###### tags: `資安事件新聞週報` # 資安事件新聞週報 2026/1/5 ~ 2026/1/9 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet示警5年前FortiOS雙因素認證繞過漏洞仍遭駭客積極利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12586 Fortinet防火牆軟體5年前漏洞還有上萬裝置未修補，臺灣曝險程度為全球第二 https://www.ithome.com.tw/news/173148 駭客利用React2Shell並攻擊網頁應用程式防火牆FortiWeb，運用Sliver框架建立C2通道 https://www.ithome.com.tw/news/173232 中國駭客利用遭到入侵的SonicWall SSL VPN設備，散布VMware零時差漏洞利用工具包 https://www.bleepingcomputer.com/news/security/vmware-esxi-zero-days-likely-exploited-a-year-before-disclosure/ 思科修補網路存取控制平臺ISE資安漏洞，並表示已有概念驗證程式碼出現，恐將被用於實際攻擊 https://www.ithome.com.tw/news/173256 Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release https://thehackernews.com/2026/01/cisco-patches-ise-security.html Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html 工作流程自動化平臺n8n爆滿分漏洞Ni8mare，攻擊者可藉表單流程存取底層檔案 https://www.ithome.com.tw/news/173235 工作流程自動化平臺n8n曝9.9分重大漏洞N8scape，成功利用恐波及整體執行環境安全 https://www.ithome.com.tw/news/173236 工作流程自動化工具n8n出現近滿分重大漏洞N8scape，取得權限的攻擊者可竄改工作流程 https://thehackernews.com/2026/01/new-n8n-vulnerability-99-cvss-lets.html New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands https://thehackernews.com/2026/01/new-n8n-vulnerability-99-cvss-lets.html n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions https://thehackernews.com/2026/01/n8n-warns-of-cvss-100-rce-vulnerability.html Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers https://thehackernews.com/2026/01/critical-adonisjs-bodyparser-flaw-cvss.html Veeam發布備份軟體更新，修補高風險RCE與權限提升漏洞 https://securityonline.info/veeam-patches-critical-rce-flaws-in-latest-backup-replication-release/ Veeam揭露旗下v13版備份軟體重大風險，須盡速更新修補漏洞 https://www.ithome.com.tw/news/173233 Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication https://thehackernews.com/2026/01/veeam-patches-critical-rce.html Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances https://thehackernews.com/2026/01/coolify-discloses-11-critical-flaws.html CISA警告HPE OneVew重大層級漏洞已被用於實際攻擊 https://www.bleepingcomputer.com/news/security/cisa-tags-max-severity-hpe-oneview-flaw-as-actively-exploited/ CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited https://thehackernews.com/2026/01/cisa-flags-microsoft-office-and-hpe.html CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024 https://thehackernews.com/2026/01/cisa-retires-10-emergency-cybersecurity.html Google修補Chrome高風險漏洞，WebView安全缺陷恐遭濫用 https://www.ithome.com.tw/news/173190 Gemini Enterprise存在可外洩企業資料的零點擊漏洞GeminiJack https://www.ithome.com.tw/news/172754 2.銀行/金融/保險/證券/金融監理 新聞及資安 WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging https://thehackernews.com/2026/01/whatsapp-worm-spreads-astaroth-banking.html 康和證券集團擴大 ISO 27001:2022驗證範圍 集團資安治理創新猷 https://udn.com/news/story/7239/9254169 智慧金融轉型、應用與生態系重組 https://finance.technews.tw/2026/01/06/smart-finance-transformation-application-and-ecosystem-restructuring/ 資安長恐成橡皮圖章？　林楚茵促專業化門檻、透明化 https://n.yam.com/Article/20260107791206 銀行到虛擬資產，刑事局、遠東銀行啟動警、銀、VASP跨域聯防 https://www.npa.gov.tw/ch/app/news/view?module=news&id=2139&serno=f88f4774-764d-4375-b8b9-7573c345d48c 紐約梅隆銀行推出代幣化存款服務，支持客戶通過區塊鏈轉移資金 https://m.cnyes.com/news/id/6305920 3.