###### tags: `資安事件新聞週報` # 資安事件新聞週報 2026/2/2 ~ 2026/2/6 1.重大弱點漏洞/後門/Exploit/Zero Day CISA警告一年前揭露的VMware ESXi零時差漏洞已被用於勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/ Check Point修補SASE平臺的Windows用戶端程式 https://www.ithome.com.tw/news/173758 SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score https://thehackernews.com/2026/01/smartermail-fixes-critical.html 針對近期微軟緊急修補的Office零時差漏洞，傳出俄羅斯駭客APT28用於實際攻擊 https://www.ithome.com.tw/news/173728 CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html Ivanti EPMM 爆兩大零時差漏洞遭積極利用，美國CISA 緊急列入 KEV 目錄 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12677 Ivanti熱修補行動裝置管理平臺EPMM，目的是解決兩個重大遠端程式碼執行漏洞 https://www.ithome.com.tw/news/173694 HPE修補Aruba設備軟體高風險OpenSSL弱點 https://www.ithome.com.tw/news/173709 Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries https://thehackernews.com/2026/02/claude-opus-46-finds-500-high-severity.html ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html 多家資安公司揭露n8n重大漏洞，攻擊者建立工作流程就能接管伺服器 https://www.ithome.com.tw/news/173804 SolarWinds修補IT服務臺WHD四重大漏洞，涉及RCE與身分驗證繞過 https://www.ithome.com.tw/news/173757 AI應用開發框架Chainlit爆高風險漏洞，恐遭濫用入侵雲端環境 https://www.ithome.com.tw/news/173563 5年前的GitLab漏洞出現攻擊行動 https://www.bleepingcomputer.com/news/security/cisa-warns-of-five-year-old-gitlab-flaw-exploited-in-attacks/ GitLab修補雙因素驗證繞過與多項DoS漏洞 https://www.ithome.com.tw/news/173531 與APT41有關的中國駭客加入利用WinRAR路徑遍歷漏洞的行列 https://www.ithome.com.tw/news/173776 Google修補Chrome兩項高風險漏洞，記憶體錯誤恐遭濫用執行任意程式碼 https://www.ithome.com.tw/news/173777 Gemini MCP Tool開源工具爆命令注入漏洞，CVE-2026-0755可導致遠端程式碼執行 https://www.ithome.com.tw/news/173755 SandboxJS修補重大漏洞CVE-2026-23830，沙箱機制可遭繞過執行任意程式碼 https://www.ithome.com.tw/news/173699 Kubernetes祕密管理工具External Secrets Operator爆重大漏洞，恐跨命名空間外洩身分憑證 https://www.ithome.com.tw/news/173593 Windows 11非安全更新KB5074105再傳災情，用戶回報效能與開始選單異常 https://www.ithome.com.tw/news/173725 2.銀行/金融/保險/證券/金融監理 新聞及資安 Notepad++ 更新機制遭中國駭客劫持長達六個月，鎖定東亞電信與金融業者 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12673 金融軟體服務供應商Marquis遭勒索軟體入侵，定調肇因為MySonicWall防火牆組態備份檔未經授權存取 https://www.ithome.com.tw/news/173719 3.信用卡/電子支付/行動支付/pay/支付系統/資安 商家苦於手續費 民眾憂心資安 行動支付普及的雙重阻礙 https://www.peopo.org/news/834390 全支付用戶突破700萬大關，又2家電支業者前進日本跨境支付 https://www.ithome.com.tw/news/173828 Airtel Africa 憑藉數據和行動支付增長創下利潤新高 https://www.mexc.com/zh-TW/news/647980 不怕找零、不用算匯率，外國遊客在泰國都改用行動支付 https://www.thenewslens.com/article/264367 2026北捷新規：進閘門禁用行動電源，手機行動支付/信用卡進站教學一次看 https://www.xinmedia.com/article/303588 數位卡關？聯醫院外門診部無行動支付挨批不便 院方回應了 https://www.chinatimes.com/realtimenews/20260203002098-260405?chdtv 美國稅局發布退稅與繳款電子支付指南 https://www.epochtimes.com/b5/26/2/3/n14689944.htm 電子支付淪擺看？ 排隊名店「藏QRCODE」只收現金 https://news.tvbs.com.tw/life/3094988 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 加密貨幣交易所Coinbase傳出去年承包商不當存取客戶資料，駭客聲稱藉此取得該公司內部IT服務臺介面的螢幕截圖 https://www.bleepingcomputer.com/news/security/coinbase-confirms-insider-breach-linked-to-leaked-support-tool-screenshots/ 北韓駭客LabyRinth Chollima進行分工，同時從事網路間諜活動及竊取加密貨幣資產 https://securityonline.info/hydra-tactics-north-koreas-labyrinth-chollima-splits-to-hunt-crypto-secrets/ 誤發400億美元比特幣搞烏龍！