資安事件新聞週報 2025/9/15 ~ 2025/9/19

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/9/15 ~ 2025/9/19 1.重大弱點漏洞/後門/Exploit/Zero Day WatchGuard防火牆存在重大層級漏洞，攻擊者有機會用於執行任意程式碼 https://www.bleepingcomputer.com/news/security/watchguard-warns-of-critical-vulnerability-in-firebox-firewalls/ Microsoft 推出 2025年9月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12224 微軟郵件伺服器Exchange Server、辦公室軟體套件Offfice，2016及2019版皆將於10月14日終止支援 https://www.ithome.com.tw/news/171206 微軟警告Windows 10將在一個月後終止技術支援 https://www.ithome.com.tw/news/171182 針對郵件伺服器Roundcube近滿分漏洞，中國駭客CamoFei已用於實際攻擊行動，臺灣有教育機構受害 https://www.ithome.com.tw/news/171242 Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover https://thehackernews.com/2025/09/chaos-mesh-critical-graphql-flaws.html CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://thehackernews.com/2025/09/cisa-warns-of-two-malware-strains.html Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning https://thehackernews.com/2025/09/critical-cve-2025-5086-in-delmia-apriso.html Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html Google發布Chrome 140更新，修補今年第6個零時差漏洞 https://www.ithome.com.tw/news/171282 Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html ChatGPT近期整合行事曆的機制存在弱點，攻擊者有機會用來竊取電子郵件 https://www.securityweek.com/chatgpts-new-calendar-integration-can-be-abused-to-steal-emails/ 系統穩定性及除錯測試平臺Chaos Mesh存在重大漏洞，恐導致Kubernetes叢集被挾持 https://www.ithome.com.tw/news/171238 2.銀行/金融/保險/證券/金融監理新聞及資安 ShinyHunters傳出接下來針對金融、科技領域而來，濫用Bland AI進行大規模社交工程攻擊 https://thehackernews.com/2025/09/scattered-spider-resurfaces-with.html 越南國家信用資訊中心傳出遭ShinyHunters攻擊，個資出現未經授權存取 https://securityaffairs.com/182189/cyber-crime/shinyhunters-attack-national-credit-information-center-of-vietnam.html 以科技打造安全網、以教育培訓銀髮守門人　富邦金控多管道強健金融防詐韌性 https://finance.ettoday.net/news/3036314 非臨櫃匯款顯示受款人戶名第一波9月底32家銀行全面上線 https://udn.com/news/story/7239/9009040 打詐...新增轉帳戶名顯示機制 https://money.udn.com/money/story/5613/9009551 3.信用卡/電子支付/行動支付/pay/支付系統/資安銅板快滅絕？小錢懶得掏直接掃碼就好行動支付小額交易首度超越現金 https://reurl.cc/Lnx68X 交通卡好康懶人包！悠遊付網路聲量贏過一卡通原因是 https://udn.com/news/story/7266/9012752 不再只靠現金：一張信用卡，串起非六都的商家與觀光客 https://web3plus.bnext.com.tw/article/4231 十年磨一劍！電子支付公會10/1正式成立金管會賦予三大任務 https://news.cnyes.com/news/id/6157097 印尼電子支付系統遍地開花　挑戰西方平台、拓展區域金融 https://www.nownews.com/news/6732858 電支霸主換人做！　「全支付」首度超越「街口」居冠 https://news.cts.com.tw/cts/life/202509/202509182514389.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 SEC 加速批准加密貨幣現貨 ETF 上市標準，哪些幣種符合「快速通關」條件 https://zombit.info/sec-approves-new-exchange-listing-standards/ 中國央行原副行長：數據正在資產化，建構數據市場需具備區塊鏈基礎等要素 https://m.cnyes.com/news/id/6161032 英國擬在2026年全面納管加密貨幣，放寬部分原則、針對性強化監管 https://www.blocktempo.com/uk-fca-tailored-crypto-rules/ 上海法院成功處置加密貨幣：借道香港變現九萬餘枚FIL https://hao.cnyes.com/post/195185 RWA 如何助力 DeFi 突破次元壁？讓加密貨幣走向外循環 https://www.blocktempo.com/crypto-moving-towards-external-circulation-rwa-web3-historical-opportunity/ 歐盟加強打擊制裁規避行爲，限制加密貨幣平臺 https://www.binance.com/zh-TC/square/post/09-19-2025-29896816419097 Google 推出支援穩定幣與加密貨幣的「代理支付協議AP2」：讓 AI 實現跨平台交易 https://www.blocktempo.com/google-ap2-launches-ai-payment-era/ 聯準會啟動降息，穩定幣發行商「躺著賺時代」結束了 https://www.blocktempo.com/fed-rate-cut-end-of-stablecoin-profit-era/ USDC引爆電子支付革新！穩定幣崛起台股雙雄迎爆發契機 https://reurl.cc/lYb7q6 首個韓元掛鉤穩定幣 KRW1 正式推出！