###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/12/29 ~ 2026/1/2 1.重大弱點漏洞/後門/Exploit/Zero Day 中國網路設備製造商Xspeeder旗下SD-WAN設備韌體SXZOS存在滿分零時差漏洞，恐影響全球逾7萬臺主機 https://securityonline.info/cve-2025-54322-cvss-10-ai-agents-uncover-critical-zero-day-in-global-networking-gear/ WatchGuard警告Firebox程式碼RCE漏洞已遭到濫用 https://www.ithome.com.tw/news/173049 Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability https://thehackernews.com/2025/12/fortinet-warns-of-active-exploitation.html MongoBleed漏洞已遭實際濫用，CISA要求聯邦民事行政部門機關三週內修補 https://www.ithome.com.tw/news/173111 8.7萬臺MongoDB主機曝露MongoBleed，傳出已有實際漏洞利用活動 https://www.ithome.com.tw/news/173071 電玩遊戲虹彩六號傳出被滲透，駭客大撒幣與隨機封帳，疑利用資安漏洞MongoBleed得逞 https://www.ithome.com.tw/news/173076 New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory https://thehackernews.com/2025/12/new-mongodb-flaw-lets-unauthenticated.html MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide https://thehackernews.com/2025/12/mongodb-vulnerability-cve-2025-14847.html Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection https://thehackernews.com/2025/12/critical-langchain-core-vulnerability.html CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution https://thehackernews.com/2025/12/csa-issues-alert-on-critical.html IBM修補可導致駭客存取系統的API重大漏洞 https://www.ithome.com.tw/news/173130 IBM API Connect存在重大漏洞，攻擊者恐繞過登入機制 https://securityonline.info/cve-2025-13915-critical-9-8-flaw-in-ibm-api-connect-lets-attackers-bypass-login/ Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System https://thehackernews.com/2025/12/ibm-warns-of-critical-api-connect-bug.html UEFI韌體漏洞威脅主流主機板，華碩、技嘉、微星、華擎產品受影響 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12576 多款主機板UEFI實作存在缺陷，開機前恐遭直接記憶體存取攻擊 https://www.ithome.com.tw/news/173102 LLM調度框架LangChain核心元件序列化注入漏洞，可能導致環境變數機密外洩 https://www.ithome.com.tw/news/173052 歐洲高速鐵路公司Eurostar的AI聊天機器人存在缺陷，可透過HTML注入或即時注入觸發 https://hackread.com/eurostar-blackmail-research-report-ai-chatbot-flaw/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 金管會揭露未來4年金融業資安韌性發展藍圖，鼓勵資安納入軟體安全設計、研擬金融業AI系統安防指引、加強導入零信任架構 https://www.ithome.com.tw/news/173100 金融資安韌性發展藍圖 因應 AI、零信任與供應鏈新挑戰 https://www.cio.com.tw/104713/ 金管會發布「金融資安韌性發展藍圖」 強化備援機制因應戰時兵推 https://udn.com/news/story/7239/9235335 普發現金一萬上路兩個月，數發部揭露防範詐騙網站的策略 https://www.ithome.com.tw/news/173113 3.信用卡/電子支付/行動支付/pay/支付系統/資安 北捷 1/3 起開放 QR 乘車碼！17 家業者上線，5 家電子支付捷運、公車通用 https://www.techbang.com/posts/127229-taipei-metro-qr-code-payment-launch 電子支付淪擺看？ 排隊名店只給收現金 他曝有2大原因 https://udn.com/news/story/7266/9234552 別再只刷LINE Pay！2026南韓旅遊支付大洗牌 達人推薦新組合 https://udn.com/news/story/120912/9240792?from=udn-ch1_breaknews-1-0-news 逾半台灣人都在用LINE Pay　為何日本卻收攤？關鍵差異曝光 https://www.mirrormedia.mg/story/20251229edi073 iPhone 一鍵開啟《街口支付、iPASS Money、LINE Pay 乘車碼》捷徑教學 https://applealmond.com/posts/301296 台北捷運閘門感應別刷錯 乘車碼、信用卡不同邊 進站刷不過20大問題整理 你可能是用錯方法 https://www.cool3c.com/article/245503 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 VS Code延伸套件蠕蟲GlassWorm鎖定macOS開發者而來，企圖散布木馬化的加密貨幣錢包 https://www.ithome.com.tw/news/173132 「中亞北韓」數位轉型 土庫曼宣布加密貨幣合法化 https://today.line.me/tw/v3/article/j759qMg 港企豪擲36億元跟風DAT　囤積兩萬粒加密貨幣　今年「見財化水」 https://www.hk01.com/article/60308197?utm_source=01articlecopy&utm_medium=referral 西方制裁斷金流 伊朗擬透過加密貨幣賣武器 https://ec.ltn.com.tw/article/breakingnews/5296879 高雄警投資加密貨幣慘賠負債400萬 網路發文渲洩 https://reurl.cc/R9Q5jn 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC NPM供應鏈蠕蟲Shai Hulud新變種現身 https://www.ithome.com.tw/news/173123 