南韓交易所出面回應 https://m.cnyes.com/news/id/6336680 南韓加密貨幣交易所疑誤將「2000 枚比特幣」當「2000 韓元」錯發給百名用戶 https://abmedia.io/south-korea-2000-btc-krw-bithumb 南韓Bithumb誤發62萬枚比特幣 金融委員會召開緊急會議 https://ec.ltn.com.tw/article/breakingnews/5335920 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC MoltBot AI 助理爆重大安全危機：230 個惡意套件竊取密碼，社群平台同步外洩 API 金鑰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12672 勒索軟體Interlock濫用存在零時差漏洞的反遊戲作弊驅動，讓EDR與防毒停擺 https://gbhackers.com/interlock-ransomware/ 舊版鑑識軟體元件遭濫用，駭客以此打造能癱瘓EDR運作的工具，從事勒索軟體攻擊活動 https://www.bleepingcomputer.com/news/security/edr-killer-tool-uses-signed-kernel-driver-from-forensic-software/ 惡意軟體ValleyRAT假借LINE安裝程式散布，目的是竊取憑證 https://www.ithome.com.tw/news/173803 惡意Chrome延伸套件透過隱藏的聯盟挾持手法，企圖竊取ChatGPT權杖 https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html 逾2500款資安工具遭濫用，駭客用於在部署勒索軟體前終止端點防護系統運作 https://cybersecuritynews.com/hackers-weaponized-2500-security-tools/ 惡意軟體攻擊活動Dead#Vax出現新手法，駭客透過IPFS存放VHD映像檔從事網釣 https://thehackernews.com/2026/02/deadvax-malware-campaign-deploys.html 勒索軟體組織Everest聲稱竊得HP旗下視訊與語音會議方案Poly資料 https://www.ithome.com.tw/news/173732 駭客組織PeckBirdy透過寄生攻擊手法，意圖散布後門程式HoldDonut與MkDoor https://gbhackers.com/peckbirdy-hackers/ 駭客利用React Native重大漏洞Metro4Shell發動攻擊，散布Rust打造的惡意程式 https://www.ithome.com.tw/news/173773 中國駭客UAT-8099鎖定IIS伺服器下手，企圖在亞洲組織植入惡意軟體BadIIS https://thehackernews.com/2026/01/china-linked-uat-8099-targets-iis.html 微軟警告竊資軟體攻擊逐漸從Windows轉向macOS平臺，駭客透過Python打造惡意程式 https://securityaffairs.com/187608/security/microsoft-info-stealing-malware-expands-from-windows-to-macos.html Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html Notepad++自動更新通道遭劫持，v8.8.9起強制驗證數位簽章防竄改 https://www.ithome.com.tw/news/173716 Notepad++供應鏈攻擊出現三波活動，澳、菲、越、薩等國用戶成目標 https://www.ithome.com.tw/news/173781 Notepad++更新遭挾持，傳出是中國駭客Lotus Blossom所為 https://www.ithome.com.tw/news/173754 Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users https://thehackernews.com/2026/02/notepad-official-update-mechanism.html Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html 印度防毒軟體eScan遭供應鏈攻擊，更新基礎設施被用於交付惡意程式 https://www.ithome.com.tw/news/173736 eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware https://thehackernews.com/2026/02/escan-antivirus-update-servers.html 雲端原生木馬Arsink RAT鎖定安卓裝置而來，竊取敏感資料及建立存取管道 https://gbhackers.com/arsink-rat/ 初始入侵管道掮客TA584轉換跑道，利用Tsundere機器人與木馬XWorm發動勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/initial-access-hackers-switch-to-tsundere-bot-for-ransomware-attacks/ Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks https://thehackernews.com/2026/02/apt28-uses-microsoft-office-cve-2026.html Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users https://thehackernews.com/2026/02/researchers-find-341-malicious-clawhub.html 爆紅AI代理ClawdBot出現惡意延伸套件，駭客以此散布竊資軟體NovaStealer、Atomic Stealer https://www.ithome.com.tw/news/173735 OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware https://thehackernews.com/2026/01/china-linked-uat-8099-targets-iis.html Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models https://thehackernews.com/2026/02/microsoft-develops-scanner-to-detect.html DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files