資安事件新聞週報 2025/9/29 ~ 2025/10/3

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/9/29 ~ 2025/10/3 1.重大弱點漏洞/後門/Exploit/Zero Day SonicWall SMA 100系列緊急更新清除越界rootkit惡意程式 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12276 Palo Alto Networks防火牆滿分漏洞傳出有人進行大規模掃描 https://gbhackers.com/hackers-actively-probe-palo-alto-pan-os-globalprotect-vulnerability/ 思科ASA防火牆遭零時差漏洞攻擊，駭客以此部署惡意程式RayInitiator、Line Viper https://thehackernews.com/2025/09/cisco-asa-firewall-zero-day-exploits.html Cisco ASA防火牆遭零日攻擊：駭客部署 RayInitiator 與LINE VIPER惡意軟體 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12282 Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive https://thehackernews.com/2025/09/urgent-cisco-asa-zero-day-duo-under.html Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware https://thehackernews.com/2025/09/cisco-asa-firewall-zero-day-exploits.html VMware修補Aria Operations、VMware Tools權限提升漏洞，中國駭客從一年前用於零時差攻擊 https://www.ithome.com.tw/news/171454 Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 https://thehackernews.com/2025/09/urgent-china-linked-hackers-exploit-new.html Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure https://thehackernews.com/2025/09/fortra-goanywhere-cvss-10-flaw.html New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module https://thehackernews.com/2025/09/new-macos-xcsset-variant-targets.html CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.html CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild https://thehackernews.com/2025/10/cisa-flags-meteobridge-cve-2025-4008.html Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover https://thehackernews.com/2025/10/critical-red-hat-openshift-ai-flaw.html Red Hat OpenShift AI存在近滿分漏洞，恐導致混合雲基礎設施遭挾持 https://www.ithome.com.tw/news/171476 ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More https://thehackernews.com/2025/10/threatsday-bulletin-carplay-exploit.html Google修補Gemini工具3漏洞，串連攻擊可致敏感資訊外洩 https://www.ithome.com.tw/news/171468 今年6月修補的Sudo重大漏洞，美國指出已被用於實際攻擊 https://www.ithome.com.tw/news/171462 美國聯邦機構未及時修補遭GeoServer已知漏洞攻擊，駭客試圖上傳中國菜刀及各式作案工具 https://www.ithome.com.tw/news/171407 駭客聲稱掌握Veeam備份軟體的RCE漏洞，在暗網開價7千美元兜售 https://gbhackers.com/veeam-rce-exploit/ Salesforce修補AI代理平臺重大漏洞ForcedLeak https://www.ithome.com.tw/news/171406 2.銀行/金融/保險/證券/金融監理新聞及資安 KnowBe4 最新報告揭露：全球金融業正面臨前所未有的資安威脅激增 https://www.ithome.com.tw/pr/171441 黃彥男轉戰「AI金融科技協會」榮譽顧問　推動阻詐防騙創全民財富 https://finance.ettoday.net/news/3043785 從資安到合規：台灣金融業安全導入穩定幣與鏈上結算的必經之路 https://www.ctee.com.tw/news/20250918700139-439901 關於2025金融資安Anti-DDoS演練，身為資安廠商執行長的探討 https://www.ithome.com.tw/pr/171452 New Android Banking Trojan "Klopatra" Uses Hidden VNC to Control Infected Smartphones https://thehackernews.com/2025/10/new-android-banking-trojan-klopatra.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安電子支付同業公會成立智冠旗下「簡單行動支付」任首屆理事 https://reurl.cc/0WN8jb 電子支付公會成立，理事長：滲透率九成指日可待 https://technews.tw/2025/10/01/electronic-payment-business-association/ LINE Pay 攜樂天衝跨境行動支付 https://money.udn.com/money/story/5710/9046661 藍新集團旗下簡單行動支付獲選公會首屆理事年底推全新收款服務 https://m.cnyes.com/news/id/6174724 TBCASoft攜手香港八達通擴大無痛支付生態圈 https://ec.ltn.com.tw/article/breakingnews/5199586 LINE Pay續推進跨境支付拓展至韓國樂天娛樂事業 https://www.ttv.com.tw/finance/view/102025021334078E6ED94B064438958C5117C34831C8FD14/587 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 U.K. Police Just Seized £5.5 Billion in Bitcoin — The World's Largest Crypto Bust https://thehackernews.com/2025/09/uk-police-just-seized-55-billion-in.html Samsung Wallet整合Coinbase One，擴大美國數百萬用戶對加密貨幣的訪問 https://m.cnyes.com/news/id/6177840 TOKEN2049星登場聚焦加密貨幣發展 https://www.cna.com.tw/video/foreign/4350321 未來支付新藍圖，當加密貨幣與 AI 代理攜手改變商務模式 https://technews.tw/2025/10/03/companies-are-rushing-to-build-crypto-powered-ai-agents/ 芝商所CME進軍24/7加密貨幣期貨、選擇權交易，預計2026年推出 https://www.blocktempo.com/cme-crypto-247-trading-2026/ 加密貨幣誕生了多少百萬富翁？