###### tags: `資安事件新聞週報` # 資安事件新聞週報 2026/5/18 ~ 2026/5/22 1.重大弱點漏洞/後門/Exploit/Zero Day 思科修補Secure Workload滿分API未授權存取漏洞 https://www.ithome.com.tw/news/176031 Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access https://thehackernews.com/2026/05/cisco-patches-cvss-100-secure-workload.html CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits https://thehackernews.com/2026/05/cisa-adds-cisco-sd-wan-cve-2026-20182.html Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access https://thehackernews.com/2026/05/cisco-catalyst-sd-wan-controller-auth.html Palo Alto Networks修補防火牆作業系統身分驗證繞過漏洞 https://www.ithome.com.tw/news/175915 研究人員警告PAN-OS身分驗證繞過漏洞的危險程度恐被低估 https://www.ithome.com.tw/news/175918 SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access https://thehackernews.com/2026/05/seppmail-secure-e-mail-gateway.html 博通修補VMware Fusion高風險漏洞 https://www.ithome.com.tw/news/175947 微軟修補兩個已遭利用的Microsoft Defender零時差漏洞 https://www.ithome.com.tw/news/176030 CISA將Microsoft Defender零時差漏洞列入KEV https://www.ithome.com.tw/news/176032 針對微軟近日修補的Microsoft Defender零時差漏洞，有專家指出已在一個月前就有概念驗證程式碼 https://www.ithome.com.tw/news/176033 微軟公布BitLocker零時差漏洞YellowKey緩解措施 https://www.ithome.com.tw/news/176002 微軟揭露Exchange Server存在8.1分重大漏洞，並已偵測到漏洞利用活動 https://www.ithome.com.tw/news/175877 Microsoft Warns of Two Actively Exploited Defender Vulnerabilities https://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html 微軟5月Patch Tuesday修補138個漏洞，AI系統挖出16個漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12927 Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html Windows存在零時差漏洞MiniPlasma，攻擊者可取得SYSTEM權限 https://www.ithome.com.tw/news/175888 MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html Nginx重大漏洞已被用於攻擊 https://www.ithome.com.tw/news/175882 NGINX潛伏18年漏洞曝光：無需認證即可達成遠端程式碼執行 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12928 NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE https://thehackernews.com/2026/05/nginx-cve-2026-42945-exploited-in-wild.html Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws https://thehackernews.com/2026/05/ivanti-fortinet-sap-vmware-n8n-patch.html Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks https://thehackernews.com/2026/05/highly-critical-drupal-core-flaw.html Drupal修補重大SQL注入資安漏洞，並破例為已停止支援版本發布更新 https://www.ithome.com.tw/news/176009 Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare https://thehackernews.com/2026/05/drupal-to-release-urgent-core-security.html Grafana Labs資安事故調查結果出爐，起因是TanStack事故波及 https://www.ithome.com.tw/news/176015 Grafana GitHub Breach Exposes Source Code via TanStack npm Attack https://thehackernews.com/2026/05/grafana-github-breach-exposes-source.html GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension https://thehackernews.com/2026/05/github-internal-repositories-breached.html Linux作業系統存在權限提升漏洞PinTheft，攻擊者可在Arch Linux取得root權限 https://www.ithome.com.tw/news/176044 Linux核心再傳新的權限提升漏洞DirtyDecrypt https://www.ithome.com.tw/news/175919 研究人員揭露存在9年的Linux本機權限提升漏洞CVE-2026-46333 https://www.ithome.com.tw/news/176047 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros