---
# System prepended metadata

title: 資安事件新聞週報 2026/2/23  ~  2026/2/27
tags: [資安事件新聞週報]

---

###### tags: `資安事件新聞週報`
# 資安事件新聞週報 2026/2/23  ~  2026/2/27

1.重大弱點漏洞/後門/Exploit/Zero Day
BeyondTrust 修補遠端存取產品的預驗證遠端程式碼執行漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12706

BeyondTrust RS與PRA存在命令注入漏洞，CISA列KEV限期修補
https://www.ithome.com.tw/news/173977

兆勤緊急修補網路設備產品重大指令注入漏洞
https://www.ithome.com.tw/news/174089

博通修補VMware Aria Operations三項漏洞，高風險命令注入漏洞可導致遠端程式碼執行
https://www.ithome.com.tw/news/174059

思科修補SD-WAN系統滿分零時差漏洞，駭客在3年前就用於實際攻擊
https://www.ithome.com.tw/news/174074

Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
https://thehackernews.com/2026/02/cisco-sd-wan-zero-day-cve-2026-20127.html

Windows Server 2016、Windows 10 Enterprise LTSB 2016即將終止技術支援、微軟公布ESU方案
https://www.ithome.com.tw/news/174063

駭客濫用AI在55個國家入侵逾600個組態配置不當的Fortinet防火牆，企圖發動勒索軟體攻擊
https://www.ithome.com.tw/news/173996

Amazon 揭露 AI 駭客攻擊行動：五週內入侵逾 600 台 Fortinet 防火牆
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12718

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
https://thehackernews.com/2026/02/ai-assisted-threat-actor-compromises.html

Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
https://thehackernews.com/2026/02/defense-contractor-employee-jailed-for.html

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
https://thehackernews.com/2026/02/solarwinds-patches-4-critical-serv-u.html

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
https://thehackernews.com/2026/02/cisa-confirms-active-exploitation-of.html

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
https://thehackernews.com/2026/02/cisa-adds-two-actively-exploited.html

GitHub Copilot爆RoguePilot提示詞注入弱點，可濫用GITHUB_TOKEN影響CI/CD流程安全
https://www.ithome.com.tw/news/174056

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
https://thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html

Google發布Chrome 145更新，PDFium與V8兩項高風險漏洞恐致任意程式碼執行
https://www.ithome.com.tw/news/173998

Google修補Chrome高風險漏洞CVE-2026-2441，並警告已遭實際利用
https://www.ithome.com.tw/news/173972

美國警告郵件伺服器Roundcube兩項高風險漏洞已被用於實際攻擊，要求聯邦機構限期修補
https://thehackernews.com/2026/02/cisa-adds-two-actively-exploited.html

Dell虛擬機器資料復原軟體出現滿分零日漏洞，疑似中國駭客潛伏利用超過一年
https://www.ithome.com.tw/news/173975

Splunk Enterprise Windows版存在DLL劫持漏洞，恐成SYSTEM提權跳板
https://www.ithome.com.tw/news/174051

ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
https://thehackernews.com/2026/02/threatsday-bulletin-kali-linux-claude.html

2.銀行/金融/保險/證券/金融監理 新聞及資安
親俄駭客UAC-0050利用偽造網域及惡意軟體RMS，攻擊歐洲金融機構
https://thehackernews.com/2026/02/uac-0050-targets-european-financial.html

駭客冒用公務員帳密入侵FICOBA，法國120萬筆銀行帳戶資料恐外洩
https://www.ithome.com.tw/news/173994

安卓金融木馬Massiv冒充IPTV應用程式散布，駭客企圖以受害者名義開設帳戶洗錢及貸款
https://www.bleepingcomputer.com/news/security/new-massiv-android-banking-malware-poses-as-an-iptv-app/

上海銀行1.4萬筆個資外洩案　「內鬼」曝光
https://www.ettoday.net/news/20260227/3123830.htm

3.信用卡/電子支付/行動支付/pay/支付系統/資安
萬事達卡攜手財金公司 擴大導入交易偵測系統、詐欺比率首月下降3成
https://udn.com/news/story/7239/9341200

Samsung Wallet 與銀聯國際合作提升電子錢包體驗
https://www.aastocks.com/tc/stocks/news/infocast-news/IC4852378/1