「這一幣種」富豪最多 https://reurl.cc/qYejgN 歷經夏季狂熱，加密貨幣「囤幣」熱潮逐步冷卻 https://reurl.cc/z59je6 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Akira勒索軟體攻擊行動突破SonicWall防火牆MFA防護 https://www.ithome.com.tw/news/171413 LockBit 5.0勒索軟體現身跨平台攻擊能力再升級 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12286 勒索軟體LockBit 5.0東山再起，正式針對虛擬化平臺VMware ESXi打造專屬惡意程式 https://www.ithome.com.tw/news/171503 勒索軟體LockBit 5.0東山再起，針對Windows、Linux、VMware ESXi而來 https://www.trendmicro.com/en_us/research/25/i/lockbit-5-targets-windows-linux-esxi.html 勒索軟體駭客Clop聲稱從多家公司的Oracle E-Business Suite系統竊得資料 https://www.bleepingcomputer.com/news/security/clop-extortion-emails-claim-theft-of-oracle-e-business-suite-data/ 中國駭客利用惡意程式PlugX、Bookworm，攻擊亞洲電信業者 https://thehackernews.com/2025/09/china-linked-plugx-and-bookworm-malware.html 惡意MCP伺服器被打包成NPM套件，歹徒意圖藉此竊取電子郵件 https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html 勒索軟體駭客傳出企圖重金收買記者，做為攻擊知名媒體BBC的內應 https://www.bleepingcomputer.com/news/security/ransomware-gang-sought-bbc-reporters-help-in-hacking-media-giant/ New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks https://thehackernews.com/2025/09/new-coldriver-malware-campaign-joins-bo.html China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks https://thehackernews.com/2025/09/china-linked-plugx-and-bookworm-malware.html Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware https://thehackernews.com/2025/10/google-mandiant-probes-new-oracle.html New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT https://thehackernews.com/2025/10/new-cavalry-werewolf-attack-hits.html Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware https://thehackernews.com/2025/10/confucius-hackers-hit-pakistan-with-new.html Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown https://thehackernews.com/2025/10/alert-malicious-pypi-package-soopsocks.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊針對蘋果修補的ASLR資安漏洞，Google揭露洩漏資訊的手法 https://www.ithome.com.tw/news/171435 蘋果針對手機、平板、電腦發布更新，修補字型處理元件漏洞 https://gbhackers.com/apple-font-parser-vulnerability/ 安卓間諜軟體假冒即時通訊軟體Signal及ToTok散布 https://www.bleepingcomputer.com/news/security/android-spyware-campaigns-impersonate-signal-and-totok-messengers/ 安卓惡意軟體Klopatra透過VNC建立駭客存取受害裝置的管道 https://www.bleepingcomputer.com/news/security/android-malware-uses-vnc-to-give-attackers-hands-on-access/ WhatsApp修補鏈結裝置授權缺失，與蘋果ImageIO漏洞可構成零點擊攻擊鏈 https://www.ithome.com.tw/news/171478 針對WhatsApp日前修補的零點擊漏洞，攻擊者可透過惡意DNG檔觸發 https://gbhackers.com/whatsapp-0-click-flaw/ Google開發者驗證新制惹議，安卓第三方市集F-Droid警告恐限縮開源應用 https://www.ithome.com.tw/news/171456 New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events https://thehackernews.com/2025/09/new-android-trojan-datzbro-tricking.html Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro https://thehackernews.com/2025/10/warning-beware-of-android-spyware.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 HITCON Cyber Range × CTF 2025決賽即將登場，攻防論壇同步舉行 https://hitcon.org/2025/CyberRangexCTF/ 為協助Jaguar Land Rover供應鏈恢復運作，英國政府打算提供15億英鎊的貸款擔保 https://www.ithome.com.tw/news/171431 日本啤酒生產商Asahi遭網攻，無法接單、出貨 https://www.ithome.com.tw/news/171419 中國宇樹AI機器人存在資安漏洞UniPwn，攻擊者不僅能完全存取，還能透過藍牙進行自動感染 https://www.ithome.com.tw/news/171436 中央廣播電臺網站被入侵置換橫幅，傳出是內部員工所為 https://www.ithome.com.tw/news/171500 中國駭客Phantom Taurus鎖定外交官、大使館而來，入侵SQL Server收集情報 https://www.ithome.com.tw/news/171460 中國駭客鎖定網路邊緣設備盲點，Brickstorm後門長期潛伏美企 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12283 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全簡訊網釣鎖定比利時而來，挾持路由器犯案 https://www.infosecurity-magazine.com/news/smishing-exploit-cellular-routers/ 間接提示注入攻擊鎖定Salesforce！