資安事件新聞週報 2025/12/01 ~ 2025/12/05

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/12/01 ~ 2025/12/05 1.重大弱點漏洞/後門/Exploit/Zero Day SonicWall修補防火牆、郵件安全閘道漏洞 https://www.ithome.com.tw/news/172407 微軟傳出暗中試圖緩解已遭利用的LNK零時差漏洞 https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-lnk-flaw-exploited-as-zero-day/ 鳳凰城大學遭遇Oracle EBS零時差漏洞攻擊 https://www.ithome.com.tw/news/172638 賓州大學Oracle EBS遭駭，1500人資料外洩 https://www.ithome.com.tw/news/172587 CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.html SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities https://thehackernews.com/2025/12/secalerts-cuts-through-noise-with.html 多組中國駭客從事React伺服器元件滿分漏洞利用活動 https://www.ithome.com.tw/news/172651 React 19伺服器元件出現RCE零驗證漏洞，波及Next.js等多個框架 https://www.ithome.com.tw/news/172628 Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html Nvidia修補DGX Spark重大漏洞，可能導致AI系統遭接管 https://www.ithome.com.tw/news/172650 GitLab修補兩高風險漏洞，涵蓋CI/CD快取憑證外洩與DoS弱點 https://www.ithome.com.tw/news/172524 WordPress外掛King Addons存在重大漏洞，恐有數千個網站曝險 https://www.securityweek.com/critical-king-addons-vulnerability-exploited-to-hack-wordpress-sites/ 2.銀行/金融/保險/證券/金融監理新聞及資安 GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections https://thehackernews.com/2025/12/goldfactory-hits-southeast-asia-with.html 南韓 MSP 遭駭波及 24 家金融業台灣企業應提高供應鏈資安警覺 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12492 勒索軟體Qilin對韓國金融業者發起供應鏈攻擊Korean Leaks，背後疑似北韓駭客所為 https://www.ithome.com.tw/news/172550 FBI警告今年歹徒假冒銀行客服已騙走2.62億美元 https://www.bleepingcomputer.com/news/security/fbi-cybercriminals-stole-262-million-by-impersonating-bank-support-teams-since-january/ 《大陸金融》官方示警金融應用小程序引發資安疑慮 https://www.sinotrade.com.tw/richclub/news/69310ede8ff59b56a6f18914 雲端平台多代理架構　協助企業強化韌性與落地成效代理式AI協作成軍　驅動金融數位轉型創新 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/9E79B808BD864B15870D9F9701E85CEB 誰說銀行 App 不能橫著用？國泰世華CUBE App以通用設計為核心，突破框架實現金融友善體驗 https://www.cw.com.tw/article/5138313 中國影子銀行捲土重來借貸成本逾3倍金融系統恐爆雷 https://ec.ltn.com.tw/article/breakingnews/5269317 阻詐20.8億公股銀居首！臺灣銀行以AI防詐、數位券結合安養信託獲財金資訊年會雙獎 https://news.cnyes.com/news/print/6260752 3.信用卡/電子支付/行動支付/pay/支付系統/資安 LINE Pay money和LINE Pay差異在哪？搞懂功能和啟用方式 https://mrmad.com.tw/line-pay-vs-line-pay-money-difference LINE Pay Money 上線，信用卡綁定自動移轉、LINE POINTS 照常使用 https://www.techbang.com/posts/126781-line-pay-money-launched-credit-card-line-points 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安中國互聯網金融協會等七家協會聯合發布關於防範涉虛擬貨幣等非法活動的風險提示 https://m.cnyes.com/news/id/6262935 IMF 示警穩定幣風險：加速「貨幣替代」、削弱央行資本管制 https://blockcast.it/2025/12/05/imf-warns-stablecoins-may-accelerate-currency-substitution/ IMF 警告：穩定幣將如「木馬屠城」侵蝕央行貨幣主權 https://www.blocktempo.com/imf-warning-stablecoins-us-hegemony/ 中國將穩定幣列為非法虛擬貨幣，稱有洗錢詐騙風險 https://technews.tw/2025/12/03/stablecoin-china-illegal/ Mt Pelerin 推出加密貨幣國際銀行帳戶號碼 https://money.udn.com/money/story/123828/9182985?from=edn_related_storybottom 台灣幣圈網紅遭設局綁架，轉走 17 萬鎂加密貨幣！社群起底推銷資金盤黑歷史 https://abmedia.io/taiwan-crypto-rug-chenhao Signature Bank倒閉後原班人馬再開「N3XT銀行」，主打區塊鏈架設、24/7可編程支付 https://www.blocktempo.com/signature-bank-execs-launch-n3xt/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC ClickFix攻擊新變種JackFix 利用假冒Windows更新畫面散布多種惡意程式 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12501 Array Networks旗下VPN設備資安漏洞遭利用，攻擊者以此植入Web Shell https://www.ithome.com.tw/news/172652 殭屍網路Aisuru再度發動大規模DDoS攻擊，29.7 Tbps創紀錄 https://www.ithome.com.tw/news/172646 NPM蠕蟲Shai-Hulud 2.0攻擊活動仍在持續，恐曝露40萬組開發機敏資料 https://www.ithome.com.tw/news/172599 蠕蟲程式Glassworm三度現身，鎖定熱門工具與開發框架而來 https://www.bleepingcomputer.com/news/security/glassworm-malware-returns-in-third-wave-of-malicious-vs-code-packages/ 蠕蟲程式GlassWorm出現第三波大規模攻擊，鎖定熱門工具與開發框架而來 https://www.ithome.com.tw/news/172595 鴻海旗下連接器製造商鴻騰精密傳出遭勒索軟體INC Ransom攻擊 https://www.ithome.com.tw/news/172592 伊朗駭客MuddyWater鎖定以色列而來，散布後門程式MuddyViper https://thehackernews.com/2025/12/iran-linked-hackers-hits-israeli_2.html 駭客組織ShadyPanda透過瀏覽器延伸套件市集，散布間諜軟體與後門程式 