https://thehackernews.com/2026/05/9-year-old-linux-kernel-flaw-enables.html Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective https://thehackernews.com/2026/05/making-vulnerable-drivers-exploitable.html CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV https://thehackernews.com/2026/05/cisa-adds-exploited-langflow-and-trend.html ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories https://thehackernews.com/2026/05/threatsday-bulletin-linux-rootkits.html 趨勢科技修補端點防護系統Apex One已遭利用的路徑遍歷漏洞 https://www.ithome.com.tw/news/176037 CISA將趨勢科技端點防護系統Apex One路徑遍歷漏洞列入KEV https://www.ithome.com.tw/news/176038 Nvidia修補Triton推論伺服器多項重大漏洞，若未更新可能導致阻斷服務、資料洩漏或執行任意程式碼等攻擊 https://www.ithome.com.tw/news/176024 AI推論框架SGLang遭揭3重大漏洞，未驗證攻擊者恐遠端執行程式碼 https://www.ithome.com.tw/news/176018 Anthropic悄悄修補Claude Code沙箱繞過漏洞，研究人員批評陷用戶於風險中 https://www.ithome.com.tw/news/176010 Google發布電腦版Chrome 148更新，修補79個資安漏洞 https://www.ithome.com.tw/news/175860 Google發布Chrome 148更新，修補16個資安漏洞 https://www.ithome.com.tw/news/176039 Hitachi Vantara修補Pentaho資料整合與分析平臺重大漏洞，未更新可能導致遠端執行程式碼攻擊 https://www.ithome.com.tw/news/176013 沙箱函式庫SandboxJS修補CVSS滿分重大漏洞，未更新可能導致執行任意程式碼 https://www.ithome.com.tw/news/175977 GitLab發布安全更新，修補可能導致執行任意JavaScript程式碼、拒絕服務攻擊的多項重大漏洞 https://www.ithome.com.tw/news/175995 GitHub內部儲存庫遭未授權存取，官方稱客戶資料未受影響 https://www.ithome.com.tw/news/175954 CISA於GitHub暴露AWS GovCloud金鑰、內部系統憑證 https://www.ithome.com.tw/news/175968 Mozilla發布Firefox 151更新，修補逾30項資安漏洞 https://www.ithome.com.tw/news/175965 Mozilla推出Firefox 150.0.3，修補多項JavaScript高風險漏洞 https://www.ithome.com.tw/news/175874 Ivanti修補裝置管理平臺EPM高風險漏洞 https://www.ithome.com.tw/news/175948 PostgreSQL資料庫發布更新，修補11項漏洞與60多項程式錯誤 https://www.ithome.com.tw/news/175938 仍有將近3500臺Wazuh主機未修補執行任意程式碼漏洞，暴露於攻擊風險下，用戶需儘速更新 https://www.ithome.com.tw/news/175932 多家軟體供應商2026年以來CVE揭露量攀升，Chrome大增563.2%，AI輔助漏洞發掘影響浮現 https://www.ithome.com.tw/news/175936 駭客濫用Langflow漏洞與NATS訊息中介系統，竊取AI與雲端環境存取金鑰 https://www.ithome.com.tw/news/175893 Cloudflare測試Claude Mythos，串聯多個低風險漏洞形成攻擊鏈 https://www.ithome.com.tw/news/175929 OpenClaw存在漏洞攻擊鏈Claw Chain，攻擊者可用於竄改組態並植入後門 https://www.ithome.com.tw/news/175889 2.銀行/金融/保險/證券/金融監理 新聞及資安 德國聯邦金融監理總署示警AI與量子運算推升金融業網路風險，將對金融機構加強IT重點檢查 https://www.ithome.com.tw/news/176000 金管會揭金融資安韌性藍圖最新進展，即將發布金融業PQC遷移指引 https://www.ithome.com.tw/news/175737 美國政府強化移民控管 銀行客戶身份將受審帳戶恐關閉 https://reurl.cc/dpoQ4k 儲蓄卡變廢卡 河南村鎮銀行受害儲戶維權無門 https://www.epochtimes.com/b5/26/5/22/n14772163.htm 3.信用卡/電子支付/行動支付/pay/支付系統/資安 萬事達卡搶第一 啟動韓國Tmoney卡加值 https://www.ctee.com.tw/news/20260522700356-439901 Android惡意程式NGate出現新變種，偽裝行動支付工具竊取信用卡資料 https://www.ithome.com.tw/news/175533 一個購物車裝天下！Google推出「Universal Cart」結盟Nike、Target等品牌推動代理式電商新紀元 https://tech.udn.com/tech/story/124457/9513461 鎖定移工商機 一卡通「儲值歡迎卡」納勞動部移工入境歡迎包 https://stock.ltn.com.tw/article/gawbk7wuky8m 銀行公會舉辦「置易付」工作坊 助600名律師掌握實務操作安排 https://www.hkcd.com.hk/hkcdweb/content/2026/05/22/content_8756138.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 5月報稅季 加密貨幣信用卡消費也有課稅風險？會計師解析三大情境 https://money.udn.com/money/story/5612/9518797 幣圈大震撼！