信用卡/電子支付/行動支付/pay/支付系統/資安 商家苦於手續費 民眾憂心資安 行動支付普及的雙重阻礙 https://reurl.cc/k82kOd 超商行動支付再多一選擇！LINE Pay Money支援7-11帳戶餘額付款 https://www.sogi.com.tw/articles/line-pay-money/6267580 台鐵開放掃碼搭車! 明起「9家行動支付」適用 1間先暫停 https://reurl.cc/Abapjj 計程車司機狂讚「中國行動支付」！下秒八炯想Apple pay　被打槍傻眼 https://www.setn.com/News.aspx?NewsID=1778011&Area=8 綠界攜手三大支付回饋 10%！共組首個跨流量「Cashback 返多多」平台 https://finance.technews.tw/2026/01/08/cashback-raas/ 臺北捷運閘門重置完成 115年1月3日起使用QR乘車碼可搭乘捷運及公車 https://www.metro.taipei/News_Content.aspx?n=30CCEFD2A45592BF&sms=72544237BBE4C5F6&s=06F5D788D1C16939 LINE Pay Money開通教學！優惠、轉帳、提領方式...19銀行合作，LINE Pay錢包餘額移轉攻略 https://www.businesstoday.com.tw/article/category/183030/post/202512020021/ 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 加密貨幣錢包Trust Wallet的Chrome延伸套件遭駭，起因是開發環境遭Shai-Hulud供應鏈攻擊釀禍 https://www.ithome.com.tw/news/173217 Chrome擴充套件Trust Wallet 2.68遭植入惡意程式碼，用戶約7百萬美元資產遭到洗劫 https://www.ithome.com.tw/news/173096 Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack https://thehackernews.com/2025/12/trust-wallet-chrome-extension-hack.html BitMEX 報告：加密貨幣永續合約進入「後收益時代」 https://www.blocktempo.com/bitmex-report-crypto-perpetual/ 伊朗全國斷網，但人民在使勁各種方法用加密貨幣 https://www.blocktempo.com/iran-nationwide-internet-blackout-citizens-use-crypto-workarounds/ 2026年在還吵「穩定幣是悠遊卡」，台灣守舊派還要講多少幹話 https://www.blocktempo.com/taiwan-stablecoin-easycard-myth-2026-conservative-misinformation-debunked/ Bybit 2026年加密貨幣展望對加密貨幣四年週期理論發起挑戰 https://money.udn.com/money/story/123828/9255788 Bernstein 點名四檔加密貨幣與 Fintech 概念股：2026 年請逢低買入 https://abmedia.io/bernstein-crypto-markets-bottomed-buy-the-dip 2025年加密VC投資動態：資金流向何方 https://news.cnyes.com/news/id/6304303 Visa 加密負責人：2026 加密貨幣與 AI 的八大演進方向 https://www.blocktempo.com/visa-crypto-leader-2026-outlook-crypto-ai-evolution/ 加速擁抱加密貨幣！摩根士丹利 2026 下半年擬推出數位錢包 https://news.cnyes.com/news/id/6305149 摩根士丹利閃電出擊！繼比特幣、 Solana 後，正式申請以太幣現貨 ETF https://blockcast.it/2026/01/08/morgan-stanley-proposed-spot-ethereum-etf-after-bitcoin-and-solana-filings/ 佛羅里達重啟「戰略加密貨幣儲備」提案！擬用 10% 州公共資金購買比特幣 https://www.blocktempo.com/florida-bitcoin-reserve/ 川普家族加密企業 WLF擬設銀行 跨足穩定幣發行與託管 https://reurl.cc/4bOqjv 美國逮捕馬杜洛背後：委內瑞拉 600 億美元比特幣儲備牽動全球金融霸權 https://www.inside.com.tw/article/40442-finance-and-bitcoin-reserve 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 造紙大廠榮成遭勒索軟體攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=170313&SPOKE_DATE=20260102&COMPANY_ID=1909 2025 年共有 306 個勒索軟體組織處於活躍狀態 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12596 兩款惡意Chrome擴充套件洩漏ChatGPT與DeepSeek對話內容，累計安裝超過90萬次 https://www.ithome.com.tw/news/173222 針對電子零件製造商信邦遭網攻，勒索軟體DragonForce聲稱是他們所為 https://www.ithome.com.tw/news/173247 惡意軟體下載及加殼工具CloudEyE感染全球逾10萬用戶 https://gbhackers.com/cloudeye-maas/ 駭客團體Black Cat架設冒牌Notepad++網站，散布惡意軟體並竊取用戶資料 https://gbhackers.com/fake-notepad-websites/ 巴基斯坦駭客Transparent Tribe鎖定印度政府與學術機構而來，透過LNK檔散布RAT木馬 https://thehackernews.com/2026/01/transparent-tribe-launches-new-rat.html VS Code市集兩擴充套件暗藏惡意程式，恐竊取Wi-Fi密碼與Cookie https://www.ithome.com.tw/news/172772 惡意VS Code擴充套件上架微軟市集，偽裝PNG檔藏匿木馬 