勒索軟體Everest公布聲稱是來自華碩的1 TB敏感資料 https://hackread.com/everest-ransomware-asus-data-leak/ 駭客利用網頁應用程式漏洞入侵IIS伺服器，意圖於受害組織植入勒索軟體Warlock https://gbhackers.com/windows-event-logs/ 800美元即可買斷ClickFix攻擊服務，套裝工具ErrTraffic可自架後臺分流投遞竊資程式 https://www.ithome.com.tw/news/173114 27個惡意NPM套件透過網釣基礎設施竊取帳密資料 https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html Firefox附加元件遭攻擊行動GhostPoster入侵，用PNG圖示藏惡意JavaScript程式碼 https://www.ithome.com.tw/news/172985 YouTube幽靈網路新攻勢，以Node.js載入器散布Rhadamanthys竊資程式 https://www.ithome.com.tw/news/172972 Chrome延伸套件Trust Wallet傳出遭Shai-Hulud供應鏈攻擊，損失850萬美元 https://thehackernews.com/2025/12/trust-wallet-chrome-extension-hack.html Chrome延伸套件Trust Wallet傳出遭到滲透，用戶數百萬美元資產遭到洗劫 https://gbhackers.com/hackers-compromise-trust-wallet-chrome-extension/ 惡意Maven套件偽裝成知名JSON程式庫Jackson，鎖定Java開發者發動攻擊 https://securityonline.info/prefix-swap-panic-sophisticated-jackson-imposter-infiltrates-maven-central/ 中國駭客透過rootkit程式從事活動，目的是隱匿利用資安漏洞ToneShell的行為 https://www.bleepingcomputer.com/news/security/chinese-state-hackers-use-rootkit-to-hide-toneshell-malware-activity/ 羅馬尼亞能源公司Oltenia遭勒索軟體攻擊，大型發電廠資訊系統停擺 https://securityaffairs.com/186290/cyber-crime/romanias-oltenia-energy-complex-suffers-major-ransomware-attack.html Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html 中國駭客Silver Fox以稅務主題為誘餌，針對印度用戶散布惡意程式Winos 4.0 https://thehackernews.com/2025/12/silver-fox-targets-indian-users-with.html Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware https://thehackernews.com/2025/12/silver-fox-targets-indian-users-with.html 中國駭客Mustang Panda用核心層級Rootkit隱匿後門程式ToneShell活動，以便進行間諜活動 https://www.ithome.com.tw/news/173110 Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor https://thehackernews.com/2025/12/mustang-panda-uses-signed-kernel-driver.html U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware https://thehackernews.com/2025/12/us-treasury-lifts-sanctions-on-three.html RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers https://thehackernews.com/2026/01/rondodox-botnet-exploits-critical.html DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide https://thehackernews.com/2025/12/darkspectre-browser-extension-campaigns.html Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry https://thehackernews.com/2025/12/researchers-spot-modified-shai-hulud.html ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories https://thehackernews.com/2026/01/threatsday-bulletin-ghostad-drain-macos.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 MacSync Stealer偽裝合法App，成功通過macOS Gatekeeper防線 https://www.ithome.com.tw/news/173008 Android 17 在測試原生 APP Lock，告別第三方更安全 https://qooah.com/2025/12/12/android-17-is-testing-native-app-lock-eliminating-third-party-apps-and-enhancing-security/ APP、網購都留痕 陸國安部：數位足跡恐威脅國家安全 https://www.chinatimes.com/realtimenews/20251214001303-260409?chdtv 超過三成 Android 手機有漏洞救不了！專家勸：有這問題就該換機 https://3c.ltn.com.tw/news/64419 ROG Phone 8正式開放Android 16系統升級！多款熱門遊戲設定檔同步追加 https://www.sogi.com.tw/articles/software-update-asus-rog8/6267521 Android惡意程式可全面接管裝置以向使用者勒索 https://www.ithome.com.tw/news/172822 iPhone增強安全提示怎麼開？比國家級警報更準地震預警辨識教學 https://mrmad.com.tw/iphone-earthquake-warning-faster-than-national-alert iPhone 增強安全提示沒出現怎麼辦？檢查完整設定，接收超即時地震速報 https://applealmond.com/posts/301120 不再錯過國家警報！iOS 26.2「增強安全提示」開啟教學一次看懂 https://www.sogi.com.tw/articles/ios-26/6267492 快更新！