https://thehackernews.com/2026/02/deadvax-malware-campaign-deploys.html Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html 老牌Python解析庫PLY爆重大RCE漏洞，未記載picklefile參數恐成攻擊入口 https://www.ithome.com.tw/news/173700 AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.html 蠕蟲程式GlassWorm入侵Open VSX開發人員帳號，藉由推送惡意更新攻擊Mac用戶 https://www.ithome.com.tw/news/173761 B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 How Samsung Knox Helps Stop Your Network Security Breach https://thehackernews.com/2026/02/how-samsung-knox-helps-stop-your-network-security-breach.html 部分支援Google快速配對機制的藍牙耳機與喇叭存在WhisperPair漏洞，10秒內恐遭接管 https://www.ithome.com.tw/news/173433 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 17.5萬臺Ollama主機曝露，遍及130國，恐面臨LLM濫用風險 https://www.ithome.com.tw/news/173708 駭客發起Bizarre Bazaar攻擊行動，企圖挾持大型語言模型的基礎設施牟利 https://www.bleepingcomputer.com/news/security/hackers-hijack-exposed-llm-endpoints-in-bizarre-bazaar-operation/ Google領軍查緝全球最大常駐代理伺服器網路IPIDEA https://www.ithome.com.tw/news/173679 伊朗駭客RedKitten鎖定人權鬥士、非政府組織，以及社會運動人士發動攻擊 https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html 義大利指控俄國駭客攻擊冬奧網站、大使館 https://www.ithome.com.tw/news/173800 丹麥遭俄羅斯駭客聯盟Russian Legion鎖定，駭客企圖發動大規模攻擊 https://gbhackers.com/russian-hacker/ 駭客組織Punishing Owl攻擊俄羅斯軍情機構，將使用者重新導向位於巴西的伺服器 https://gbhackers.com/punishing-owl/ 伊朗駭客APT42透過PowerShell後門TameCat對國防官員下手 https://securityonline.info/tamecat-exposed-apt42s-fileless-backdoor-targets-defense-chiefs/ 電子業者驊陞部分資訊系統遭惡意軟體攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=173616&SPOKE_DATE=20260202&COMPANY_ID=6272 電子零組件公司勝德資訊系統遭網攻 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=163937&SPOKE_DATE=20260203&COMPANY_ID=3296 攻擊活動Shadow DNS濫用已遭滲透的路由器，企圖操控網路流量 https://gbhackers.com/shadow-dns-operation/ JavaScript執行環境Deno沙箱上線，以輕量虛擬機隔離不受信任程式碼 https://www.ithome.com.tw/news/173756 駭客鎖定Citrix NetScaler基礎設施從事大規模偵察活動 https://www.bleepingcomputer.com/news/security/wave-of-citrix-netscaler-scans-use-thousands-of-residential-proxies/ Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup https://thehackernews.com/2026/01/ex-google-engineer-convicted-for.html Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html 波蘭CERT公布國家電網遭網攻事故最新調查結果，超過30個風力及太陽能發電廠遭遇破壞性攻擊 https://www.ithome.com.tw/news/173715 CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms https://thehackernews.com/2026/01/poland-attributes-december-cyber.html Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends https://thehackernews.com/2026/02/infy-hackers-resume-operations-with-new.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 自動化投資平臺Betterment遭社交工程攻擊，HIBP指外流140萬個Email地址與個資 https://www.ithome.com.tw/news/173795 創作平臺Substack去年10月被駭，疑外洩資料70萬筆 https://www.ithome.com.tw/news/173798 ShinyHunters駭客公布哈佛、賓州大學百萬筆個資 https://www.ithome.com.tw/news/173771 ShinyHunters疑似經由第三方平臺取得約會App開發商Match Group逾1000萬筆資料 https://www.ithome.com.tw/news/173692 Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms https://thehackernews.com/2026/01/mandiant-finds-shinyhunters-using.html 假冒健保局、偽造 PXpay 通知：ASRC 揭台灣成郵件社交工程精準攻擊目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12668 西班牙科學部傳出資料外洩，宣布關閉部分資訊系統 https://www.bleepingcomputer.com/news/security/spains-ministry-of-science-shuts-down-systems-after-breach-claims/ 新加坡要求企業不能用身分證號當密碼，未來幾個月將全面汰換相關做法 https://www.ithome.com.tw/news/173737 駭客組織ShinyHunters語音網釣取得單一登入憑證，意圖竊取企業SaaS平臺資料進行勒索 https://www.ithome.com.tw/news/173745 冒牌Dropbox網釣活動透過假訂單為誘餌，意圖竊取帳密資料 https://gbhackers.com/fake-dropbox/ 鎖定Mac用戶的竊資軟體攻擊增加，駭客透過Python等受信任平臺及社交工程手法犯案 https://gbhackers.com/infostealer-attacks/ 網路犯罪聯盟Scattered Lapsus$ Hunters企圖對超過100家企業發動大規模語音網釣 https://www.ithome.com.tw/news/173682 E.