###### tags: `資安事件新聞週報` # 資安事件新聞週報 2026/1/26 ~ 2026/1/30 1.重大弱點漏洞/後門/Exploit/Zero Day FortiGate 防火牆爆修補繞過危機，Fortinet 證實已更新設備仍遭入侵 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12664 Fortinet公布已被積極利用的FortiCloud單一登入新漏洞，並釋出部分版本的更新程式 https://www.ithome.com.tw/news/173629 Fortinet坦承FortiCloud SSO漏洞修補不全，將再釋出更新 https://www.ithome.com.tw/news/173577 Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html OpenSSL修補加密訊息語法解析的堆疊溢位漏洞，恐致DoS甚至引發RCE https://www.ithome.com.tw/news/173642 美國CISA 緊急示警：五個企業軟體漏洞已被實際攻擊利用，涵蓋 VMware vCenter、Zimbra 等關鍵系統 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12663 CISA警告VMware vCenter重大漏洞CVE-2024-37079已遭濫用 https://www.ithome.com.tw/news/173595 CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html 微軟修補已遭利用的辦公室軟體Office高風險漏洞 https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-actively-exploited-office-zero-day-vulnerability/ 微軟緊急修補已遭利用的Office零時差漏洞 https://www.ithome.com.tw/news/173623 Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation https://thehackernews.com/2026/01/microsoft-issues-emergency-patch-for.html 俄羅斯與中國駭客加入利用WinRAR路徑遍歷漏洞的行列 https://www.ithome.com.tw/news/173638 Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 https://thehackernews.com/2026/01/google-warns-of-active-exploitation-of.html SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass https://thehackernews.com/2026/01/solarwinds-fixes-four-critical-web-help.html CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities https://thehackernews.com/2026/01/cisa-updates-kev-catalog-with-four.html Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score https://thehackernews.com/2026/01/smartermail-fixes-critical.html Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html 工作流程自動化平臺n8n存在重大沙箱繞過漏洞，通過身分驗證的攻擊者有機會接管系統 https://www.ithome.com.tw/news/173678 Google修補Chrome高風險漏洞，Background Fetch API存在實作問題 https://www.ithome.com.tw/news/173677 Ivanti修補行動裝置管理平臺EPMM兩項零時差漏洞 https://www.bleepingcomputer.com/news/security/ivanti-warns-of-two-epmm-flaws-exploited-in-zero-day-attacks/ Gemini的MCP工具存在零時差漏洞，攻擊者可發動RCE攻擊 https://gbhackers.com/gemini-mcp-tool-0-day-vulnerability/ HPE修補Alletra與Nimble系列儲存陣列遠端提升權限漏洞 https://www.ithome.com.tw/news/173579 JavaScript沙箱SandboxJS存在滿分層級的重大沙箱逃逸漏洞 https://securityonline.info/cve-2026-23830-critical-sandboxjs-flaw-cvss-10-allows-total-sandbox-escape/ PHPUnit存在高風險漏洞，恐導致CI/CD管線曝露，攻擊者可竄改程式碼 https://securityonline.info/cve-2026-24765-phpunit-vulnerability-exposes-ci-cd-pipelines-to-rce/ PyTorch安全模式存在漏洞，攻擊者可繞過防護執行任意程式碼 https://securityonline.info/safety-broken-pytorch-safe-mode-bypassed-by-critical-rce-flaw/ HPE Aruba修補高風險OpenSSL弱點 https://securityonline.info/hpe-aruba-patches-high-severity-rce-and-openssl-flaws/ 逾80萬臺採用GNU Inetutils建置的Telnet伺服器存在重大漏洞，臺灣有2.4萬臺曝險 https://www.ithome.com.tw/news/173631 近8萬臺採用GNU InetUtils建置的Telnet伺服器存在重大漏洞CVE-2026-24061 https://www.bleepingcomputer.com/news/security/nearly-800-000-telnet-servers-exposed-to-remote-attacks/ 約10萬個WordPress網站使用的ACF Extended外掛，存在高風險漏洞可讓攻擊者取得管理權限 https://www.ithome.com.tw/news/173570 2.銀行/金融/保險/證券/金融監理 新聞及資安 金管會資安監理政策2026年六大新重點 https://www.ithome.com.tw/news/173594 金融CIO和CISO必看！