發行商 BDACS 攜手友利銀行、AVAX 打造穩定幣框架 https://abmedia.io/bdacs-krw1-avax-stablecoin 加拿大央行警告：不跟上穩定幣監管制定，傳統銀行會遭時代淘汰 https://www.blocktempo.com/bank-of-canada-warns-lagging-stablecoin-regulation-could-render-traditional-banks-obsolete/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體攻擊前的關鍵示警是遠端存取服務遭濫用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12226 Akira勒索軟體持續利用SonicWall SSL VPN漏洞發動攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12225 勒索軟體組織Killsec宣稱入侵巴西醫療軟體供應商，波及多家醫療機構 https://www.ithome.com.tw/news/171229 惡意軟體SystemBC轉移攻擊目標，鎖定虛擬私有伺服器下手，建立代理伺服器殭屍網路 https://www.bleepingcomputer.com/news/security/systembc-malware-turns-infected-vps-systems-into-proxy-highway/ Python開發者遭鎖定，SilentSync RAT透過惡意PyPI套件散布 https://thehackernews.com/2025/09/silentsync-rat-delivered-via-two.html 惡意軟體載入工具CountLoader被俄羅斯駭客用於勒索軟體活動，目的是部署Cobalt Strike、AdaptixC2，以及木馬程式PureHVNC RAT https://thehackernews.com/2025/09/countloader-broadens-russian-ransomware.html 供應鏈攻擊兩天內急速擴散！逾500個NPM套件被植入具大量散播能力的蠕蟲 https://www.ithome.com.tw/news/171263 NPM套件供應鏈攻擊開始出現新手法，惡意套件能自行感染其他套件 https://www.bleepingcomputer.com/news/security/self-propagating-supply-chain-attack-hits-187-npm-packages/ 駭客組織WhiteCobra鎖定VS Code、Cursor、Windsurf用戶而來，上架惡意套件意圖挖礦 https://www.bleepingcomputer.com/news/security/whitecobra-floods-vscode-market-with-crypto-stealing-extensions/ 法國警告蘋果用戶成為一系列間諜軟體的攻擊目標 https://www.bleepingcomputer.com/news/security/apple-warns-customers-targeted-in-recent-spyware-attacks/ 伊朗駭客MuddyWater發動新一波攻擊，透過Cloudflare散布多階段惡意軟體 https://gbhackers.com/muddywater/ 勒索軟體HybridPetya可繞過安全開機防護機制 https://www.bleepingcomputer.com/news/security/new-hybridpetya-ransomware-can-bypass-uefi-secure-boot/ 巴拿馬財政部遭INC Ransom勒索軟體攻擊，駭客聲稱竊走1.5 TB資料 https://www.ithome.com.tw/news/171152 半導體測試設備供應商致茂電子遭網路攻擊，勒索軟體Warlock聲稱是他們所為 https://finance.ftvnews.com.tw/news/detail/2025916W0812 中國駭客透過SEO、GitHub散布惡意程式HiddenGh0st、Winos、kkRAT https://thehackernews.com/2025/09/hiddengh0st-winos-and-kkrat-exploit-seo.html CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader https://thehackernews.com/2025/09/countloader-broadens-russian-ransomware.html Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine https://thehackernews.com/2025/09/russian-hackers-gamaredon-and-turla.html TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks https://thehackernews.com/2025/09/ta558-uses-ai-generated-scripts-to.html SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers https://thehackernews.com/2025/09/silentsync-rat-delivered-via-two.html 中國駭客Mustang Panda鎖定泰國而來，散布USB蠕蟲SnakeDisk https://thehackernews.com/2025/09/mustang-panda-deploys-snakedisk-usb.html Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs https://thehackernews.com/2025/09/mustang-panda-deploys-snakedisk-usb.html Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms https://thehackernews.com/2025/09/apple-warns-french-users-of-fourth.html New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit https://thehackernews.com/2025/09/new-hybridpetya-ransomware-bypasses.html Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories https://thehackernews.com/2025/09/cursor-ai-code-editor-flaw-enables.html HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks https://thehackernews.com/2025/09/hiddengh0st-winos-and-kkrat-exploit-seo.