https://www.ithome.com.tw/news/172570 惡意AI工具WormGPT 4與KawaiiGPT在地下論壇與Telegram頻道出現，被用於自動化網路犯罪 https://www.ithome.com.tw/news/172574 駭客組織ShinyHunters傳出轉換領域，打造專屬的勒索軟體 https://gbhackers.com/ransomware-as-a-service-tool/ 連鎖藥局大樹遭勒索軟體攻擊，部分檔案被加密 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=221145&SPOKE_DATE=20251130&COMPANY_ID=6469 俄羅斯駭客RomCom鎖定美國土木工程公司而來，散布Mythic Agent https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html Threat Actors Exploit Foxit PDF Reader to Seize System Access and Steal Data https://gbhackers.com/foxit-pdf-reader/ Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan https://thehackernews.com/2025/11/bloody-wolf-expands-java-based.html New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control https://thehackernews.com/2025/12/new-albiriox-maas-malware-targets-400.html North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware https://thehackernews.com/2025/12/shadypanda-turns-popular-browser.html Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code https://thehackernews.com/2025/12/picklescan-bugs-allow-malicious-pytorch.html Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems https://thehackernews.com/2025/12/malicious-rust-crate-delivers-os.html Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery https://thehackernews.com/2025/12/intellexa-leaks-reveal-zero-days-and.html Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China https://thehackernews.com/2025/12/silver-fox-uses-fake-microsoft-teams.html Predator spyware uses new infection vector for zero-click attacks https://www.bleepingcomputer.com/news/security/predator-spyware-uses-new-infection-vector-for-zero-click-attacks/ Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code https://thehackernews.com/2025/12/picklescan-bugs-allow-malicious-pytorch.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 WhatsApp 用戶個資曝險：研究揭 API 漏洞可大規模取得手機號碼、照片與個人資訊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12491 針對研究人員發現的全程加密弱點，LINE提出說明 https://www.ithome.com.tw/news/172462 印度政府要求智慧型手機製造商要預裝當地安全程式 https://www.ithome.com.tw/news/172563 印度撤回要手機業者安裝Sanchar Saathi安全程式的命令 https://www.ithome.com.tw/news/172635 Google發布12月安卓例行更新，修補2項零時差漏洞 https://www.ithome.com.tw/news/172588 Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild https://thehackernews.com/2025/12/google-patches-107-android-flaws.html India Orders Phone Makers to Pre-Install Government App to Tackle Telecom Fraud https://thehackernews.com/2025/12/india-orders-phone-makers-to-pre.html India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse https://thehackernews.com/2025/12/india-orders-messaging-apps-to-work.html AI Bolsters Python Variant of Brazilian WhatsApp Attacks https://www.darkreading.com/cyberattacks-data-breaches/ai-python-variant-brazilian-whatsapp-attacks C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力洗錢防制+資安雙重壓力，VASP業者迎「高度監管」新時代 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12488 中國駭客利用Brickstorm對VMware虛擬化平臺下手，從事網路間諜活動 https://www.ithome.com.tw/news/172654 華碩的一家供應商遭駭，駭客可能竊取包含相機原始碼在內的1 TB內部資料 https://www.ithome.com.tw/news/172642 北韓駭客假借徵才名義，濫用合法工程師的身分謀取歐美公司的遠距工作 https://www.bleepingcomputer.com/news/security/north-korea-lures-engineers-to-rent-identities-in-fake-it-worker-scheme/ 中國駭客APT31鎖定俄羅斯IT產業而來，利用雲端服務從事網路攻擊 https://thehackernews.com/2025/11/china-linked-apt31-launches-stealthy.html 瑞士政府呼籲轄下機關避免使用M365等美國雲端服務 https://www.ithome.com.tw/news/172565 APT駭客Tomiris鎖定俄羅斯外交部、政府機關、國際政府合作組織下手 https://thehackernews.com/2025/12/tomiris-shifts-to-public-service.html 'MuddyWater' Hackers Target Israeli Orgs With Retro Game Tactic https://www.darkreading.com/threat-intelligence/muddywater-hackers-israeli-orgs-retro-game JPCERT Confirms Active Command Injection Attacks on Array AG Gateways https://thehackernews.com/2025/12/jpcert-confirms-active-command.html CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems https://thehackernews.com/2025/12/cisa-reports-prc-hackers-using.html Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts https://thehackernews.com/2025/12/record-297-tbps-ddos-attack-linked-to.html ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories https://thehackernews.com/2025/12/threatsday-bulletin-wi-fi-hack-npm-worm.html North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera https://thehackernews.com/2025/12/researchers-capture-lazarus-apts-remote.