###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/7/28 ~ 2025/8/1 1.重大弱點漏洞/後門/Exploit/Zero Day 針對6月思科公布的網路存取控制平臺ISE滿分漏洞，研究人員公布細節 https://www.bleepingcomputer.com/news/security/exploit-available-for-critical-cisco-ise-bug-exploited-in-attacks/ SonicWall警告SMA 100系列設備存在重大層級的任意檔案上傳漏洞 https://www.ithome.com.tw/news/170270 SharePoint零時差漏洞ToolShell攻擊範圍擴大，駭客利用CMD執行惡意命令 https://gbhackers.com/multiple-hacker-groups-exploit-sharepoint-0-day-vulnerability/ VMware虛擬機器元件存在重大漏洞VGAuth，攻擊者有機會得到完整存取權限 https://gbhackers.com/critical-vgauth-flaw-in-vmware-tools/ 中國駭客組織「Fire Ant」鎖定VMware虛擬化環境進行長期間諜活動 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12068 美國警告Scattered Spider攻擊升溫，鎖定外包IT服務供應商而來 https://www.cisa.gov/news-events/alerts/2025/07/29/cisa-and-partners-release-updated-advisory-scattered-spider-group Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments https://thehackernews.com/2025/07/fire-ant-exploits-vmware-flaw-to.html Scattered Spider鎖定VMware vSphere而來，部署勒索軟體並竊取資料 https://www.ithome.com.tw/news/170293 Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure https://thehackernews.com/2025/07/scattered-spider-hijacks-vmware-esxi-to.html Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure https://thehackernews.com/2025/07/scattered-spider-hacker-arrests-halt.html CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation https://thehackernews.com/2025/07/cisa-adds-papercut-ngmf-csrf.html 針對今年3月修補的macOS資安漏洞Sploitlight，通報此事的微軟公布細節 https://www.bleepingcomputer.com/news/security/microsoft-macos-sploitlight-flaw-leaks-apple-intelligence-data/ 蘋果針對旗下電腦、行動裝置、電視盒、VR裝置、智慧手錶發布更新，修補已遭利用的Chrome零時差漏洞 https://www.bleepingcomputer.com/news/security/apple-patches-security-flaw-exploited-in-chrome-zero-day-attacks/ Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome https://thehackernews.com/2025/07/apple-patches-safari-vulnerability-also.html Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero https://thehackernews.com/2025/07/google-launches-dbsc-open-beta-in.html Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44 https://thehackernews.com/2025/07/wiz-uncovers-critical-access-bypass.html Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install https://thehackernews.com/2025/07/hackers-exploit-critical-wordpress.html SAP NetWeaver滿分漏洞遭到利用，駭客企圖散布惡意程式Auto-Color https://www.ithome.com.tw/news/170318 聯想桌機韌體存在可用以繞過開機防護的漏洞 https://www.ithome.com.tw/news/170331 AI開發平臺Base44存在身分驗證漏洞，攻擊者有機會存取企業代管的應用程式 https://thehackernews.com/2025/07/wiz-uncovers-critical-access-bypass.html 研究人員揭露Gemini CLI漏洞，可竊取開發人員機密資訊 https://www.ithome.com.tw/news/170322 WordPress外掛Post SMTP存在高風險漏洞，20萬網站恐面臨挾持風險 https://securityaffairs.com/180484/security/critical-wordpress-post-smtp-plugin-flaw-exposes-200k-sites-to-full-takeover.html 列印管理軟體PaperCut存在高風險漏洞，CISA警告已被用於攻擊行動 https://www.bleepingcomputer.com/news/security/cisa-flags-papercut-rce-bug-as-exploited-in-attacks-patch-now/ 彭博社開源資料庫Comdb2存在高風險漏洞，恐導致DoS攻擊 https://gbhackers.com/bloombergs-comdb2-vulnerable/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 駭客組織UNC2891打造挾持ATM的實體後門 https://www.ithome.com.tw/news/170343 UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud https://thehackernews.com/2025/07/unc2891-breaches-atm-network-via-4g.html 金融安全防線：勤業眾信攜手 Thales 引領資料保護新格局 https://www.ithome.com.tw/pr/170306 AI 資安成金融轉型關鍵！