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊大規模廣告詐欺SlopAds透過224款惡意安卓App，一天可點擊2.3億次廣告牟利 https://www.ithome.com.tw/news/171240 蘋果今年四度發出威脅通知，法國電腦緊急應變小組籲受害者優先保全證據 https://www.ithome.com.tw/news/171214 蘋果為較舊版本iPhone、iPad修補Image I/O框架零時差漏洞 https://www.bleepingcomputer.com/news/security/apple-backports-zero-day-patches-to-older-iphones-and-ipads/ 三星為安卓裝置修補已遭積極利用的零時差漏洞 https://www.ithome.com.tw/news/171197 Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力針對曝露的Docker API，駭客透過Tor網路發動新一波行動，疑綁架用於殭屍網路 https://www.ithome.com.tw/news/171181 PyPI註銷供應鏈攻擊GhostAction遭濫用的憑證 https://www.bleepingcomputer.com/news/security/pypi-invalidates-tokens-stolen-in-ghostaction-supply-chain-attack/ 捷元B2B採購平臺出現異常下單，母公司鑫聯發資安重訊證實 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=174216&SPOKE_DATE=20250912&COMPANY_ID=3709 智擎發布資安重訊，網站代管業者遭受DDoS攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=213035&SPOKE_DATE=20250911&COMPANY_ID=4162 精品業者Gucci、YSL、Balenciaga母公司證實遭駭，ShinyHunters宣稱犯案 https://www.ithome.com.tw/news/171203 針對網路攻擊事故的後續處理，Jaguar Land Rover決定延長暫停生產的時間因應 https://www.bleepingcomputer.com/news/security/jaguar-land-rover-extends-shutdown-after-cyberattack-by-another-week/ 針對APT41假冒美國議員攻擊與美中貿易談判有關的政府機關、智庫、學者，資安業者Proofpoint揭露相關細節 https://securityaffairs.com/182304/apt/china-linked-apt41-targets-government-think-tanks-and-academics-tied-to-us-china-trade-and-policy.html 中國防火長城資料外洩，近600 GB原始碼與內部文件曝光 https://www.ithome.com.tw/news/171273 中國防火牆相關資料傳出資料外洩，近600 GB原始碼、內部通訊、事件記錄 https://hackread.com/great-firewall-of-china-data-published-largest-leak/ 中國支持的新APT組織GhostRedirector，入侵全球Windows伺服器 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12217 駭客組織TA588鎖定巴西旅館而來，透過AI生成的指令碼散布木馬Venom RAT https://thehackernews.com/2025/09/ta558-uses-ai-generated-scripts-to.html U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack https://thehackernews.com/2025/09/uk-arrest-two-teen-scattered-spider.html Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts https://thehackernews.com/2025/09/chinese-ta415-uses-vs-code-remote.html DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM https://thehackernews.com/2025/09/doj-resentences-breachforums-founder-to.html Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims https://thehackernews.com/2025/09/scattered-spider-resurfaces-with.html From Quantum Hacks to AI Defenses – Expert Guide to Building Unbreakable Cyber Resilience https://thehackernews.com/2025/09/from-quantum-hacks-to-ai-defenses.html 記憶體攻擊新手法Phoenix，可繞過DDR5的Rowhammer防禦機制 https://www.ithome.com.tw/news/171245 Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds https://thehackernews.com/2025/09/phoenix-rowhammer-attack-bypasses.html Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html 6 Browser-Based Attacks Security Teams Need to Prepare For Right Now https://thehackernews.com/2025/09/6-browser-based-attacks-security-teams.html AI滲透測試工具Villager在PyPI下載急劇增加，恐被用於網路犯罪 https://thehackernews.com/2025/09/ai-powered-villager-pen-testing-tool.html AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns https://thehackernews.com/2025/09/ai-powered-villager-pen-testing-tool.html FBI針對UNC6040與UNC6395駭客組織活動提出警告，目標是從企業組織的Salesforce平臺竊取資料 https://www.ithome.com.tw/news/171192 FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks https://thehackernews.com/2025/09/fbi-warns-of-unc6040-and-unc6395.