Troy Hunt

You'll Soon Be Able to Sign in to Have I Been Pwned (but Not Login, Log in or Log On)

How do seemingly little things manage to consume so much time?! We had a suggestion this week that instead of being able to login to the new HIBP website, you should instead be able to log in. This initially confused me because I've been used to logging on to things for decades:

So, I went and signed in (yep, different again) to X and asked the masses what the correct term was:

When accessing your @haveibeenpwned dashboard, which of the following should you do? Preview screen for reference: https://t.co/9gqfr8hZrY

— Troy Hunt (@troyhunt) April 23, 2025

Which didn't result in a conclusive victor, so, I started browsing around.

Cloudflare's Zero Trust docs contain information about customising the login page, which I assume you can do once you log in:

Another, uh, "popular" site prompts you to log in:

After which you're invited to sign in:

You can log in to Canva, which is clearly indicated by the HTML title, which suggests you're on the login page:

You can log on to the Commonwealth Bank down here in Australia:

But the login page for ANZ bank requires to log in, unless you've forgotten your login details:

Ah, but many of these are just the difference between the noun "login" (the page is a thing) and the verb "log in" (when you perform an action), right? Well... depends who you bank with 🤷‍♂️

And maybe you don't log in or login at all:

Finally, from the darkness of seemingly interchangeable terms that may or may not violate principles of English language, emerged a pattern. You also sign in to Google:

And Microsoft:

And Amazon:

And Yahoo:

And, as I mentioned earlier, X:

And now, Have I Been Pwned:

There are some notable exceptions (Facebook and ChatGPT, for example), but "sign in" did emerge as the frontrunner among the world's most popular sites. If I really start to overthink it, I do feel that "log[whatever]" implies something different to why we authenticate to systems today and is more a remnant of a bygone era. But frankly, that argument is probably no more valid than whether you're doing a verb thing or a noun thing.

News ≈ Packet Storm

Code Found Online Exploits LogoFAIL To Install Bootkitty Linux Backdoor

News ≈ Packet Storm

Ubuntu Affected By 10-Year-Old Flaws In needrestart Package

News ≈ Packet Storm

Helldown Ransomware Evolves To Target VMware Systems Via Linux

News ≈ Packet Storm

Thousands Of Linux Systems Infected By Malware Since 2021

News ≈ Packet Storm

Attacking Unix Systems Via CUPS, Part I

News ≈ Packet Storm

New Hadooken Linux Malware Targets WebLogic Servers

News ≈ Packet Storm

A Deep Dive Into CVE-2023-2163: How Google Found And Fixed An eBPF Linux Kernel Vulnerability

News ≈ Packet Storm

New SLUBStick Attack Makes Linux Kernel Vulnerabilities More Dangerous

News ≈ Packet Storm

VMware ESXi Servers Targeted By New Linux Ransomware Variant

News ≈ Packet Storm

Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug

News ≈ Packet Storm

CISA Warns Of Exploited Linux Kernel Vulnerability

The Hacker News

Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024

Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of

The Hacker News

Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. The company said it's issuing the advisory due to "heightened geopolitical tensions and adversarial cyber activity globally." To that end, customers are required to take immediate

The Hacker News

Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings

Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. "As adversarial threats become more sophisticated, so does the need to safeguard user data," the company said in a statement. "With the launch of post-quantum E2EE, we are doubling down on

The Hacker News

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining

The Hacker News

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between

News ≈ Packet Storm

Linux Maintainers Were Infected For 2 Years By SSH-Dwelling Backdoor With Huge Reach

News ≈ Packet Storm

400,000 Linux Servers Hit By Ebury Botnet

The Hacker News

Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years

A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware campaigns for financial gain. "Ebury actors have been pursuing monetization activities [...],

The Hacker News

Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability

Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. "An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to

The Hacker News

Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel

Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the memory. The exploit, called Native Branch History Injection (BHI), can be used to leak arbitrary kernel memory at 3.5 kB/sec by bypassing existing Spectre v2/BHI mitigations, researchers from Systems and

News ≈ Packet Storm

Major Linux Distributions Impacted By XZ Utils Backdoor

The Hacker News

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

Red Hat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils

News ≈ Packet Storm

Ubuntu Will Manually Review Snap Store After Crypto Wallet Scams

The Hacker News

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by security researcher Skyler Ferrante. It has been described as a case of improper

The Hacker News

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET&nbsp

The Hacker News

Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware

The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence. "AcidPour's expanded capabilities would enable it to better

The Hacker News

Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices

A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne's Juan Andres Guerrero-Saade said in a series of posts on X. "The new variant [...] is an ELF binary compiled for x86 (not MIPS) and while it refers to similar devices/

News ≈ Packet Storm

Never Before Seen Linux Malware Gets Installed Using 1-Day Exploits

News ≈ Packet Storm

Linux Malware Campaign Targets Misconfigured Cloud Servers

The Hacker News

New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion

Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth Sharma said. BIFROSE is one of the long-standing

The Hacker News

GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks

Threat hunters have discovered a new Linux malware called GTPDOOR that’s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications. GPRS roaming allows subscribers to access their GPRS services while they are

The Hacker News

FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks

The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the government said in an updated advisory. "This is likely in response to the ALPHV/BlackCat administrator's

The Hacker News

Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub

An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it easily accessible to other actors at no extra cost. Written in C# and compatible with Windows 10 and Windows 11 operating systems, the open-source RAT comes with a "comprehensive set of features for remote system management," according to its developer, who goes by the name

News ≈ Packet Storm

Critical Vulnerability Affecting Most Linux Distros Allows For Bootkits

News ≈ Packet Storm

Critical Bluetooth Flaw Could Take Over Android, Apple, Linux Devices

News ≈ Packet Storm

Just About Every Windows And Linux Device Vulnerable To New LogoFAIL Firmware Attack

News ≈ Packet Storm

1-Click RCE On GNOME Via libcue

News ≈ Packet Storm

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol

News ≈ Packet Storm

Chinese Hackers Use Never Before Seen Linux Backdoor

News ≈ Packet Storm

Password Stealing Linux Malware Served For 3 Years And No One Noticed

News ≈ Packet Storm

Two New Vulnerabilities Could Affect 40% Of Ubuntu Cloud Workloads

News ≈ Packet Storm

XFS Bug In Linux Kernel 6.3.3 Coincides With SGI Code Comebank

News ≈ Packet Storm

Linux Kernel Logic Allowed Spectre Attack On Major Cloud Provider

Naked Security

Linux gets double-quick double-update to fix kernel Oops!

Linux doesn't BSoD. It has oopses and panics instead. (We show you how to make a kernel module to explore further.)

News ≈ Packet Storm

More Malicious Packages Posted To Online Repository. This Time It's PyPI

Naked Security

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

News ≈ Packet Storm

PyTorch Dependency Poisoned With Malicious Code

Naked Security

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.

Naked Security

S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]

Latest episode - listen now!

Naked Security

“Dirty Pipe” Linux kernel bug lets anyone write to any file

Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.

Naked Security

Linux kernel patches “performance can be harmful” bug in video driver

This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.

Naked Security

“PwnKit” security bug gets you root on most Linux distros – what to do

An elevation of privilege bug that could let a "mostly harmless" user give themselves a instant root shell

Naked Security

S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]

Latest epsiode - listen now!

Naked Security

Serious Security: Linux full-disk encryption bug fixed – patch now!

Imagine if someone who didn't have your password could sneakily modify data that was encrypted with it.