiming this external party's subdomain. This beauty of 1,000$ explains it all. Stale assets, be it subdomains or tokens, always have potential for exploitation.