研究報告/工具 CTM360 Research Reveals 30,000+ Fake Online Shops Impersonating Fashion Brands https://thehackernews.com/expert-insights/2026/02/ctm360-research-reveals-30000-fake.html Badges, Bytes and Blackmail https://thehackernews.com/2026/01/badges-bytes-and-blackmail.html Securing the Mid-Market Across the Complete Threat Lifecycle https://thehackernews.com/2026/02/securing-mid-market-across-complete.html When Cloud Outages Ripple Across the Internet https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html The First 90 Seconds: How Early Decisions Shape Incident Response Investigations https://thehackernews.com/2026/02/the-first-90-seconds-how-early.html The Buyer’s Guide to AI Usage Control https://thehackernews.com/2026/02/the-buyers-guide-to-ai-usage-control.html The Buyer’s Guide to AI Usage Control https://thehackernews.com/2026/02/the-buyers-guide-to-ai-usage-control.html F.商業 F5 透過整合式即時防護，加速企業級大規模 AI 應用部署安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12666 微軟預告將在未來版本Windows預設關閉NTLM功能 https://www.ithome.com.tw/news/173753 Okta 發布 Secure AI 架構與 Cross-App Access 協定 鎖定企業 AI Agents 身份治理需求 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12669 Orchid Security Introduces Continuous Identity Observability for Enterprise Applications https://thehackernews.com/2026/02/orchid-security-introduces-continuous.html Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions https://thehackernews.com/2026/02/eclipse-foundation-mandates-pre-publish.html G.政府 大語言模型建構主動防禦　打造自動化決策支援平台 整合LLM與數據分析技術　推升政府資安治理AI化 https://www.netadmin.com.tw/netadmin/zh-tw/trend/2341EE1B84F84D9B84BF79D50E3C2BE0 臺美經濟繁榮夥伴對話深化數位合作 數發部推進 AI 發展戰略對接 https://www.cio.com.tw/106474/ 台美深化數位合作　數發部推進AI發展戰略對接 https://www.cna.com.tw/news/afe/202602020185.aspx 數發部資安署攜手經濟部中企署與資安院　打造中小企業資安防護體系 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/B367D178825342A4BEA272169367F6C7 數位部攜手經濟部推「免費資安諮詢專線」 幫助台灣中小企業 https://news.pchome.com.tw/science/technice/20260203/index-77010469966862338005.html 建構中小企業數位安全護盾！經濟部推出資安諮詢服務、資安教育影片 https://udn.com/news/story/7238/9306707 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 OT Security, In Practice: 4 Cross‑Industry Trends from Global Assessments and How CISOs Should Respond https://thehackernews.com/expert-insights/2026/01/ot-security-in-practice-4-crossindustry.html 台灣製造業與能源業注意！兩大工控系統漏洞恐成駭客入侵破口 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12675 華芸公告NAS設備存在重大漏洞，若不修補恐遭完整控制設備 https://www.ithome.com.tw/news/173793 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 AI資安新戰場 企業超前部屬防駭 免費體驗 2026/2/11 https://www.accupass.com/event/2502110717236228411690 DEVCORE CONFERENCE 2026 2026/3/14 https://devcore.kktix.cc/events/devcoreconf2026