XTransfer 獲馬來西亞國家銀行批准關鍵支付牌照
https://itpromag.com/2026/02/26/xtransfer-5/

蘋果與印度多家銀行洽談 擬推出當地支付服務
https://wantrich.chinatimes.com/news/20260226900759-420201

又有詐騙新手法！假銀行「交易通知」　一點信用卡個資全外洩
https://news.tvbs.com.tw/local/3134618

網傳信件「悠遊卡雲端發票中獎通知」
https://tfc-taiwan.org.tw/fact-check-reports/fake-easycard-invoice-winning-email-scam-protection/

台灣又有詐騙新招！最近一堆人上當「沒買東西慘被盜刷」，這些平台一堆人都在用
https://www.storm.mg/lifestyle/11105386

4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安
2026年初的加密貨幣風險投資
https://news.cnyes.com/news/id/6356128

戰爭一來資產全失效？無實體、可跨境、能保值 加密貨幣成戰時最強保命符
https://reurl.cc/mkWGdj

全球加密貨幣持有者破 7 億！BitGo 報告：傳統銀行不跟上，存款就要大逃殺
https://www.blocktempo.com/number-of-global-crypto-holders-surpasses-700-million/

台版穩定幣要來了？六大法則守住數位錢包
https://www.gvm.com.tw/article/128294

中國報告:美利用霸權奪2340億虛擬貨幣
https://reurl.cc/YkM9lL

監管細則超出法條預期？OCC 提案挑戰穩定幣獎勵邊界，加密業界如何應對
https://zombit.info/occ-proposal-challenges-stablecoin-reward-boundaries/

盜版Office安裝檔成誘餌，XMRig挖礦攻擊濫用驅動程式漏洞並可透過USB擴散
https://www.ithome.com.tw/news/174023

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
https://thehackernews.com/2026/02/wormable-xmrig-campaign-uses-byovd.html

ClickFix攻擊手法再進化：假冒CAPTCHA驗證竊取加密錢包與瀏覽器憑證
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12717

惡意NPM套件發動SANDWORM_MODE蠕蟲攻擊，竊取加密貨幣金鑰與CI/CD機密，還鎖定AI開發工具
https://www.ithome.com.tw/news/174009

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
https://thehackernews.com/2026/02/malicious-npm-packages-harvest-crypto.html

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
中國駭客Silver Fox假借稅務及電子發票名義，在臺灣散布惡意軟體Winos 4.0
https://www.ithome.com.tw/news/174048

中亞電信公司遭鎖定，中國駭客散布後門程式LuciDoor與MarsSnake
https://thehackernews.com/2026/02/unsolicitedbooker-targets-central-asian.html

駭客組織GrayCharlie滲透WordPress網站，意圖散布竊資軟體與NetSupport RAT
https://gbhackers.com/graycharlie-hacks-wordpress/

北韓駭客Lazarus使用勒索軟體Medusa在美國與中東發動攻擊
https://www.ithome.com.tw/news/174050

伊朗駭客MuddyWater鎖定中東與北非企業組織，散布惡意程式GhostFetch、CHAR、HTTP_VIP
https://thehackernews.com/2026/02/muddywater-targets-mena-organizations.html

駭客透過自帶驅動程式攻擊與時間邏輯炸彈，部署可自我擴散的挖礦軟體
https://thehackernews.com/2026/02/wormable-xmrig-campaign-uses-byovd.html

半導體測試設備大廠愛德萬測試遭勒索軟體攻擊，客戶與員工資料恐外洩
https://www.ithome.com.tw/news/173989

日本華盛頓飯店遭勒索軟體竊取資料
https://www.ithome.com.tw/news/173974

羅馬尼亞國營油管營運商遭Qilin勒索軟體攻擊竊取資料
https://www.ithome.com.tw/news/173956

假面試題庫藏後門，微軟揭惡意Next.js儲存庫濫用VS Code自動任務竊取開發者憑證
https://www.ithome.com.tw/news/174066

勒索軟體Reynolds內建易受攻擊的驅動程式，企圖癱瘓受害電腦的端點防護機制
https://www.security.com/threat-intelligence/black-basta-ransomware-byovd

竊資軟體Arkanix透過AI輔助開發，能從瀏覽器攔截OAuth 2.0權杖
https://www.bleepingcomputer.com/news/security/arkanix-stealer-pops-up-as-short-lived-ai-info-stealer-experiment/