FBI偽裝項目方誘捕操縱集團 揭開加密貨幣「割韭菜」黑幕 https://reurl.cc/X2bAMM Sertexity AI 加密套利平台用戶破萬 技術升級加速市場部署 https://news.pchome.com.tw/science/sunmedia/20260522/index-77940798186075329005.html 伊朗經由幣安轉移數十億美元「輸血資金」，灰色交易本月仍在繼續 https://reurl.cc/GaYny3 BingX 成為首家推出 OpenAI 上市前空投的加密貨幣交易所，拓展 AI 私募市場投資機會 https://news.cnyes.com/news/id/6467697 北美最大比特幣ATM營運商Bitcoin Depot聲請破產保護 https://www.ithome.com.tw/news/175930 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 鴻海北美廠遭Nitrogen勒索軟體攻擊，凸顯製造業資安危機 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12924 GraphWorm惡意程式濫用微軟OneDrive作為C2通道，利用雲端服務隱藏攻擊流量 https://www.ithome.com.tw/news/176028 新版Gremlin竊資程式以XOR編碼隱藏惡意內容，提高靜態分析難度 https://www.ithome.com.tw/news/176021 微軟破獲惡意軟體簽章服務平臺Fox Tempest https://www.ithome.com.tw/news/175974 執法行動Operation Ramz查封53臺惡意軟體及網釣伺服器 https://www.ithome.com.tw/news/175975 TeamPCP利用蠕蟲Mini Shai-Hulud滲透逾400個NPM與PyPI套件 https://www.ithome.com.tw/news/175854 AI持續降低自動化網路攻擊門檻，2025惡意機器人活動霸佔全球網際網路流量4成 https://www.ithome.com.tw/news/175873 竊資軟體Reaper冒充蘋果、微軟、Google，攻擊macOS用戶並建立後門 https://www.ithome.com.tw/news/175921 Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor https://thehackernews.com/2026/05/showboat-linux-malware-hits-middle-east.html Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks https://thehackernews.com/2026/05/kimwolf-ddos-botnet-operator-arrested.html Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access https://thehackernews.com/2026/05/turla-turns-kazuar-backdoor-into.html Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware https://thehackernews.com/2026/05/four-malicious-npm-packages-deliver.html Mini Shai-Hulud 惡意蠕蟲再起：169 個 npm 套件淪陷，首度記錄成功偽造有效 SLSA 出處證明 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12913 Mini Shai-Hulud供應鏈攻擊波及GitHub，近3,800個內部儲存庫遭外洩 https://www.ithome.com.tw/news/176006 Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account https://thehackernews.com/2026/05/mini-shai-hulud-pushes-malicious-antv.html ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories https://thehackernews.com/2026/05/threatsday-bulletin-linux-rootkits.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 App Store擋下22億詐騙，蘋果用安全感護住服務業務護城河 https://cmnews.com.tw/article/cmoneyairesearcher-b4a3a1c0-5560-11f1-8299-38b981ba4382 Google更新Android安全與隱私功能，攔截假冒銀行來電並升級AI惡意App偵測 https://www.ithome.com.tw/news/175772 Meta強化青少年網路安全 家長可跨App管理孩子帳號 https://reurl.cc/9W9DNX App過度索取授權或被境外間諜利用　國家安全部：發現線索可舉報 https://www.wenweipo.com/a/202605/13/AP6a03b455e4b0b49ad1baaf8c.html Elon Musk 推出「XChat」App：究竟是最安全的加密通訊軟體 https://www.gq.com.tw/article/elon-musk-xchat 高德地圖App有安全疑慮台灣欲禁用　國台辦：杯弓蛇影，荒唐可笑 https://www.hk01.com/article/60345021?utm_source=01articlecopy&utm_medium=referral Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps https://thehackernews.com/2026/05/trapdoor-android-ad-fraud-scheme-hit.