Zero Day Logs Titelbild

Zero Day Logs

Zero Day Logs

Von: ZDL
Jetzt kostenlos hören, ohne Abo

Welcome to Zero Day Logs, the podcast that dissects the most consequential cybersecurity breaches of our time. We go beyond the headlines to reconstruct exactly how the world's most heavily defended networks are actually dismantled—focusing not just on the technical exploits, but the structural flaws, human errors, and critical executive decisions that determine who survives and who pays.


From billion-dollar hospitality empires brought to a standstill by a single, well-researched phone call to an IT help desk , to global identity gatekeepers compromised by contractor laptops and standard diagnostic files, each episode maps the attack path step-by-step. We break down the underlying enterprise architecture—explaining concepts like multi-factor authentication, federated identity, and zero-trust frameworks—so you understand the mechanics of the collapse.


Whether you are a security professional defending a network, or simply someone trying to understand how the digital infrastructure we all depend on actually fails, Zero Day Logs provides the unvarnished autopsy. We explore the uncomfortable reality of modern digital defense: that the weakest link is rarely a piece of software, but the human processes and vendor relationships where trust is extended and verification is skipped.


Find full technical breakdowns, attack timelines, and defensive configurations for every episode at zerodaylogs.com.

© 2026 Zero Day Logs
Management & Leadership True Crime Ökonomie
  • LinkedIn: 700 Million Profiles and the Password Recycling Economy
    Jul 3 2026

    Six and a half million LinkedIn passwords leaked in 2012. The real number was 167 million — and nobody knew for four years.

    This episode is the full anatomy of the LinkedIn breach: how an attacker turned one employee's personal side-project into a full corporate network compromise, why the decision not to "salt" its password hashes turned a contained incident into a catastrophe, and how a single stolen database seeded a decade of credential-stuffing attacks against unrelated platforms.

    We walk through how the intrusion actually happened (and why the widely-reported SQL injection explanation was wrong), what password hashing is and why salting matters, why 160 million accounts were left crackable for four years, and the one password habit that connects the entire story to you.

    Zero Day Logs is a documentary series on the security failures that shaped the internet.

    Mehr anzeigen Weniger anzeigen
    20 Min.
  • Home Depot: 56 Million Cards, One Vendor Password
    Jun 26 2026

    In 2014, attackers walked into Home Depot's network with a password stolen from a third-party vendor — and walked out with 56 million payment cards. The tool they used to move around inside was a genuine zero-day, the kind of flaw nation-states pay millions for. The harder part to explain is everything that was already wrong when they arrived: no multi-factor authentication, antivirus seven years out of date, the dedicated firewall switched off, and the card data moving in plain text. This episode walks through how the breach actually worked — and why the warnings that could have stopped it had already been sent, twice.

    (0:00) Intro
    (1:03) Home Depot and the payment rails
    (2:03) The way in: a vendor password
    (4:25) What a zero-day actually is
    (5:20) 7,500 registers and a watcher in memory
    (8:15) Five months of dwell time
    (9:55) How the banks found it first
    (11:23) Disclosure, response, and the bill
    (12:54) What was waiting: the warnings ignored
    (16:08) Defenses from the year of the iPhone
    (19:34) Chip-and-PIN, a CISO, and the unnamed
    (21:06) The distance between a warning and a check

    Free one-page technical breakdown PDF: zerodaylogs.com
    Sources are listed on the episode page at zerodaylogs.com.

    Mehr anzeigen Weniger anzeigen
    22 Min.
  • Pearson: The Patch That Sat Unapplied Six Months
    Jun 19 2026

    A critical security patch sat unapplied on a Pearson education platform for six months. By the time it was found, data on roughly 11.5 million student records across some 13,000 schools and universities had been taken — and Pearson described the breach to investors as a "hypothetical" risk. The SEC disagreed.

    This is the story of the distance between knowing and acting: a documented flaw, an available fix, and the gap in between.

    Chapters:
    (0:00) The Call From the FBI
    (1:14) Pearson and AIMSweb
    (2:38) What Remote Code Execution Means
    (3:40) The Patch That Was Never Applied
    (5:14) Inside the Breach
    (8:52) Four Months, Undetected
    (10:30) What "Material" Means to the SEC
    (12:01) The Notification Letters
    (13:07) "A Hypothetical Risk"
    (14:55) The Decade-Long Campaign
    (16:54) The SEC Charge
    (18:42) Knowing vs. Acting
    (19:22) Takeaways

    Free one-page technical breakdown: https://zerodaylogs.com
    Watch the full video version on YouTube: [video URL]

    Sources: SEC enforcement order (2021); DOJ indictment (2020); UK ICO penalty notice; Pearson Form 6-K (2019); state AG notifications.

    Mehr anzeigen Weniger anzeigen
    20 Min.
adbl_web_anon_alc_button_suppression_t1
Noch keine Rezensionen vorhanden