勤業眾信：風險不控會反噬營運 https://money.udn.com/money/story/5613/8896380 調查局攜手第一金控 共建國家資通安全防線 https://enn.tw/639806/ 打詐新四法滿週年　富邦金控推動集團級反詐行動 https://www.upmedia.mg/news_info.php?Type=9&SerialNo=236432 富邦金推動集團級反詐行動 「識詐、阻詐、跨業協作」全面強化防線 https://www.cna.com.tw/business/chinese/408553 銀行點數經濟引爆新戰火 銀行公會發行自律規範草案提報金管會 https://money.udn.com/money/story/5613/8907486 錢領不出來？各家銀行 ATM 新制上路，一次看懂提領與轉帳限額 https://abmedia.io/bank-atm-cash-limit-cut-2025 3.信用卡/電子支付/行動支付/pay/支付系統/資安 Visa 攜手 Google Pay 推動車隊卡智慧管理，管理者、駕駛支付效率大提升 https://reurl.cc/lYvOgv 街口倒帳危機引恐慌，行動支付龍頭不保？專家點名：「3巨頭」虎視眈眈，可望成為下一個霸主 https://www.storm.mg/lifestyle/11055324 鐵了心要推！大全聯8/1起停用全支付以外電子支付 LINE Pay、國旅卡都不能用 https://reurl.cc/rYLVrE 預防電子支付詐騙 帳戶勿存大量錢 https://www.worldjournal.com/wj/story/121390/8905464?from=wj_catelistnews 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 美國證券交易委員會宣布啟動Project Crypto，以迎接加密資產的浪潮 https://www.ithome.com.tw/news/170361 美國證券交易委員會推「加密貨幣計畫」搶當全球加幣貨幣之都 https://news.cnyes.com/news/id/6085664 白宮發布《數位資產報告》美國要當加密領導者，但缺了比特幣儲備部分 https://www.blocktempo.com/us-digital-asset-strategy/ 台灣大搶灘加密貨幣！推虛擬資產交易所App看準圈外小白，功能陽春也要「把餅做大」 https://www.bnext.com.tw/article/84026/twex-crypto PayPal發表Pay with Crypto以讓商家接受上百種加密貨幣付款 https://www.ithome.com.tw/news/170296 穩定幣是下一輪全球金融起漲點？從USDT、USDC嗅出中美角力攻防戰 https://money.udn.com/money/story/12040/8910234 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體BlackSuit成員傳出另起爐灶，打造Chaos並提供租用服務 https://www.ithome.com.tw/news/170323 開源木馬程式AsyncRAT衍生逾30款分支惡意軟體 https://www.ithome.com.tw/news/170093 Hive0156鎖定烏克蘭政府與軍事機構，意圖部署Remcos RAT https://gbhackers.com/hive0156-hackers-targeting-government-and-military-organizations/ 執法單位起底勒索軟體BlackSuit的暗網網站 https://www.bleepingcomputer.com/news/security/law-enforcement-seizes-blacksuit-ransomware-leak-sites/ 勒索軟體Medusa傳出攻擊NASCAR，索討400萬美元贖金 https://hackread.com/nascar-ransomware-confirm-medusa-ransomware-data-breach/ 惡意軟體Soco404和Koske鎖定Windows、Linux電腦而來，透過雲端服務散布 https://thehackernews.com/2025/07/soco404-and-koske-malware-target-cloud.html 勒索軟體Gunra開發Linux變種，可透過100個處理器執行序加密檔案 https://www.darkreading.com/threat-intelligence/nimble-gunra-ransomware-linux-variant 駭客組織Silver Fox針對中文用戶散布Windows惡意程式 https://www.ithome.com.tw/news/170281 勒索軟體BlackSuit成員傳出另起爐灶，打造Chaos並提供租用服務 https://www.darkreading.com/cyberattacks-data-breaches/chaos-ransomware-rises-blacksuit-falls 中國駭客聲稱提供達賴喇嘛應用程式，對圖博散布Ghost RAT、PhantomNet https://thehackernews.com/2025/07/china-based-apts-deploy-fake-dalai-lama.html WordPress外掛程式資料夾被植入後門程式，駭客意圖藉此以管理員身分存取網站 https://thehackernews.com/2025/07/hackers-deploy-stealth-backdoor-in.html IT服務供應商Ingram Micro傳出遭攻擊，勒索軟體SafePay聲稱竊得3.5 TB資料 https://www.bleepingcomputer.com/news/security/safepay-ransomware-threatens-to-leak-35tb-of-ingram-micro-data/ CISA開源惡意軟體鑑識平臺Thorium