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 Dell SupportAssist服務引發藍色當機BSOD災情 https://www.ithome.com.tw/news/175883 2026年全球資安長人力落差約1比1萬，AI與法規壓力擴大CISO職責 https://www.ithome.com.tw/news/175864 7-Eleven證實資料被駭，疑外洩加盟店資訊 https://www.ithome.com.tw/news/175914 OpenAI遭受TanStack供應鏈攻擊波及 https://www.ithome.com.tw/news/175856 TeamPCP兜售近450個Mistral AI程式碼儲存庫 https://www.ithome.com.tw/news/175876 電信流量揭臺灣企業AI風險：7成大型企業封鎖中國模型，6萬家陷資安隱憂 https://www.ithome.com.tw/news/175926 歐盟《網路韌性法案》今年9月正式施行，產品安全通報時限成法遵門檻，僅四分之一企業將SBOM驗證納入自動化 https://www.ithome.com.tw/news/175916 RubyGems遭遇大規模惡意攻擊，暫停開發者註冊新帳號因應 https://www.ithome.com.tw/news/175927 臺灣資安廠商DEVCORE奪下Pwn2Own Berlin 2026破解大師殊榮 https://www.ithome.com.tw/news/175897 Pwn2Own Berlin 2026爆滿，傳出無法報名的研究員報復性揭露漏洞 https://www.ithome.com.tw/news/175956 建德工業發布資安重訊，指出資訊系統遭網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=172008&SPOKE_DATE=20260520&COMPANY_ID=6606 半導體廠弘塑公布勒索軟體攻擊事故調查結果，損失約2,200萬元 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=162917&SPOKE_DATE=20260521&COMPANY_ID=3131 執法機關瓦解犯罪VPN服務First VPN，FBI稱至少25個勒索軟體組織曾用於偵察與入侵 https://www.ithome.com.tw/news/176036 新加坡政府公布AI代理沙盒測試結果，評估公共服務應用效益與治理風險 https://www.ithome.com.tw/news/176027 Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows https://thehackernews.com/2026/05/megalodon-github-attack-targets-5561.html TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates https://thehackernews.com/2026/05/tanstack-supply-chain-attack-hits-two.html Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer https://thehackernews.com/2026/05/compromised-nx-console-18950-targeted.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 美國最大公立醫院醫療資訊、指紋、信用卡資料被竊走，影響180萬人 https://www.ithome.com.tw/news/175928 CISA暴露的GitHub儲存庫公開844 MB機密資料 https://www.ithome.com.tw/news/176012 Meta平臺占今年1至4月詐騙案件高達8成以上，政府要求強化演算法從源頭攔截詐騙訊息 https://www.ithome.com.tw/news/175998 微軟個人帳號將開始停用簡訊傳送驗證碼 https://www.ithome.com.tw/news/176003 新駭客基礎架構出現，加速裝置碼釣魚、竊取Microsoft 365權杖 https://www.ithome.com.tw/news/175885 Tycoon 2FA被用於裝置驗證碼網釣，駭客搭配Trustifi追蹤器挾持M365帳號 https://www.ithome.com.tw/news/175906 Grafana Labs存取權杖外洩，導致其GitHub程式碼庫遭竊與勒索 https://www.ithome.com.tw/news/175878 工業測試設備製造商Fluke資料外洩波及1.85萬人，駭客竊取身分與身障等敏感資訊 https://www.ithome.com.tw/news/175907 針對RubyGems遭遇大規模垃圾套件攻擊事故，傳出駭客的目的是洩露英國政府機關網站資料 https://www.ithome.com.tw/news/175931 Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials https://thehackernews.com/2026/05/github-actions-supply-chain-attack.html Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence https://thehackernews.com/2026/05/four-openclaw-flaws-enable-data-theft.html The New Phishing Click: How OAuth Consent Bypasses MFA https://thehackernews.com/2026/05/the-new-phishing-click-how-oauth.html GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos https://thehackernews.com/2026/05/github-investigating-teampcp-claimed.html E.研究報告/工具 SAS CIO揭內部GenAI實戰經驗：AI正在改變漏洞管理節奏 https://www.ithome.com.tw/news/176029 針對研究員Chaotic Eclipse公布的多個零時差漏洞，資安公司警告已能串成攻擊鏈 https://www.ithome.com.tw/news/176004 面對AI漏洞風暴！資安署籲企業重視基本功，並強調從「預防被打」轉向「迅速復原」 https://www.ithome.com.tw/news/175978 NVMe協定啟動後量子密碼學規格更新，因應量子運算時代加密威脅 https://www.ithome.com.tw/news/175970 What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface https://thehackernews.com/2026/05/what-45-days-of-watching-your-own-tools.html Developer Workstations Are Now Part of the Software Supply Chain https://thehackernews.com/2026/05/developer-workstations-are-now-part-of.html Agent AI is Coming. Are You Ready https://thehackernews.com/2026/05/agent-ai-is-coming-are-you-ready.html Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem https://thehackernews.com/2026/05/typosquatting-is-no-longer-user-problem.html When Identity is the Attack Path https://thehackernews.com/2026/05/when-identity-is-attack-path.html F.