駭客利用BeyondTrust重大漏洞從事攻擊，意圖散布Web Shell與後門VShell、SparkRAT
https://www.ithome.com.tw/news/174012

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
https://thehackernews.com/2026/02/beyondtrust-flaw-used-for-web-shells.html

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
https://thehackernews.com/2026/02/clickfix-campaign-abuses-compromised.html

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
https://thehackernews.com/2026/02/trojanized-gaming-tools-spread-java.html

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
https://thehackernews.com/2026/02/lazarus-group-uses-medusa-ransomware-in.html

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
https://thehackernews.com/2026/02/unsolicitedbooker-targets-central-asian.html

APT28 Targeted European Entities Using Webhook-Based Macro Malware
https://thehackernews.com/2026/02/apt28-targeted-european-entities-using.html

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
https://thehackernews.com/2026/02/uac-0050-targets-european-financial.html

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
https://thehackernews.com/2026/02/fake-nextjs-repos-target-developers.html

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
https://thehackernews.com/2026/02/malicious-stripeapi-nuget-package.html

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown
https://thehackernews.com/2026/02/aeternum-c2-botnet-stores-encrypted.html

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
https://thehackernews.com/2026/02/uat-10027-targets-us-education-and.html

B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
Apple 緊急修補遭「極精密攻擊」利用的零時差漏洞 影響 iPhone、Mac 等全線產品
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12704

蘋果iOS 26.3修補「極複雜」零時差漏洞
https://www.ithome.com.tw/news/173951

心理健康App曝上千漏洞，治療紀錄恐成高價黑市資料
https://www.ithome.com.tw/news/174014

新型態安卓惡意軟體PromptSpy濫用Gemini持續在受害裝置活動
https://www.ithome.com.tw/news/174001

安卓後門程式Keenadu透過OTA更新與Google Play市集散布，目的是透過受害裝置從事廣告詐欺
https://www.bleepingcomputer.com/news/security/new-keenadu-backdoor-found-in-android-firmware-google-play-apps/

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
NIST啟動AI代理標準倡議力促互通與安全
https://www.ithome.com.tw/news/173983

國際刑警組織與非洲16國聯手打詐，逮捕651人、追回430萬美元
https://www.ithome.com.tw/news/173999

矽谷3名工程師被控竊取Google處理器商業機密，資料疑流向伊朗
https://www.ithome.com.tw/news/174000

美國CISA下令聯邦機構移除不再受支援的邊緣設備降低駭侵風險
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12710

駭客利用探測工具ILovePoop尋找重大漏洞React2Shell
https://www.darkreading.com/application-security/attackers-new-tool-scan-react2shell-exposure

俄羅斯駭客APT28鎖定歐洲企業組織下手，散布以Webhook為基礎打造的巨集惡意軟體
https://thehackernews.com/2026/02/apt28-targeted-european-entities-using.html

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
https://thehackernews.com/2026/02/cline-cli-230-supply-chain-attack.html

Anthropic發聲明回應軍方施壓，拒撤監控與自主武器紅線
https://www.ithome.com.tw/news/174086

Anthropic收購Vercept　強化Claude電腦使用能力
https://www.ithome.com.tw/news/174084

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model
https://thehackernews.com/2026/02/anthropic-says-chinese-ai-firms-used-16.html

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning
https://thehackernews.com/2026/02/anthropic-launches-claude-code-security.html

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
IT外包商Conduent資料外洩影響再擴大，波及逾2,500萬人
https://www.ithome.com.tw/news/174036

精品業者LV、Dior、Tiffany發生資料外洩事故，韓國開罰2,500萬美元
https://www.ithome.com.tw/news/173967

酷澎韓國資料外洩事故最新調查結果出爐，臺灣逾20萬用戶受影響
https://www.ithome.com.tw/news/174032

隱藏號碼成詐騙新破口，NCC與三大電信聯手將以語音警示提高民眾警覺心
https://www.ithome.com.tw/news/174049

AI造假訊息氾濫，英國與科技業者聯手研發AI深偽偵測技術
https://www.ithome.com.tw/news/173936

ShinyHunters疑竊取80萬資料勒索賭城飯店
https://www.ithome.com.tw/news/173992

AI 代理程式成「神級攻擊機器」？資安專家警告：護欄機制難擋資料外洩
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12721