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全駭客竊得Google執法請求系統帳號 https://www.ithome.com.tw/news/171247 Google的執法請求系統遭駭，駭客設置用於詐欺的帳號 https://www.bleepingcomputer.com/news/security/google-confirms-fraudulent-account-created-in-law-enforcement-portal/ 網釣服務VoidProxy鎖定M365、Google帳號而來 https://www.bleepingcomputer.com/news/security/new-voidproxy-phishing-service-targets-microsoft-365-google-accounts/ 壽司郎傳出個資外洩事故，客戶收到他人點數到期通知 https://www.ithome.com.tw/news/171272 新型態網釣手法FileFix聲稱臉書用戶帳號將被停用，意圖散布竊資軟體StealC https://www.ithome.com.tw/news/171235 SonicWall防火牆雲端設定檔備份外洩，要求用戶立即更換憑證 https://www.ithome.com.tw/news/171270 SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers https://thehackernews.com/2025/09/sonicwall-urges-password-resets-after.html 微軟雲端檔案共享服務OneDrive的自動同步機制存在缺陷，恐洩露SharePoint Online的企業機密 https://gbhackers.com/microsoft-onedrive-auto-sync-flaw/ RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains https://thehackernews.com/2025/09/raccoono365-phishing-network-shut-down.html ShinyHunters宣稱從Salesloft Drift事件竊得15億筆Salesforce資料 https://www.ithome.com.tw/news/171251 E.研究報告/工具 How CISOs Can Drive Effective AI Governance https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage https://thehackernews.com/2025/09/cloud-native-security-in-2025-why.html Securing the Agentic Era: Introducing Astrix's AI Agent Control Plane https://thehackernews.com/2025/09/securing-agentic-era-introducing.html Rethinking AI Data Security: A Buyer's Guide https://thehackernews.com/2025/09/rethinking-ai-data-security-buyers-guide.html How To Automate Alert Triage With AI Agents and Confluence SOPs Using Tines https://thehackernews.com/2025/09/how-to-automate-alert-triage-with-ai.html F.商業 F5買下AI安全領域的元老級公司CalypsoAI https://www.ithome.com.tw/news/171248 CrowdStrike買下Pangea，進軍AI偵測與回應領域 https://www.ithome.com.tw/news/171249 Check Point買下AI資安業者Lakera https://www.ithome.com.tw/news/171250 SecurityScorecard買下AI問卷自動化業者HyperComply https://www.ithome.com.tw/news/171280 WebAssembly 3.0定版，強化支援高階語言與更大規模應用 https://www.ithome.com.tw/news/171256 G.政府資安院發布「資安週報」數據驅動台灣資安治理新模式 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12219 將中小企業與NGO納入資安防禦網！資安院打造健檢團與服務團，可結合課程讓老師帶學生實務參與 https://www.ithome.com.tw/news/171253 資安院推中小企業資安防護指南手冊，預告臺版Cyberseek明年上線 https://www.ithome.com.tw/news/171261 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安國際半導體展資安合作再升級，SEMI E187認驗證制度正式啟動 https://www.ithome.com.tw/news/171201 TXOne Edge完整OT防護鏈守護製造業舊系統網路層策略破解升級兩難 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12222 大型L7的DDoS殭屍網路綁架576萬臺物聯網裝置，攻擊政府機關 https://www.ithome.com.tw/news/171200 1.1萬臺物聯網裝置、路由器遭綁架，發動每秒15億個封包的DDoS攻擊 https://www.ithome.com.tw/news/171177 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965 WordPress 彩虹小聚｜遠端工作經驗談 2025/9/23 https://www.meetup.com/taipei-wordpress/events/310762339/ MaiCoin 反詐騙講座 2025/9/24 https://www.accupass.com/event/2506290709471003672601 ONLINE 🌟 Intro to SQL for beginners 2025/9/24 https://www.meetup.com/le-wagon-tokyo-coding-station/events/310691490/ [On-Line] AWS Global Community Gatherings #11 2025/9/26 https://www.meetup.com/awsglobalcommunitygatherings/events/308856858/