商業 從合規到主動防禦，資安人攜手橙鋐科技與其代理品牌打造資安韌性治理藍圖 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12911 AI開始進入漏洞研究與通報生態，Mozilla、微軟、GitHub與Curl案例受關注 https://www.ithome.com.tw/news/175980 Gartner預估2026年全球AI支出達2.6兆美元，AI資安支出增加近1倍 https://www.ithome.com.tw/news/175982 Confluent強化即時資料串流安全，新增個資防護與安全連線功能 https://www.ithome.com.tw/news/175999 微軟開放Windows Server 2025用戶使用熱修補功能，進一步推廣Azure Arc混合雲管理架構 https://www.ithome.com.tw/news/176008 微軟修改Edge瀏覽器密碼管理機制，避免開機即載入明文密碼 https://www.ithome.com.tw/news/175961 微軟預覽伺服器Linux發行版Azure Linux 4.0，可藉此強化安全性 https://www.ithome.com.tw/news/175976 Meta MBBRC首度登臺！祭30萬美元獎金鎖定AI代理等安全 https://www.ithome.com.tw/news/175951 IBM擴大AI資安工具布局，參與廣泛使用軟體漏洞識別與修補 https://www.ithome.com.tw/news/175962 因應AI時代資安風險，Dell整合資料保護平臺並擴展威脅偵測能力 https://www.ithome.com.tw/news/175955 Redis推出AI代理情境引擎Iris，提供專為資料安全設計的上下文檢索器 https://www.ithome.com.tw/news/175934 強化臺灣的通訊基礎韌性，遠傳與Amazon Leo合作引進低軌衛星網路服務 https://www.ithome.com.tw/news/175966 思科營收成長12%，宣布裁撤近4,000名員工，資安業務持平 https://www.ithome.com.tw/news/175808 UiPath整合程式開發代理，AI建立的自動化流程也納入企業治理 https://www.ithome.com.tw/news/175769 GitLab啟動Act 2策略調整，改造AI代理開發平臺並縮減人力 https://www.ithome.com.tw/news/175730 Raindrop AI推出開放原始碼工具Workshop，支援AI代理本機除錯與評估 https://www.ithome.com.tw/news/175887 Anthropic為Claude for Legal新增外掛、MCP連接器 https://www.ithome.com.tw/news/175766 WD為硬碟韌體保護導入後量子數位簽章技術，硬碟安全進入抗量子時代 https://www.ithome.com.tw/news/175925 臺灣企業積極布局代理式AI與DevSecOps https://www.ithome.com.tw/news/175863 Akamai斥資2.05億美元買下LayerX，強化AI與瀏覽器安全 https://www.ithome.com.tw/news/175881 AWS強化Amazon EMR on EC2可觀測性，新增近即時日誌串流與YARN Application ID對應功能 https://www.ithome.com.tw/news/175884 G.政府 資安署提三大措施應對AI驅動威脅，呼籲企業重建資安基本功 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12932 數發部負責AI風險分類框架，將參考歐盟高風險AI標準 https://www.ithome.com.tw/news/176019 加速政府朝向AI智慧化治理的發展基礎，行政院6月將發布「AI公務人才認定指引」 https://www.ithome.com.tw/news/176022 資安署擴大資安長共識營規模，首度邀集五院建立資安治理共識 https://www.ithome.com.tw/news/176005 數發部發表AI人才認定指引3.0，新增AI治理與協作能力 https://www.ithome.com.tw/news/175935 經濟部推行動工商憑證，讓手機化身「數位大小章」，瞄準企業授權與金融應用 https://www.ithome.com.tw/news/175909 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations https://thehackernews.com/2026/05/pre-stuxnet-fast16-malware-tampered.html 華為路由器疑似零時差漏洞引發DoS攻擊，盧森堡去年通訊中斷逾3小時 https://www.ithome.com.tw/news/176016 台灣男大生用軟體定義無線電癱瘓高鐵48分鐘，TETRA協定配置缺陷與OT資安漏洞引發警示 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12922 Yarbo割草機器人傳出重大安全漏洞，可能遭攻擊者遠端控制，用戶需立即升級新版韌體 https://www.ithome.com.tw/news/175831 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 邁向現代化資安防禦：以零信任為核心的 macOS 全方位管理架構 2026/5/25 https://jamf.kktix.cc/events/mac-security-workshop-2026q2 Gemini實戰全攻略-打造你的AI工作流 2026/5/30 https://www.accupass.com/event/2602191339327923594810 行動優先時代：如何兼顧工作效率與企業資安 2026/6/5 https://jamf.kktix.cc/events/mobile-security-workshop-2026q2 CraftCon Taiwan 2026｜全台唯一 AI 資安技術研討會 2026/7/3 https://cycraft.kktix.cc/events/craftcon2026