https://www.bleepingcomputer.com/news/security/cisa-open-sources-thorium-platform-for-malware-forensic-analysis/ 惡意軟體Jsceal冒充加密貨幣交易工具，透過臉書廣告散布 https://thehackernews.com/2025/07/hackers-use-facebook-ads-to-spread.html FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant https://thehackernews.com/2025/07/funksec-ransomware-decryptor-released.html Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor https://thehackernews.com/2025/07/cyber-espionage-campaign-hits-russian.html Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks https://thehackernews.com/2025/07/soco404-and-koske-malware-target-cloud.html Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads https://thehackernews.com/2025/07/hackers-breach-toptal-github-publish-10.html Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware https://thehackernews.com/2025/07/hackers-exploit-sap-vulnerability-to.html Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps https://thehackernews.com/2025/07/hackers-use-facebook-ads-to-spread.html Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks https://thehackernews.com/2025/08/storm-2603-exploits-sharepoint-flaws-to.html Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies https://thehackernews.com/2025/07/secret-blizzard-deploys-malware-in-isp.html N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto https://thehackernews.com/2025/07/n-korean-hackers-used-job-lures-cloud.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia's Mobile Networks https://thehackernews.com/2025/07/cybercriminals-use-fake-apps-to-steal.html 中共黑客盯上手機 令世界面臨移動安全危機 https://www.epochtimes.com/b5/25/6/8/n14527068.htm Microsoft 強化 GitHub Copilot 與 Xcode 整合　開發 iOS App 更輕鬆 https://today.line.me/hk/v3/article/2DlxEjz 熱門女性交友App遭駭 逾7萬張照片被竊 https://udn.com/news/story/6811/8899160 iOS 18.6與iPadOS 18.6釋出更新！修復項目與重點內容一次看 https://today.line.me/tw/v3/article/NvkxVkn C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 因應遭到網路攻擊，美明尼蘇達州動員國民兵部隊 https://www.ithome.com.tw/news/170312 ChatGPT分享連結功能可讓Google搜尋到用戶對話，OpenAI緊急關閉 https://www.ithome.com.tw/news/170351 法國電信公司Orange部分企業及消費者服務系統斷線數天，起因是該公司遭遇網攻 https://www.ithome.com.tw/news/170317 法國國防業者Naval Group傳出遭駭，攻擊者竊得1 TB內部資料 https://www.ithome.com.tw/news/170316 俄羅斯航空公司Aeroflot遭駭，近百航班受影響 https://www.ithome.com.tw/news/170321 與駭客組織Silk Typhoon有關的中國公司為網路間諜工具申請專利 https://thehackernews.com/2025/07/chinese-firms-linked-to-silk-typhoon.html 美國女子協助北韓IT工作者滲透逾300家美國企業，判刑8年 https://www.ithome.com.tw/news/170273 U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm https://thehackernews.com/2025/07/us-sanctions-firm-behind-n-korean-it.