金管會資安監理政策2026年六大新重點 https://www.ithome.com.tw/news/173594 強化資安、數位監理與創新 金管會 2026 年金融數位治理布局 https://www.cio.com.tw/106344/ 叡揚Vital在金融級資安下 把Agentic AI用進流程 https://www.cna.com.tw/business/chinese/424808 富邦金內外並進守護資產，打造企業信任與防詐核心力 https://www.ithome.com.tw/people/173684 科技防詐 銀行ATM導入臉部遮蔽辨識 https://udn.com/news/story/7239/9298991 3.信用卡/電子支付/行動支付/pay/支付系統/資安 Xsolla攜手擁有650萬使用者的台灣領先行動支付品牌JKOPay，拓展在台灣的支付覆蓋範圍 https://www.businesswire.com/news/home/20260127066578/zh-HK 悠遊付乘車碼再升級！iOS用戶一鍵搭車，首搭贈50%回饋 https://www.cardu.com.tw/mpay/detail.php?61231 LINE Pay 跨境支付結盟韓國機場鐵路 AREX 開拓跨境線上服務新版圖 https://money.udn.com/money/story/5613/9294016 「街口支付」違反兼任規定 銀行局祭今年首張罰單 https://ec.ltn.com.tw/article/breakingnews/5324290 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 北韓駭客Konni利用AI生成PowerShell惡意軟體，鎖定區塊鏈開發人員而來 https://www.ithome.com.tw/news/173596 AI 與加密貨幣成「吃電怪獸」 美國科技耗電量超車多國 2030 年恐引爆電網危機 https://n.yam.com/Article/20260130889584 2025 年加密洗錢貨幣 2.5 兆元，華語犯罪網絡崛起成主要推手 https://finance.technews.tw/2026/01/28/2025-cryptocurrency-money-laundering-is-prevalent-in-the-chinese-speaking-world/ 哈薩克將設立國家加密儲備，資金來源涵蓋查扣加密貨幣 https://zombit.info/kazakhstan-plan-national-crypto-reserve-seized-crypto-as-funding-source/ 美國 SEC 、 CFTC 主席聯手合作，為加密貨幣監管鋪路 https://blockcast.it/2026/01/30/u-s-sec-cftc-chiefs-push-united-front-on-paving-the-way-for-crypto-policies/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 雲端惡意軟體框架VoidLink疑似以AI生成，具開發能力的駭客要求AI根據開發流程，打造近9萬行程式碼的複雜惡意程式 https://www.ithome.com.tw/news/173672 雲端惡意框架VoidLink透過C2即時編譯，廣泛對多種版本Linux核心的環境發動攻擊 https://www.ithome.com.tw/news/173673 AI模型共享平臺Hugging Face遭濫用，駭客用來散布數千個安卓惡意程式 https://www.bleepingcomputer.com/news/security/hugging-face-abused-to-spread-thousands-of-android-malware-variants/ 殭屍網路Aisuru與Kimwolf再度發動大規模DDoS攻擊，創下31.4 Tbps的新紀錄 https://www.bleepingcomputer.com/news/security/aisuru-botnet-sets-new-record-with-314-tbps-ddos-attack/ 惡意PyPI套件仿冒SymPy，鎖定Linux主機投放挖礦程式 https://www.ithome.com.tw/news/173588 惡意軟體測試服務AVCheck遭瓦解，荷蘭警方逮捕疑似實際營運者 https://www.ithome.com.tw/news/173573 勒索軟體Osiris鎖定東南亞餐飲加盟廠商，利用惡意驅動程式Poortry迴避偵測 https://thehackernews.com/2026/01/new-osiris-ransomware-emerges-as-new.html 惡意軟體Amnesia RAT與勒索軟體鎖定俄羅斯而來，駭客濫用Defendbot停用防毒 https://thehackernews.com/2026/01/multi-stage-phishing-campaign-targets.html Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector https://thehackernews.com/2026/01/new-dynowiper-malware-used-in-attempted.html Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers https://thehackernews.com/2026/01/konni-hackers-deploy-ai-generated.html 惡意VS Code延伸套件偽裝成Clawdbot，開發者電腦恐遭遠端完全控制 https://www.ithome.com.tw/news/173649 Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code https://thehackernews.com/2026/01/malicious-vs-code-ai-extensions-with-15.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 WhatsApp新增安全設定，防範高風險個人遭植入監聽軟體 https://www.ithome.com.tw/news/173654 安卓點擊詐欺木馬利用機器學習模型TensorFlow，自動偵測並與廣告互動 https://www.bleepingcomputer.com/news/security/new-android-malware-uses-ai-to-click-on-hidden-browser-ads/ WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware https://thehackernews.com/2026/01/whatsapp-rolls-out-lockdown-style.html TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order https://thehackernews.com/2026/01/tiktok-forms-us-joint-venture-to.