惡意軟體MimicRAT透過ClickFix網釣散布，駭客事先入侵網站作為傳遞的管道
https://thehackernews.com/2026/02/clickfix-campaign-abuses-compromised.html

社交工程攻擊ClickFix出現新手法，駭客藉由查詢惡意DNS取得有效酬載
https://www.ithome.com.tw/news/174007

圓山大飯店資訊系統被入侵，顧客資料恐遭竊
https://www.ithome.com.tw/news/174003

製藥公司南光網路系統遭到入侵，內部文件疑外流暗網
https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=172423&SPOKE_DATE=20260219&COMPANY_ID=1752

微軟Entra帳號裝置驗證碼被鎖定，傳出駭客組織ShinyHunters從事語音網釣活動
https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-entra-accounts-in-device-code-vishing-attacks/

歐洲資料保護委員會聯合全球61個監管機關發布聲明，要求AI影像生成服務強化防濫用機制
https://www.ithome.com.tw/news/174068

AI 變身駭客！墨西哥政府上億筆機密數據外洩
https://abmedia.io/gambit-security-claude-hacker

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries
https://thehackernews.com/2026/02/google-disrupts-unc2814-gridtide.html

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
https://thehackernews.com/2026/02/slh-offers-5001000-per-call-to-recruit.html

Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams
https://thehackernews.com/2026/02/meta-files-lawsuits-against-brazil.html

E.研究報告/工具
Expert Recommends: Prepare for PQC Right Now
https://thehackernews.com/2026/02/expert-recommends-prepare-for-pqc-right.html

Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem
https://thehackernews.com/2026/02/identity-prioritization-isnt-backlog.html

Manual Processes Are Putting National Security at Risk
https://thehackernews.com/2026/02/manual-processes-are-putting-national.html

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It
https://thehackernews.com/2026/02/top-5-ways-broken-triage-increases.html

How Exposed Endpoints Increase Risk Across LLM Infrastructure
https://thehackernews.com/2026/02/how-exposed-endpoints-increase-risk.html

F.商業
Criminal IP 整合 IBM QRadar 平台，提供即時威脅情報強化 SIEM 與 SOAR 防禦能力
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12712

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
https://thehackernews.com/2026/02/ec-council-expands-ai-certification.html

Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026
https://thehackernews.com/2026/02/identity-cyber-scores-new-metric.html

G.政府
數發部：酷澎台灣個資管理有缺失，將依法裁處
https://infosecu.technews.tw/2026/02/26/moda-coupang-2/

酷澎個資外洩數發部調查：離職員工持原金鑰入侵、三度稱未受影響
https://ec.ltn.com.tw/article/breakingnews/5351974

數位發展部辦理行政檢查 發現酷澎臺灣個資管理存有缺失 將依法進行裁處
https://moda.gov.tw/ADI/news/latest-news/19026#AC

跨國網路攻防演練成熟度評估 中科院攜手資安院 升級國防數位防護力
https://def.ltn.com.tw/amp/article/breakingnews/5353308

應對AI威脅！ 中科院、資安院簽MOU　共同研發國防科技資安防護
https://www.taisounds.com/news/content/71/243254

資安院《資安星際指南》助中小企業跨越技術門檻、升級防護
https://www.cio.com.tw/107400/

中科院與資安院簽MOU！強化國防AI防護　提升資安科研韌性
https://ctinews.com/news/items/4OaZyLBJW6

H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
2026 年物聯網產業前景：從「連接」邁向「決策」的晶片價值重構
https://technews.tw/2026/02/27/2026-iot-market/

消防處積極研究物聯網火警偵測系統作為傳統消防設備替代方案
https://news.now.com/home/local/player?newsId=637759

I.教育訓練
資安事件發生必要知道的復原程序，降低傷害
https://www.ithome.com.tw/pr/163614

iPAS資訊安全工程師中級筆記
https://hackmd.io/@Not/iPASInformationSecuritySpecialist

iPas資安工程師證照考前研習
https://reurl.cc/GEbA3p

iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題)
https://reurl.cc/orlD1g

EC Council CASE.NET 認證準備
https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html

EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義
https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html

GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計
https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad

Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！
https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/

一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程
https://www.ithome.com.tw/pr/160954