https://www.ithome.com.tw/news/172836 供應鏈攻擊瞄準Java生態，套件儲存庫Maven Central出現仿冒Jackson的惡意套件 https://www.ithome.com.tw/news/173092 殭屍網路RondoDox將重大漏洞React2Shell納入武器庫，綁架Next.js應用程式伺服器 https://www.ithome.com.tw/news/173183 中國駭客DarkSpectre鎖定Chrome、Edge，以及Firefox用戶散布惡意軟體，880萬用戶恐曝險 https://www.ithome.com.tw/news/173220 惡意Chrome延伸套件竊取ChatGPT與DeepSeek交談內容，90萬用戶受影響 https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html ChatGPT、Grok公開對話遭濫用，惡意廣告導流散布竊資程式AMOS https://www.ithome.com.tw/news/172823 中國駭客UAT-7290鎖定南亞電信業者而來，透過邊緣裝置散布Linux惡意軟體 https://www.bleepingcomputer.com/news/security/new-china-linked-hackers-breach-telcos-using-edge-device-exploits/ Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages https://thehackernews.com/2026/01/researchers-uncover-nodecordrat-hidden.html China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes https://thehackernews.com/2026/01/china-linked-uat-7290-targets-telecoms.html Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia https://thehackernews.com/2026/01/transparent-tribe-launches-new-rat.html ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories https://thehackernews.com/2026/01/threatsday-bulletin-ghostad-drain-macos.html RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers https://thehackernews.com/2026/01/rondodox-botnet-exploits-critical.html 惡意軟體VVS Stealer鎖定Discord用戶而來，透過經混淆處理的Python程式碼隱匿行蹤 https://thehackernews.com/2026/01/new-vvs-stealer-malware-targets-discord.html New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code https://thehackernews.com/2026/01/new-vvs-stealer-malware-targets-discord.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks https://thehackernews.com/2026/01/kimwolf-android-botnet-infects-over-2.html 殭屍網路Kimwolf勢力擴大，透過代理伺服器服務的網路環境綁架逾200萬臺安卓裝置 https://www.ithome.com.tw/news/173212 Airoha藍牙音訊晶片曝三漏洞，可能讓攻擊者控制耳機並冒充連上手機 https://www.ithome.com.tw/news/173080 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 國安局點名五大中共駭客組織 漏洞武器化攻擊占比逾五成 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12600 中國APT駭客鎖定臺灣五大關鍵基礎設施而來，每日侵擾次數達263萬次 https://www.ithome.com.tw/news/173172 TeamT5公布《2025年亞太地區APT威脅形勢報告》，直指臺灣處於APT威脅巨獸化和生態系化的核心 https://www.ithome.com.tw/news/173160 駭客組織ShinyHunters聲稱駭入資安公司Resecurity，該公司表示遭入侵的其實是蜜罐陷阱 https://www.bleepingcomputer.com/news/security/hackers-claim-resecurity-hack-firm-says-it-was-a-honeypot/ 資安公司Resecurity傳出遭駭，該公司表示駭客掉入了蜜罐陷阱 https://www.ithome.com.tw/news/173181 歐洲高鐵業者Eurostar AI客服曝4弱點，護欄繞過衍生提示注入與跨網站指令碼風險 https://www.ithome.com.tw/news/173097 PS5 BootROM金鑰疑外流，既有主機難靠更新根除風險 https://www.ithome.com.tw/news/173161 ChatGPT Atlas代理模式更新，引入對抗式訓練防提示詞注入攻擊 https://www.ithome.com.tw/news/173028 針對去年連續攻擊臺灣大型醫療機構的勒索軟體CrazyHunter，資安公司Trellix公布其迴避偵測手法 https://www.trellix.com/blogs/research/the-ghost-in-the-machine-crazyhunters-stealth-tactics/ 英國車廠Jaguar Land Rover銷售下滑43%，網路攻擊事故是主因 https://www.ithome.com.tw/news/173227 React2Shell 漏洞攻擊再升級　RondoDox 殭屍網路大規模掃描全球 9 萬台伺服器 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12601 當 AI 成為駭客武器：Symantec 警告 2026 將迎來「攻擊量爆發」時代 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12591 NIST公布CSF延伸AI專屬網路安全框架，協助組織因應AI資安風險 