ForcedLeak漏洞可竊取敏感客戶資料 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12285 Red Hat傳出GitLab平臺遭到入侵，恐洩露客戶網路環境相關資料 https://www.ithome.com.tw/news/171502 網釣工具MatrixPDF能將PDF檔案轉換成互動式誘餌，繞過郵件安全防護措施將使用者導向釣魚網站 https://www.bleepingcomputer.com/news/security/new-matrixpdf-toolkit-turns-pdfs-into-phishing-and-malware-lures/ 身分識別及管理平臺OneLogin存在高風險漏洞，攻擊者可透過API金鑰竊取OpenID Connect機密，並冒充應用程式 https://thehackernews.com/2025/10/onelogin-bug-let-attackers-use-api-keys.html 西捷航空資料外洩，證實120萬旅客護照等資料外流 https://www.ithome.com.tw/news/171474 勒索軟體Medusa聲稱大型電信業者Comcast資料外洩，索討120萬美元贖金 https://hackread.com/medusa-ransomware-comcast-data-breach/ 英國哈洛德百貨再被駭，43萬名客戶個資外洩 https://www.ithome.com.tw/news/171418 人資廠商Miljödata遭勒索攻擊，Volvo集團北美員工個資遭外流 https://www.ithome.com.tw/news/171402 駭客組織Vane Viper產生1兆次DNS查詢，掩蓋惡意軟體及廣告詐欺活動 https://thehackernews.com/2025/09/vane-viper-generates-1-trillion-dns.html 安聯人壽7月資料外洩事故調查結果出爐，近150萬人受到影響 https://www.bleepingcomputer.com/news/security/allianz-life-says-july-data-breach-impacts-15-million-people/ Researchers Expose Phishing Threats Distributing CountLoader and PureRAT https://thehackernews.com/2025/09/researchers-expose-svg-and-purerat.html Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security https://thehackernews.com/2025/09/microsoft-flags-ai-driven-phishing-llm.html First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html Hackers Exploit Milesight Routers to Send Phishing SMS to European Users https://thehackernews.com/2025/10/hackers-exploit-milesight-routers-to.html E.研究報告/工具物理AI發展潛力無窮，「具身AI」資安強化將成為IT重大議題 https://www.ithome.com.tw/news/171293 Crash Tests for Security: Why BAS Is Proof of Defense, Not Assumptions https://thehackernews.com/2025/09/crash-tests-for-security-why-bas-is.html The State of AI in the SOC 2025 - Insights from Recent Study https://thehackernews.com/2025/09/the-state-of-ai-in-soc-2025-insights.html Stop Alert Chaos: Context Is the Key to Effective Incident Response https://thehackernews.com/2025/09/stop-alert-chaos-context-is-key-to.html Evolving Enterprise Defense to Secure the Modern AI Supply Chain https://thehackernews.com/2025/09/evolving-enterprise-defense-to-secure.html 2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising https://thehackernews.com/2025/10/2025-cybersecurity-reality-check.html Automating Pentest Delivery: 7 Key Workflows for Maximum Impact https://thehackernews.com/2025/10/automating-pentest-delivery-7-key.html How to Close Threat Detection Gaps: Your SOC's Action Plan https://thehackernews.com/2025/10/how-to-close-threat-detection-gaps-your.html 新攻擊WireTap側錄DDR4復原SGX私鑰，動搖Intel遠端稽核可信度 https://www.ithome.com.tw/news/171482 New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer https://thehackernews.com/2025/10/new-wiretap-attack-extracts-intel-sgx.html OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps https://thehackernews.com/2025/10/onelogin-bug-let-attackers-use-api-keys.html F.商業三大資安廠商退出MITRE評測 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12271 微軟、Palo Alto Networks、SentinelOne宣布退出MITRE資安評測，引發外界質疑測試機制失焦 https://www.ithome.com.tw/news/171408 Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security https://thehackernews.com/2025/10/product-walkthrough-how-passwork-7.html Gartner：預防式資安將主導2030年半數安全支出 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12272 安全湖倉結合AI代理，Databricks推出企業即時防禦平臺 https://www.ithome.com.tw/news/171473 Google發布Genkit Go，開發者可透過型別安全Flow函式，封裝AI打造智慧應用 https://www.ithome.com.tw/news/171188 微軟宣布電腦版及網頁版收信軟體Outlook將導入新措施，不再顯示信件內文當中的SVG圖片 https://www.bleepingcomputer.com/news/security/microsoft-outlook-stops-displaying-inline-svg-images-used-in-attacks/ G.