iOS 26.2「增強安全提示」　搶先國家級警報成保命關鍵 https://www.setn.com/News.aspx?NewsID=1771998 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 QKD量子金鑰分發成為對抗未來量子解密威脅的關鍵技術 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12579 ColdFusion聖誕假期攻擊潮，兩個來源IP位址系統性掃描十多個已知漏洞 https://www.ithome.com.tw/news/173074 文字編輯器EmEditor官網安裝檔遭動手腳，駭客以瀏覽器擴充套件建立持久化 https://www.ithome.com.tw/news/173077 攻擊行動Operation PCPcat鎖定Next.js應用程式而來，近6萬臺伺服器被入侵 https://www.ithome.com.tw/news/173083 歐洲太空總署證實外部伺服器被駭，機密資料未外洩 https://www.ithome.com.tw/news/173107 飛宏科技網站代管公司遭DDoS攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=174649&SPOKE_DATE=20251231&COMPANY_ID=2457 聯合19國執法單位，國際刑警組織大舉查緝非洲網路犯罪組織 https://www.ithome.com.tw/news/173115 19國執法單位圍剿非洲網路犯罪集團，逮捕逾570人、追回300萬美元 https://www.darkreading.com/threat-intelligence/operation-sentinel-african-cybercrime-syndicates 台灣是React2Shell 攻擊密度最高地區之一！中國駭客組織與勒索軟體集團積極利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12568 針對北韓IT工作者誘騙開發人員成為應徵遠距工作的幫兇，資安公司聯手透過沙箱解密相關行為 https://www.ithome.com.tw/news/173121 伊朗駭客Prince of Persia鎖定伊拉克、土耳其、印度、歐洲及加拿大人士長期監控 https://www.darkreading.com/threat-intelligence/iran-apt-spying-dissidents ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories https://thehackernews.com/2025/12/threatsday-bulletin-stealth-loaders-ai.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 針對酷澎資料外洩事故，協助駭客犯案的前員工傳出企圖將筆電丟入河裡滅證 https://gbhackers.com/hacker-dumped-macbook-in-river-to-destroy-digital-evidence/ 針對3,370萬名用戶資料外洩，酷澎將賠償11.7億美元 https://www.ithome.com.tw/news/173094 針對大規模資料外洩事故，酷澎宣布將賠償11.7億美元 https://www.bleepingcomputer.com/news/security/coupang-to-split-117-billion-among-337-million-data-breach-victims/ 美知名會計師事務所Sax坦承2024年網攻事件 外洩23萬人資料 https://www.ithome.com.tw/news/173128 密碼管理公司LastPass資料外洩影響延燒迄今，俄羅斯駭客疑竊取2,800萬美元 https://www.ithome.com.tw/news/173089 針對密碼管理公司LastPass資料外洩事故，有資安公司指出俄羅斯駭客涉嫌重大 https://securityaffairs.com/186191/digital-id/stolen-lastpass-backups-enable-crypto-theft-through-2025.html 中國駭客組織Evasive Panda透過AiTM網釣與DNS中毒，對土耳其、中國、印度散布惡意軟體 https://www.ithome.com.tw/news/173085 勒索軟體Everest駭客宣稱入侵美國汽車大廠克萊斯勒，從Salesforce等內部系統竊得1 TB資料 https://www.ithome.com.tw/news/173067 QR Code釣魚鎖定Android平臺，偽物流App載入DocSwap遠端存取木馬 https://www.ithome.com.tw/news/172970 韓亞、大韓航空遭駭，外洩數萬員工資料 https://www.ithome.com.tw/news/173106 駭客聲稱竊得Wired資料庫，洩露230萬筆記錄 https://www.ithome.com.tw/news/173072 全球逾3千個企業組織遭鎖定，駭客以Google相關誘餌從事網釣 https://hackread.com/google-phishing-3000-global-organisations/ 前Coinbase客服專員傳出被捕，起因是協助駭客竊取客戶敏感資訊 https://www.bleepingcomputer.com/news/security/former-coinbase-support-agent-arrested-for-helping-hackers/ 韓國航空傳出資料外洩，起因是餐飲及免稅供應商KC&D遭駭 https://securityaffairs.com/186275/data-breach/korean-air-discloses-data-breach-after-the-hack-of-its-catering-and-duty-free-supplier.html 鳳凰城大學公布Oracle EBS遭駭事件調查結果．350萬人資料恐外流 https://www.ithome.com.tw/news/173000 LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html 27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign https://thehackernews.com/2026/01/cybercriminals-abuse-google-cloud-email.html E.研究報告/工具 2025網路攻擊、服務中斷與流量變化趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12565 Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors https://thehackernews.com/2025/12/traditional-security-frameworks-leave.html How to Integrate AI into Modern SOC Workflows https://thehackernews.com/2025/12/how-to-integrate-ai-into-modern-soc.html The ROI Problem in Attack Surface Management https://thehackernews.com/2026/01/the-roi-problem-in-attack-surface.html How To Browse Faster and Get More Done Using Adapt Browser https://thehackernews.com/2026/01/how-to-browse-fast-using-a-lightweight-browser.html F.