https://www.ithome.com.tw/news/173138 俄羅斯駭客以假藍色當機畫面發動ClickFix攻擊，鎖定旅館業者而來 https://www.ithome.com.tw/news/173215 中國駭客Salt Typhoon傳出入侵美眾議院郵件系統，鎖定參與國安事務的委員會從事網路間諜活動 https://gbhackers.com/email-systems-breach/ ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories https://thehackernews.com/2026/01/threatsday-bulletin-rustfs-flaw-iranian.html Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government https://thehackernews.com/2026/01/russia-aligned-hackers-abuse-viber-to.html Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act https://thehackernews.com/2026/01/bitfinex-hack-convict-ilya-lichtenstein.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 釣魚郵件改以HTML表格繪製QR Code，目的是規避相關手法的偵測機制 https://www.ithome.com.tw/news/173245NPM 被當成釣魚基礎設施，27個惡意套件鎖定企業帳密 https://www.ithome.com.tw/news/173224 東京FM電臺證實外部雲端服務洩露部分用戶個資 https://www.ithome.com.tw/news/173196 FBI警告冒牌DocuSign登入網站的大規模網釣活動 https://gbhackers.com/fake-docusign-login/ NordVPN開發商否認系統被駭，並未外洩Salesforce憑證資料 https://www.ithome.com.tw/news/173173 針對2024年網攻事件，美知名會計師事務所Sax坦承外洩23萬人資料 https://www.ithome.com.tw/news/173128 結合藍色當機畫面的ClickFix網釣再度出現，駭客以此攻擊旅館業者 https://www.bleepingcomputer.com/news/security/clickfix-attack-uses-fake-windows-bsod-screens-to-push-malware/ 駭客聲稱握有數十家企業的內部資料，疑透過員工電腦入侵雲端檔案共用環境而得逞 https://www.bleepingcomputer.com/news/security/cloud-file-sharing-sites-targeted-for-corporate-data-theft-attacks/ Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing https://thehackernews.com/2026/01/microsoft-warns-misconfigured-email.html FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing https://thehackernews.com/2026/01/fbi-warns-north-korean-hackers-using.html Google Cloud的電子郵件功能遭濫用於多階段網釣活動 https://thehackernews.com/2026/01/cybercriminals-abuse-google-cloud-email.html Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign https://thehackernews.com/2026/01/cybercriminals-abuse-google-cloud-email.html E.研究報告/工具 AI 2.0 時代的資安治理：BSI國際標準管理年會聚焦「數位信任價值鏈」與「人才賦能」 https://www.ithome.com.tw/pr/173163 What is Identity Dark Matter https://thehackernews.com/2026/01/what-is-identity-dark-matter.html 以VS Code為基礎的AI整合開發環境恐面臨建議延伸套件攻擊的風險 https://www.bleepingcomputer.com/news/security/vscode-ide-forks-expose-users-to-recommended-extension-attacks/ VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX https://thehackernews.com/2026/01/vs-code-forks-recommend-missing.html The Future of Cybersecurity Includes Non-Human Employees https://thehackernews.com/2026/01/the-future-of-cybersecurity-includes.html The State of Trusted Open Source https://thehackernews.com/2026/01/the-state-of-trusted-open-source.html Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can't) https://thehackernews.com/2026/01/cybersecurity-predictions-2026-hype-we.html The ROI Problem in Attack Surface Management https://thehackernews.com/2026/01/the-roi-problem-in-attack-surface.html The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations https://thehackernews.com/2026/01/the-state-of-cybersecurity-in-2025key.html F.