政府從資安光譜揭露臺灣數位威脅的全貌 https://www.ithome.com.tw/news/171442 資安戰情牆現形：資安院《資安週報》揭示國土防禦新視野 https://www.ithome.com.tw/news/171439 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安西門子SIMATIC PCS neo工控平臺曝高風險漏洞，恐致遠端程式碼執行與當機 https://www.ithome.com.tw/news/171175 工業物聯網資安新走向　AI協同保障營運韌性 https://netadmin.com.tw/netadmin/zh-tw/viewpoint/C29DC4774ADA4D708B58B8CE118ADF7D Wiliot與沃爾瑪合作、藉環境IoT與AI改造零售供應鏈 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=78121e08-bcbd-43ad-af68-c4dd7be98bbe 神盾衛星參展國防工業展　秀次世代衛星物聯網解決方案 https://finance.ettoday.net/news/3035636 研華結盟高通旗下 Edge Impulse 推動邊緣 AI 快速開發新體驗 https://udn.com/news/story/7240/9047988 平台整合引領IIoT資安　跨越邊界強化營運韌性 https://www.netadmin.com.tw/netadmin/zh-tw/trend/DBF3D3AAC19F455AA535C7566336424A 善用AI守護隧道安全綠捷能攜手華碩打造智慧偵測系統 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000734001_KAK1YR8AL6Z62C2A3W542 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Coffee & Code || Tech & Tea 2025/10/4 https://www.meetup.com/innovate-taiwan/events/311236893/ AI Engineers Weekly Taipei 2025/10/4 https://www.meetup.com/ai-engineers-in-taiwan/events/311221272/ Monthly WasmEdge Community Meeting, the runtime for LLM/AGI 2025/10/7 https://www.meetup.com/wasm-rust-meetup/events/310831771/ WordPress 彩虹小聚｜遠距工作 - 從台灣到全球：如何成為跨國遠距團隊的關鍵人才 2025/10/8 https://www.meetup.com/taipei-wordpress/events/311084899/ AI賦能工作術：打造高效工作的數位工具實戰 2025/10/9 https://www.accupass.com/event/2509220640331297833950 智慧船舶與科技大潮：AI驅動、資安守護、永續前行 2025/10/9 https://www.accupass.com/event/2509160611022104098623 PTHK#41: Vibe Coding or Hype Coding? Let’s Try It Together! 2025/10/9 https://www.meetup.com/producttank-hong-kong/events/310941723/ MaiCoin 小學堂-進階版 2025/10/12 https://www.accupass.com/event/2509261134232146650654 AI AGENT 崛起資安攻防的應用及治理 2025/10/14 https://www.accupass.com/event/2509251300466102227370 Revolutionizing Business Growth: The Monthly Website Acquisitions Forum 2025/10/15 https://www.meetup.com/nomads-entrepreneurs-community/events/305968912/ PostgreSQL 資安升級指南：解析 EDB 的 TDE 加密技術 2025/10/15 https://www.accupass.com/event/2508270912454412964680 AI 導入關鍵藍圖：用 Google Workspace 打造企業第二成長引擎 2025/10/16 https://www.accupass.com/event/2509010239149102951450 HITCON 菁英人才培育Ｘ攻防論壇 2025/10/17 ~ 2025/10/18 https://hitcon.kktix.cc/events/hitcon-forum-2025 #141 Speaker: Mark Louie F. Ramos, PhD, Health Policy and Admin, Penn State 2025/10/18 https://www.meetup.com/r-user-group-philippines/events/307873713/ Bridging Models, Prompts, and Agents: The Future of AI Apps in Azure AI Foundry 2025/10/18 https://www.meetup.com/cloud-experts-group/events/311125226/ Scrum Bricks Workshop｜積木 Scrum 體驗營 2025/10/18 https://www.accupass.com/event/2508311255041428913730 AI 破浪者論壇︱駕馭未來職場新賽局－新北有課 UKO X Yourator 2025/10/18 https://www.accupass.com/event/2508181019567712755010 資安講座：網站不再被DDOS，就等這一場 2025/10/21 https://www.accupass.com/event/2508290706271662815486 Elastic Security 攻防解析：AI 時代的威脅獵捕新戰法 2025/10/22 https://www.accupass.com/event/2509160743349781667840 趨勢科技一日遊 2025/10/22 https://hackersir.kktix.cc/events/2fc3c79e 從RED-DA到CRA 產品資安合規攻略 2025/10/23 https://www.accupass.com/event/2509090956311767741406 [On-Line] AWS Global Community Gatherings #12 2025/10/24 https://www.meetup.com/awsglobalcommunitygatherings/events/310622465/ AI智慧化流程與管理應用專業人員班 2025/11/12 https://www.accupass.com/event/2509120400472009022575 DQS 年度論壇：迎接全球化，AI 驅動下的供應鏈韌性 2025/11/14 https://www.accupass.com/event/2509250347388679111730