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 21種傳統攻擊手法因AI進化，網域冒充問題加劇需正視 https://www.ithome.com.tw/news/173505 針對BGP路由洩露的事故，Cloudflare表示是組態設定出錯造成 https://www.bleepingcomputer.com/news/security/cloudflare-misconfiguration-behind-recent-bgp-route-leak/ 營造業者德昌子公司經典國際遭網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=155443&SPOKE_DATE=20260126&COMPANY_ID=5511 電子業者柏騰資訊系統遭網路攻擊，已採取隔離、檢測、系統復原措施因應 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=140811&SPOKE_DATE=20260127&COMPANY_ID=3518 陸知名個人知識庫平台宣布「無償轉讓」　受AI衝擊恐成時代眼淚 https://www.ettoday.net/news/20260130/3110711.htm 俄羅斯國家級駭客Sandworm鎖定波蘭電力產業，利用惡意軟體DynoWiper抹除資料 https://www.ithome.com.tw/news/173597 針對波蘭電網遭到攻擊有新的調查結果，駭客鎖定分散式能源下手 https://www.ithome.com.tw/news/173655 歐盟擬修訂網路安全法案，強化供應鏈資安管理並限制高風險供應商 https://www.ithome.com.tw/news/173572 愛爾蘭新法草案允許警察使用間諜軟體惹議 https://www.ithome.com.tw/news/173559 北韓駭客Lazarus鎖定歐洲無人機製造商從事網路間諜活動，意圖加速北韓無人機開發 https://gbhackers.com/lazarus-hackers/ Kerberos驗證恐被DNS別名誘導，微軟補強HTTP服務防中繼攻擊 https://www.ithome.com.tw/news/173567 開源AI代理專案Clawdbot竄紅，研究人員警告部分系統出現配置不當，恐讓外人隨意存取機敏資料 https://www.ithome.com.tw/news/173641 為協助警方辦案，微軟傳出曾提供BitLocker復原金鑰給FBI惹議 https://www.ithome.com.tw/news/173599 駭客假借Greenvelope發送邀請函，企圖在受害組織部署遠端管理工具LogMeIn進行滲透 https://thehackernews.com/2026/01/phishing-attack-uses-stolen-credentials.html Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup https://thehackernews.com/2026/01/ex-google-engineer-convicted-for.html Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid https://thehackernews.com/2026/01/russian-electrum-tied-to-december-2025.html Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities https://thehackernews.com/2026/01/experts-detect-pakistan-linked-cyber.html China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023 https://thehackernews.com/2026/01/china-linked-hackers-have-used.html Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries https://thehackernews.com/2026/01/researchers-find-175000-publicly.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 五福旅行社發資安重訊，指出資訊系統有部分資料外流 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=191143&SPOKE_DATE=20260127&COMPANY_ID=2745 音訊串流共享平臺SoundCloud資料外洩，近3千萬帳號遭竊 https://www.bleepingcomputer.com/news/security/have-i-been-pwned-soundcloud-data-breach-impacts-298-million-accounts/ 帳號入侵攻擊在2025年激增超過3倍 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12661 滲透合作公司員工郵件帳號發SharePoint文件共用信，能源公司遭多階段AiTM網釣與BEC鎖定 https://www.ithome.com.tw/news/173612 竊資軟體Amatera Stealer透過ClickFix網釣散布，濫用App-V元件迴避偵測 https://www.ithome.com.tw/news/173653 惡意程式Blackmoon鎖定印度用戶而來，假冒稅務名義從事網釣活動 https://thehackernews.com/2026/01/indian-users-targeted-in-tax-phishing.html SoundCloud後臺輔助儀表板遭未授權存取，HIBP指約2,980萬帳號資料外流 https://www.ithome.com.tw/news/173646 憑證機構LiteSSL遭揭ACME驗證資料重用漏洞，已撤銷143張憑證 https://www.ithome.com.tw/news/173536 運動品牌Under Armour調查客戶電子郵件信箱外洩事故 https://www.securityweek.com/under-armour-looking-into-data-breach-affecting-customers-email-addresses/ 身分驗證服務供應商Okta警告竊取單一登入憑證的語音網釣攻擊活動，傳出是ShinyHunters所為 https://www.ithome.com.tw/news/173581 未設密碼防護的資料庫系統暴露在公開網路，iCloud、Gmail、Netflix等近1.5億筆憑證曝險 https://www.ithome.com.tw/news/173576 駭客宣稱駭入Nike竊得近19萬份檔案 https://www.ithome.com.tw/news/173575 駭客組織ShinyHunters聲稱竊得創業公司資料庫Crunchbase逾200萬筆記錄 https://securityaffairs.com/187340/data-breach/shinyhunters-claims-2-million-crunchbase-records-company-confirms-breach.html Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware https://thehackernews.com/2026/01/multi-stage-phishing-campaign-targets.html Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware https://thehackernews.com/2026/01/indian-users-targeted-in-tax-phishing.html E.