Recently, we had the XZ backdoor, discovered by sheer luck and nerdiness determination, as a dev started noticing an unexpected delay on SSH connections.
Yesterday, a new bug was discovered, again by the fact that someone simply noticed an odd behavior and decided to test further. In specific SQLite versions, if you tried to CREATE TABLE where the table name started with a number, the operation would take at least 1000x times longer than expected.
Now, everyone who works in IT has a similar story. I have lots of these, like the time I discovered an unhappy colleague was stealing confidential documents from the company, as I noticed the download/upload rate was strangely low and then stayed the whole morning looking at the network output of the proxy server via SSH.
Those stories where someone couldn't let an odd situation slip and then discovered a huge problem always amazed me. What's yours?