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 徵信社從駭客網站取得臺灣民眾個資，並轉賣給他人牟利 https://www.ithome.com.tw/news/170357 駭客架設冒牌PyPI網站，企圖竊取套件開發者的帳密資料 https://www.ithome.com.tw/news/170341 易飛網傳出客戶資料外洩 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=184602&SPOKE_DATE=20250725&COMPANY_ID=2734 安聯人壽美國分公司傳出遭勒索軟體ShinyHunters攻擊，140萬人個資恐外洩 https://www.ithome.com.tw/news/170278 俄羅斯駭客Secret Blizzard鎖定大使館而來，濫用ISP發動AiTM網釣 https://www.ithome.com.tw/news/170355 俄羅斯駭客APT28利用AI發動網釣，散布惡意軟體Lamehug https://thehackernews.com/2025/07/cert-ua-discovers-lamehug-malware.html Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials https://thehackernews.com/2025/07/experts-detect-multi-layer-redirect.html 駭客組織UNG0002鎖定中國、香港、巴基斯坦，利用LNK檔案從事攻擊 https://www.ithome.com.tw/news/170213 Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files https://thehackernews.com/2025/07/patchwork-targets-turkish-defense-firms.html How the Browser Became the Main Cyber Battleground https://thehackernews.com/2025/07/how-browser-became-main-cyber.html E.研究報告/工具 強化Prompt安全性成當務之急，從MCP生命週期、Agentic系統構成看資安挑戰 https://www.ithome.com.tw/news/170300 Overcoming Risks from Chinese GenAI Tool Usage https://thehackernews.com/2025/07/overcoming-risks-from-chinese-genai.html Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach https://thehackernews.com/2025/07/email-security-is-stuck-in-antivirus.html Why React Didn't Kill XSS: The New JavaScript Injection Playbook https://thehackernews.com/2025/07/why-react-didnt-kill-xss-new-javascript.html You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them https://thehackernews.com/2025/08/you-are-what-you-eat-why-your-ai.html F.商業 Google釋出OSS Rebuild確保開源套件安全 https://www.ithome.com.tw/news/170265 EDR Detects, EPM Prevents. Why Using Both is a Winning Formula for Modern Endpoint Protection https://thehackernews.com/expert-insights/2025/07/edr-detects-epm-prevents-why-using-both.html Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs https://thehackernews.com/2025/07/alert-fatigue-data-overload-and-fall-of.html Palo Alto Networks以250億美元併購身分安全業者CyberArk https://www.ithome.com.tw/news/170334 為保護用戶隱私，Brave、AdGuard加入封鎖Windows 11 Recall功能的行列 https://www.ithome.com.tw/news/170279 G.政府 思科攜手資安院啟動NPO資安共學計畫　助力第三部門強化資訊防護與永續發展 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12062 中華電信表示已完成商業及政府機關網站憑證換發 https://www.ithome.com.tw/news/170301 文化部提出文化藝術應用生成式AI指引，說明生成式AI應用潛在風險 https://www.ithome.com.tw/news/170362 數位發展部攜手民間推動次世代通訊應用 「星韌通訊」展現臺灣自主衛星通訊與資安整合實力 https://moda.gov.tw/ADI/news/latest-news/16942 數發部發布「AI產業人才認定指引」：鏈結培訓、認證能量打造生態系 https://www.gvm.com.tw/article/123164 強化資通安全 基隆醫院配合稽核全面提升 https://www.cdns.com.tw/articles/1259311 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 組織大幅提升對OT網路安全重視度，超過九成納入最高管理層職責 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12060 Mitel整合式通訊系統MX-ONE存在重大漏洞，恐被用於繞過身分驗證 https://www.ithome.com.tw/news/170271 Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems https://thehackernews.com/2025/07/critical-mitel-flaw-lets-hackers-bypass.html Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide https://thehackernews.com/2025/07/critical-flaws-in-niagara-framework.html I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 物聯網邊緣運算與資安實戰 2025/8/2 https://www.accupass.com/event/2412260751154280345070 AI Articulators Toastmasters: Machine Learning in Society 2025/8/2 https://www.meetup.com/ai-articulators-toastmasters-meetup-group/events/310203997/ WEEK 2: Build a Serverless API with Lambda & API Gateway 2025/8/3 https://www.meetup.com/aws-cloud-club-at-cebu-technological-university/events/310209756/ Algorithms Study Group! 