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全小紅書成詐騙高風險平臺且不配合國內偵查，內政部祭出網路停止解析及限制接取一年處分 https://www.ithome.com.tw/news/172645 加拿大電信業者Freedom Mobile資料外洩，傳出駭客入侵客戶管理平臺得逞 https://www.bleepingcomputer.com/news/security/freedom-mobile-discloses-data-breach-exposing-customer-data/ 法國DIY零售業者Leroy Merlin遭網路攻擊，客戶部分資料外洩 https://www.bleepingcomputer.com/news/security/french-diy-retail-giant-leroy-merlin-discloses-a-data-breach/ 研究人員針對560萬個GitLab公開儲存庫進行調查，曝露超過1.7萬組有效的雲端憑證 https://www.ithome.com.tw/news/172583 法國足球協會遭網攻，會員資料外洩 https://www.ithome.com.tw/news/172591 假線上會議濫用Calendly平臺，駭客冒充知名品牌誘騙Google與Meta廣告管理員帳號 https://www.bleepingcomputer.com/news/security/fake-calendly-invites-spoof-top-brands-to-hijack-ad-manager-accounts/ 韓國大型電子商務平臺酷澎外洩3,370萬用戶資料，傳中國籍員工所為 https://www.ithome.com.tw/news/172539 針對9月勒索軟體攻擊事故，朝日啤酒表示近200萬人個資外洩 https://www.ithome.com.tw/news/172537 Zendesk企業客戶疑遭假工單網釣，駭客揚言還有下一波 https://www.ithome.com.tw/news/172538 駭客組織ToddyCat竊取OAuth權杖，入侵M365與Outlook雲端環境 https://thehackernews.com/2025/11/toddycats-new-hacking-tools-steal.html E.研究報告/工具 2025臺灣網路惡意活動數量居高不下，在亞太地區名列前茅 https://www.ithome.com.tw/news/172534 Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants https://thehackernews.com/2025/11/ms-teams-guest-access-can-remove.html Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets https://thehackernews.com/2025/12/tomiris-shifts-to-public-service.html Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage https://thehackernews.com/2025/12/chopping-ai-down-to-size-turning.html F.商業 Fortinet 發布 2026 資安預測：AI 代理驅動攻防加速戰、回應時間壓縮成決勝點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12495 微軟AI代理戰略大升級，從開發工具延伸到全企業AI治理 https://www.ithome.com.tw/news/172641 Why Organizations Are Turning to RPAM https://thehackernews.com/2025/11/why-organizations-are-turning-to-rpam.html Smarter Access, Better Protected Data, Faster Audits: Enhancing Your Insider Threat Defense https://thehackernews.com/expert-insights/2025/11/smarter-access-better-protected-data.html Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update https://thehackernews.com/2025/11/microsoft-to-block-unauthorized-scripts.html Beyond Point-in-Time: The ROI Case for Continuous Pentesting https://thehackernews.com/expert-insights/2025/12/beyond-point-in-time-roi-case-for.html "Getting to Yes": An Anti-Sales Guide for MSPs https://thehackernews.com/2025/12/getting-to-yes-anti-sales-guide-for-msps.html G.政府資安署114年10月資安月報：鍵盤排序密碼成破口；Internet Archive遭濫用躲避偵測 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12489 數發部警告抖音、微信、小紅書等5款App存在高資安風險，可能洩露資料至中國 https://www.ithome.com.tw/news/172598 AI時代下的北市府資安治理實務：用AI對付AI https://www.ithome.com.tw/news/172568 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安華碩警告 AiCloud 路由器存在嚴重身分驗證繞過漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12499 華碩修補路由器8項漏洞　影響啟用AiCloud服務的設備 https://www.ithome.com.tw/news/172517 殭屍網路ShadowV2鎖定D-Link、TP-Link、永恒數位連網設備而來，藉由AWS服務中斷進行測試 https://www.ithome.com.tw/news/172553 CISA指出OpenPLC ScadaBR漏洞CVE-2021-26829遭到利用 https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.html I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會國立臺北商業大學資管系AI賦能論壇 2025/12/6 https://www.accupass.com/event/2510150928422567903790 2025 INSIDE Future Day｜人機共築未來新紀元：Next - Gen AI Agents 2025/12/9 https://www.accupass.com/event/2508170359001755695360 軟體開發安全意識與 .NET/Java 安全程式開發課程 2025/12/11-2025/12/12 https://www.accupass.com/event/2501021437092334513410