ZDL

Zero Day Logs

Welcome to Zero Day Logs , the podcast that dissects the most consequential cybersecurity breaches of our time. We go beyond the headlines to reconstruct exactly how the world's most heavily defended networks are actually dismantled—focusing not just on the technical exploits, but the structural flaws, human errors, and critical executive decisions that determine who survives and who pays. From billion-dollar hospitality empires brought to a standstill by a single, well-researched phone call to an IT help desk , to global identity gatekeepers compromised by contractor laptops and standard diag...

Author

ZDL

Category

Technology

Podcast website

www.zerodaylogs.com

Latest episode

Jul 10, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

The Sony Pictures Hack: The Warning and the Weapon Arrived the Same Day 10.07.2026

In November 2014, a nation-state reached into a Hollywood studio and burned its network to the ground. This is the Sony Pictures Entertainment hack, told for your ears. It began with one email in September, disguised as an advertising video, and two quiet months in which the attackers learned the name of nearly every machine on the network. Then, on November 24, the Guardians of Peace lit up every...

LinkedIn: 700 Million Profiles and the Password Recycling Economy 03.07.2026

Six and a half million LinkedIn passwords leaked in 2012. The real number was 167 million — and nobody knew for four years. This episode is the full anatomy of the LinkedIn breach: how an attacker turned one employee's personal side-project into a full corporate network compromise, why the decision not to "salt" its password hashes turned a contained incident into a catastrophe, and...

Home Depot: 56 Million Cards, One Vendor Password 26.06.2026

In 2014, attackers walked into Home Depot's network with a password stolen from a third-party vendor — and walked out with 56 million payment cards. The tool they used to move around inside was a genuine zero-day, the kind of flaw nation-states pay millions for. The harder part to explain is everything that was already wrong when they arrived: no multi-factor authentication, antivirus seven y...

Pearson: The Patch That Sat Unapplied Six Months 19.06.2026

A critical security patch sat unapplied on a Pearson education platform for six months. By the time it was found, data on roughly 11.5 million student records across some 13,000 schools and universities had been taken — and Pearson described the breach to investors as a "hypothetical" risk. The SEC disagreed. This is the story of the distance between knowing and acting: a documented flaw...

How Uber Hid a Breach of 57 Million People 12.06.2026

On November 14, 2016, two hackers told Uber they had the personal records of 57 million users and drivers. What Uber did next wasn't a breach response — it was a cover-up: a $100,000 payment disguised as a bug-bounty reward, false NDAs, and a year of silence while a binding FTC order required disclosure. The breach itself was fixable. The concealment became the first criminal conviction of a...

Yahoo: 3 Billion Accounts, Four Years Hidden 05.06.2026

Three billion user accounts. Two separate breaches. Four FSB-directed operatives. And nearly two years of silence between what Yahoo's security team knew and what the public was told. This episode traces the full operation from the spear phishing campaign that opened the door, through the forged authentication cookies that bypassed every login screen, to the SEC enforcement action that establ...

Colonial Pipeline: From Legacy VPN to Bitcoin Seizure — The Complete Breakdown 29.05.2026

One leaked password. No multi-factor authentication. Nine days undetected. In May 2021, a compromised VPN credential — found on the dark web, tied to a former employee's account, protected by nothing more than a single password — gave DarkSide ransomware operators access to Colonial Pipeline's IT network. What followed: 100 gigabytes of stolen data, encrypted systems, a $4.4 million Bitc...

Target — Certified Compliant, Breached Eight Weeks Later 22.05.2026

On September 20, 2013, Target Corporation was certified compliant with the Payment Card Industry Data Security Standard. Eight weeks later, malware was running on nearly every cash register in the company's 1,793 stores. This episode traces the full attack path — from a stolen HVAC contractor password to 40 million compromised payment cards — and examines why every control that could have sto...

How Equifax Lost 147 Million Social Security Numbers 15.05.2026

A critical vulnerability was disclosed. A patch was released the same day. Equifax was warned directly. The patch was never applied. Two months later, attackers walked through the door — and spent seventy-six days inside a system holding 147 million Social Security numbers. Episode 5 covers the full 2017 Equifax breach — the Apache Struts vulnerability, the scanner that missed, the certificate tha...

The Twitter/X Breach — July 2020 12.05.2026

On July 15, 2020, the verified Twitter accounts of Barack Obama, Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, Apple, and Uber were hijacked simultaneously. Every account posted the same Bitcoin scam. The attacker was a 17-year-old in Tampa, Florida. This episode reconstructs how a series of phone calls defeated Twitter's multi-factor authentication through a real-time credential relay, how a...

SolarWinds: The Update That Wasn't 05.05.2026

In the spring of 2020, up to 18,000 organizations installed a software update from a trusted vendor. It was signed. It was verified. Every security check said it was clean. Every one of those checks was correct. What they couldn't verify was what was inside the package before the seal was applied. This is the full story of SUNBURST — how Russia's SVR compromised SolarWinds' build pi...

The Support Ticket That Opened Every Door 28.04.2026

In 2022, a teenager posted screenshots from inside the company that controls the login page for 18,000 organisations — not by breaking through a firewall, but through a contractor's compromised laptop. Twenty months later, it happened again. This time through a diagnostic file uploaded to a support ticket. This is the full story of both Okta breaches — how a contractor's laptop, a creden...

How One Phone Call Cost MGM $100 Million 21.04.2026

In September 2023, one of the largest casino and hospitality companies on Earth was brought to a standstill — not by malware, not by a state-sponsored strike, but by a single phone call to an IT help desk. This is the full story of how Scattered Spider exploited the gap between trust and verification — from a LinkedIn search to a rogue Identity Provider inside MGM's Azure AD tenant — and how...

Listen to the Zero Day Logs podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.