2025/8/5 https://www.meetup.com/codeseoul/events/308548110/ Silicon Valley Business Networking (Online) 2025/8/5 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/310260502/ FI Japan/ Korea /Taiwan Joint Global 2025 Spring Cohort Graduation 2025/8/5 https://www.meetup.com/tokyo-startup-founder-101/events/310124335/ Beginner Tambayan Tuesdays 2025/8/5 https://www.meetup.com/data-engineering-pilipinas/events/310228223/ 一頁逆向，十分鐘原型：AI 副駕拆站打造 MVP 的極速流程 2025/8/6 https://www.accupass.com/event/2507220806121316663920 Fine-tuning local LLM for specific tasks 2025/8/7 https://www.meetup.com/pydata-hong-kong/events/310098576/ 【Tech Talk 踢拖講科技】從「算力」到「戰力」：中小企 AI 落地行動指南 2025/8/8 https://www.meetup.com/meetups-hk-science-park/events/310121266/ COSCUP x RubyConf Taiwan 2025 2025/8/9 https://www.accupass.com/event/2507150546509433708170 GitLab 的真相時刻：CE 還是 EE 2025/8/13 https://www.accupass.com/event/2507140739432001286350 Build Fast, Build Smart: How Founders Can Kickstart Their MVP & Tech Stack 2025/8/13 https://www.meetup.com/manila-startup-founder-101/events/309982665/ AI 時代下的系統分析與設計的 7 堂課 2025/8/15 https://mystudyway.kktix.cc/events/analysis-for-ai HITCON 2025 台灣駭客年會 2025/8/15 ~ 2025/8/16 https://hitcon.kktix.cc/events/hitcon-2025 [ONLINE] EE Business Networking (free!) 2025/8/16 https://www.meetup.com/cebu-business-networking/events/ 物聯網資訊安全實務 2025/8/16 https://www.accupass.com/event/2506270910121558046175 用 30 分鐘學會 Apigee 全面守護資料安全 |《API 治理升級，迎戰資安與法遵挑戰》 2025/ 8/19 https://www.accupass.com/event/2507170605488819292550 Drupal PH Online Meetup (Aug. 2025): Presentation of DrupalCon Nara Japan 2025/ 8/19 https://www.meetup.com/drupal-ph/events/308865542/ Webinar Introduction: ITSM, Open Source, and a Deep Dive into iTop CMDB 2025/8/19 https://www.meetup.com/itsmbkk/events/308959293/ ONLINE 🌟 Info Session for Le Wagon's PART-TIME coding & AI bootcam ps2025/ 8/19 https://www.meetup.com/le-wagon-tokyo-coding-station/events/310223561/ 2025年8月-iPAS 資訊安全工程師(初級)能力培訓班-高雄場 2025/8/21 https://www.accupass.com/event/2504240921341381390216 Elastic AI 實戰：透過實機操作體驗主動式可觀測性與故障排除 2025/8/21 https://www.accupass.com/event/2506160332041624033313 [On-Line] AWS Global Community Gatherings #10 2025/8/22 https://www.meetup.com/awsglobalcommunitygatherings/events/307473399/ Saturday AI Hangout with Zack Lim 2025/8/23 https://www.meetup.com/internet-entrepreneurs-network-thailand/events/310143607/ NISRA Enlightened 2025 2025/8/25 ~ 2025/8/28 https://nisra.kktix.cc/events/2025enlightened 資安事件比你想像更靠近！ |《主動式防禦，從 Google SecOps 開始！》 2025/ 8/27 https://www.accupass.com/event/2507250822501753616659 MaiCoin 反詐騙講座 2025/ 8/27 https://www.accupass.com/event/2506290707563443008580 Taipei dbt Meetup #39 GenBI 2025/8/28 https://www.meetup.com/taipei-dbt-meetup/events/310250569/ API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965