全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口
https://reurl.cc/m39MDj

CISSP資安認證的8大領域
https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html

CISSP考試心得
https://reurl.cc/KbY83j

CISSP考試心得 – Benson
https://reurl.cc/GbWvxd

目標導向-20天光速考過CISSP
https://reurl.cc/2Zq6zn

CISSP證照考試實戰心得 第一章：初期準備工作
https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat

CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略
https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies

CISSP證照考試實戰心得 第三章：終極一戰
https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle

Quick CISSP Infographic for IPSec
https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec

CSSLP Certification - Security models in F#
https://github.com/vbocan/csslp

Certified Secure Software Lifecycle Professional in bullet points
https://github.com/joeyhage/csslp-notes

CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/

EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8

CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh

CEH
https://github.com/a3cipher/CEH

CodeRed by EC-Council
https://github.com/codered-by-ec-council

EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習
https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2

EC-Council CEHP考試準備心得
https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po

My ceh practical notes
https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md

CEHP課程筆記
https://hackmd.io/@nfu-johnny/B1Ju_BMPR

ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials
https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4

EC-Council ECSA資安分析專家 v10 考試心得分享
https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html

20180817 EC-Council ECSA v10 PASS
https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html

關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享
https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d

深度解析 CPENT 考試心得、以及與 OSCP 的比較
https://reurl.cc/41eL8v

EC-Council CPENT v1 滲透測試認證 – 內容及心得分享
https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review

CPENT 從暴力到破解
https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295

Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master
https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f

CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證
https://ucom.uuu.com.tw/web/Testimony/Article/4404

kaizensecurity/CPENT
https://github.com/kaizensecurity/CPENT/tree/master

CPENT : Pentesting like NO OTHERS !
https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/

Journey of My CPENT Exam
https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917

[備考心得]CompTIA Security+ (SY0–601) 上篇
https://reurl.cc/M053DK

[備考心得]CompTIA Security+ (SY0–601) 下篇
https://reurl.cc/M053Gv

comptia-security-plus
https://github.com/ajfuto/comptia-security-plus

security-plus
https://github.com/fjavierm/security-plus

CompTIA Security+ Certification Practice Test Questions
https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette

不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書）
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html

App防駭學，資安防護實戰課程全面提升安全觀念
https://www.ithome.com.tw/pr/161505

OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享
https://hackmd.io/@henry-ko/HyQ56e8eF

OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 
http://github.com/In3x0rabl3/OSEP

OSCP（Offensive Security Certified Professional）
https://github.com/0x584A/oscp-notes/tree/master

ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年
https://reurl.cc/aVLoX9

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html

駭客與國家: 網路攻擊與地緣政治新常態
The hacker and the state: cyber attacks and the new normal of geopolitic
https://reurl.cc/D3nKKj

Practical Network Penetration Tester (PNPT) Certification Review
https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df

WUSON常用的基本詞彙
https://choson.lifenet.com.tw/?p=1958

證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」
https://www.ithome.com.tw/news/156754

用證照證明自己實力之餘，更應將證照視為督促學習的最大動力
https://www.ithome.com.tw/news/156756

打破證照誤解與迷思，資安專家帶你釐清資安證照的意義
https://www.ithome.com.tw/news/156755

Accelerate Your Career with the Global Leader in Cyber Security Training
https://www.sans.org/mlp/promo-partnership-hacker-news/

【成大資安社社課】資安禁術 - 逆向工程地獄試煉
https://www.youtube.com/watch?v=4Yc3-9CjG6U

透過實務演練，教你建立實作標準的安全SOP流程
https://www.ithome.com.tw/pr/163514

6.近期資安活動及研討會
從對話到執行自動化： Gemini Enterprise 代理功能引爆企業生產力 2025/3/12
https://www.accupass.com/event/2602090758435000622010

DEVCORE CONFERENCE 2026   2026/3/14
https://devcore.kktix.cc/events/devcoreconf2026

物聯網邊緣運算與資安實戰 2026/3/28
https://www.accupass.com/event/2412260751154280345070

應對 2026 資安新法：Google SecOps 如何自動化您的合規地圖 2026/3/31
https://www.accupass.com/event/2602240656105983582800

Gemini實戰全攻略-打造你的AI工作流 2026/5/30
https://www.accupass.com/event/2602191339327923594810