研究報告/工具 亞太企業 PKI 老舊，系統中斷與合規風險攀升 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12655 From Triage to Threat Hunts: How AI Accelerates SecOps https://thehackernews.com/2026/01/from-triage-to-threat-hunts-how-ai.html Password Reuse in Disguise: An Often-Missed Risky Workaround https://thehackernews.com/2026/01/password-reuse-in-disguise-often-missed.html Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents https://thehackernews.com/2026/01/who-approved-this-agent-rethinking.html Winning Against AI-Based Attacks Requires a Combined Defensive Approach https://thehackernews.com/2026/01/winning-against-ai-based-attacks.html Badges, Bytes and Blackmail https://thehackernews.com/2026/01/badges-bytes-and-blackmail.html F.商業 量子加密時代來臨，資安託管業成為企業關鍵防線 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12662 從 AI 輔助到 AI 原生：Palo Alto Networks 發布 2026 年六大資安預測，宣告「防禦者之年」來臨 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12660 3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026 https://thehackernews.com/2026/01/3-decisions-cisos-need-to-make-to.html Google Disrupts IPIDEA — One of the World's Largest Residential Proxy Networks https://thehackernews.com/2026/01/google-disrupts-ipidea-one-of-worlds.html CTEM in Practice: Prioritization, Validation, and Outcomes That Matter https://thehackernews.com/2026/01/ctem-in-practice-prioritization.html G.政府 衛福部正式啟動高算力中心暨跨國聯邦學習平臺，要解決公雲的合規局限 https://www.ithome.com.tw/news/173647 神盾衛星參與數位發展部商用衛星應用實驗室開幕 https://www.taisounds.com/news/content/76/239062 數產署啟動台灣首座商用衛星應用實驗室 https://technews.tw/2026/01/30/moda-taiwan-commercial-satellite-application-laboratory/ 外交部與數位發展部攜手合作，整合台灣雄厚數位實力，達成固邦榮邦目標 https://www.mofa.gov.tw/News_Content.aspx?n=95&sms=73&s=121555 抖音等高資安風險 App，學術網路、iTaiwan 禁用 https://infosecu.technews.tw/2026/01/30/tanet-and-itaiwan-ban-tiktok-and-xiaohongshu/ 合勤投控攜手國家資安院簽署MOU 啟動雙向情資聯防 https://money.udn.com/money/story/5635/9293362 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 電動公車遠端連線成國安隱憂　中國宇通巴士遭四國調查 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12665 雲端電動滑板車BLE設計存風險，預設金鑰恐解鎖所有車輛 https://www.ithome.com.tw/news/173671 Dormakaba門禁系統存在漏洞，攻擊者恐遠端開啟大門 https://www.securityweek.com/access-system-flaws-enabled-hackers-to-unlock-doors-at-major-european-firms/ Dormakaba門禁系統爆20項漏洞，入侵內網的攻擊者可任意開門 https://www.ithome.com.tw/news/173667 Pwn2Own Automotive 2026發出逾百萬美元獎金，電動車充電樁成最大攻擊面 https://www.ithome.com.tw/news/173613 生命週期結束的晶睿通訊網路攝影機存在重大漏洞 https://www.ithome.com.tw/news/173615 Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps https://thehackernews.com/2026/01/survey-of-100-energy-systems-reveals.html OT Security, In Practice: 4 Cross‑Industry Trends from Global Assessments and How CISOs Should Respond https://thehackernews.com/expert-insights/2026/01/ot-security-in-practice-4-crossindustry.html I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 用積木學 Scrum - 台中敏捷社群推廣活動 2026/1/31 https://www.accupass.com/event/2512021357487819263820 AI資安新戰場 企業超前部屬防駭 免費體驗 2026/2/11 https://www.accupass.com/event/2502110717236228411690 DEVCORE CONFERENCE 2026 2026/3/14 https://devcore.kktix.cc/events/devcoreconf2026