商業 .NET 10統一建置架構，加快安全修補與版本發布節奏 https://www.ithome.com.tw/news/172533 Google在臺解析Passkey技術新進展，展示Credential Manager強化功能，降低開發者導入門檻 https://www.ithome.com.tw/news/173007 安碁設立AI專責管理單位，投入生成式AI應用研發 https://www.ithome.com.tw/news/173065 G.政府 立院三讀通過《人工智慧基本法》 資安與安全列入七大治理原則 國科會任主管機關 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12583 對抗提示詞注入與資源耗盡攻擊 資策會 AI 弱掃工具模擬駭客手法揪漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12584 中華電信完成內部憑證治理重整工作並取得第三方稽核，已申請重返Chrome信任清單 https://www.ithome.com.tw/news/173131 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html AI導入OT環境面臨信任與安全多重挑戰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12566 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Vibe Coding 從零到一｜初學者全方位工作坊 2026/1/3 https://www.accupass.com/event/2512141838378429172550 import friends as net：PyData Taipei線上快閃交流會 2026/1/4 https://www.meetup.com/pydata-taipei/events/312533030/ WordPress Meetup, WordCamp and WordCamp Asia 2026/1/6 https://www.meetup.com/wordpress-meetup-shenzhen/events/312249456/ Stop the Identity Kill Chain: A Practical Guide to ITDR 2026/1/6 https://www.meetup.com/manageengine-philippines-events/events/312537489/ How to Build a Side Hustle with AI in One Weekend 2026/1/6 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/312419356/ ONLINE 🌟 Beyond Chat GPT: 3 game-changing ways to use AI at work 2026/1/7 https://www.meetup.com/le-wagon-tokyo-coding-station/events/312469904/ 資安合規新戰略：打造企業韌性與市場信任力 2026/1/8 https://www.accupass.com/event/2512081211582038790895 [ONLINE] EE Business Networking (free!) 2026/1/10 https://www.meetup.com/cebu-business-networking/events/311722742/ HITCON GIRLS 2026 Workshop 2026/1/11 https://hitcon.kktix.cc/events/hg2026workshop How to Build AI-Native Skills For Your Career in 2026 2026/1/13 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/312348357/ Hijacking an organization in 30 minutes with nothing but PowerShell 2026/1/13 https://www.meetup.com/manageengine-philippines-events/events/312547243/ PostgreSQL 資安强化：EDB PROFILE 全面防護解析 2026/1/14 https://www.accupass.com/event/2512050132341718367973 數位防線的投資視角：資安產業的機會與挑戰 2026/1/14 https://www.accupass.com/event/2512170934233426425920 AI Engineers Weekly Social 2026/1/14 https://www.meetup.com/ai-engineers-in-taiwan/events/312537055/ Active Directory made accessible - 4 self-service features for everyday users 2026/1/15 https://www.meetup.com/manageengine-hong-kong-events/events/312547604/ The AI-powered SDLC: Design, delivery and digital operations 2026/1/16 https://www.meetup.com/tech-talks-by-thoughtworks-vietnam/events/312469910/ Design in the Age of AI: Lessons from 2025, Signals for 2026 2026/1/18 https://www.meetup.com/tokyo-design-career/events/312550455/ How to Strategize and Execute Your Job Search with ChatGPT in One Hour 2026/1/20 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/312232017/ Auditing permission and object changes that put you at risk 2026/1/22 https://www.meetup.com/manageengine-philippines-events/events/312560182/ [On-Line] AWS Global Community Gatherings #15 2026/1/23 https://www.meetup.com/awsglobalcommunitygatherings/events/311684318/ 用積木學 Scrum - 台中敏捷社群推廣活動 2026/1/31 https://www.accupass.com/event/2512021357487819263820 AI資安新戰場 企業超前部屬防駭 免費體驗 2026/2/11 https://www.accupass.com/event/2502110717236228411690 DEVCORE CONFERENCE 2026 2026/3/14 https://devcore.kktix.cc/events/devcoreconf2026