商業 OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls https://thehackernews.com/2026/01/openai-launches-chatgpt-health-with.html Arm 發布 2026 年七大技術預測　資安優先設計、邊緣 AI、小型語言模型成關鍵趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12594 Palo Alto Networks有意以4億美元買下以色列資安新創Koi Security https://www.ithome.com.tw/news/173234 OpenAI招募與模型安全相關的準備度主管 https://www.ithome.com.tw/news/173070 G.政府 資安院規劃115年資安治理AI化計畫 邀A、B級機關共同研發 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12587 桃國機場巴士跨年看板出現統戰標語，公路局表示是後端廠商遭駭所致 https://www.ithome.com.tw/news/173238 高雄港 5G 智慧貨櫃中心 https://moda.gov.tw/major-policies/reinforce-rural-services/application/18642 數發部政務次長人選出爐，台大資工學院副院長楊佳玲借調出任 https://technews.tw/2026/01/01/moda-deputy-minister/ H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers https://thehackernews.com/2026/01/active-exploitation-hits-legacy-d-link.html Totolink無線訊號強波器重大漏洞，可讓攻擊者完全控制裝置 https://www.ithome.com.tw/news/173231 D-Link已終止支援路由器出現重大層級的零時差漏洞，已被用於實際攻擊 https://www.bleepingcomputer.com/news/security/new-d-link-flaw-in-legacy-dsl-routers-actively-exploited-in-attacks/ D-Link多款停產DSL路由器曝重大漏洞，已出現攻擊利用跡象 https://www.ithome.com.tw/news/173225 CISA針對Whill電動輪椅重大漏洞提出警告，攻擊者恐透過藍牙裝置接管 https://www.ithome.com.tw/news/173182 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 [ONLINE] EE Business Networking (free!) 2026/1/10 https://www.meetup.com/cebu-business-networking/events/311722742/ HITCON GIRLS 2026 Workshop 2026/1/11 https://hitcon.kktix.cc/events/hg2026workshop How to Build AI-Native Skills For Your Career in 2026 2026/1/13 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/312348357/ Hijacking an organization in 30 minutes with nothing but PowerShell 2026/1/13 https://www.meetup.com/manageengine-philippines-events/events/312547243/ PostgreSQL 資安强化：EDB PROFILE 全面防護解析 2026/1/14 https://www.accupass.com/event/2512050132341718367973 數位防線的投資視角：資安產業的機會與挑戰 2026/1/14 https://www.accupass.com/event/2512170934233426425920 AI Engineers Weekly Social 2026/1/14 https://www.meetup.com/ai-engineers-in-taiwan/events/312537055/ Active Directory made accessible - 4 self-service features for everyday users 2026/1/15 https://www.meetup.com/manageengine-hong-kong-events/events/312547604/ The AI-powered SDLC: Design, delivery and digital operations 2026/1/16 https://www.meetup.com/tech-talks-by-thoughtworks-vietnam/events/312469910/ Design in the Age of AI: Lessons from 2025, Signals for 2026 2026/1/18 https://www.meetup.com/tokyo-design-career/events/312550455/ How to Strategize and Execute Your Job Search with ChatGPT in One Hour 2026/1/20 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/312232017/ Auditing permission and object changes that put you at risk 2026/1/22 https://www.meetup.com/manageengine-philippines-events/events/312560182/ [On-Line] AWS Global Community Gatherings #15 2026/1/23 https://www.meetup.com/awsglobalcommunitygatherings/events/311684318/ 用積木學 Scrum - 台中敏捷社群推廣活動 2026/1/31 https://www.accupass.com/event/2512021357487819263820 AI資安新戰場 企業超前部屬防駭 免費體驗 2026/2/11 https://www.accupass.com/event/2502110717236228411690 DEVCORE CONFERENCE 2026 2026/3/14 https://devcore.kktix.cc/events/devcoreconf2026