資安事件新聞週報 2026/3/2 ~ 2026/3/6

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2026/3/2 ~ 2026/3/6 1.重大弱點漏洞/後門/Exploit/Zero Day 思科修補防火牆管理平臺Secure FMC兩個滿分漏洞 https://www.ithome.com.tw/news/174203 兆勤緊急修補網路設備產品重大指令注入漏洞 https://www.ithome.com.tw/news/174089 開源AI資安平臺CyberStrikeAI遭濫用，駭客用於大規模攻擊Fortinet防火牆 https://www.ithome.com.tw/news/174167 駭客透過竊資軟體取得憑證，鎖定單一登入平臺與F5 BIG-IP設備從事帳號填充攻擊活動 https://gbhackers.com/massive-brute-force-attacks/ Cisco SD-WAN 驚傳遭隱匿攻擊三年，Juniper、 Zyxel 示警高危漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12729 思科警告SD-WAN系統部分漏洞發生濫用活動 https://www.ithome.com.tw/news/174227 Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities https://thehackernews.com/2026/03/cisco-confirms-active-exploitation-of.html SonicWall防火牆遭大規模偵察掃描，鎖定SSL VPN狀態查詢API尋找攻擊目標 https://www.ithome.com.tw/news/174153 VMware Aria Operations高風險漏洞CVE-2026-22719被用於實際攻擊活動 https://www.bleepingcomputer.com/news/security/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks/ CISA警告TeamT5端點防護系統舊漏洞被用於實際攻擊活動 https://www.ithome.com.tw/news/174228 APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday https://thehackernews.com/2026/03/apt28-tied-to-cve-2026-21513-mshtml-0.html 微軟2月修補的MSHTML資安漏洞遭到俄羅斯駭客APT28利用 https://www.ithome.com.tw/news/174182 CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog https://thehackernews.com/2026/03/cisa-adds-actively-exploited-vmware.html Google發布Chrome緊急更新，修補10個安全漏洞 https://www.ithome.com.tw/news/174224 1月Google修補Chrome高風險漏洞，惡意擴充套件恐劫持Gemini側邊面板讀取本機檔案 https://www.ithome.com.tw/news/174143 Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel https://thehackernews.com/2026/03/new-chrome-vulnerability-let-malicious.html 剖析 ClawJacked 漏洞：惡意網站如何繞過瀏覽器限制劫持本地 OpenClaw https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12730 ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html OpenClaw存在資安漏洞ClawJacked，攻擊者恐透過WebSocket連線挾持 https://www.ithome.com.tw/news/174098 趨勢科技修補端點防護平臺Apex One重大漏洞，攻擊者恐用於發動RCE攻擊 https://www.ithome.com.tw/news/174149 趨勢科技修補 Apex One 兩項 RCE 關鍵漏洞，CVSS 高達 9.8 呼籲地端用戶儘速更新 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12728 Google報告指出2025年零時差漏洞達90起，企業設備成主要攻擊目標 https://www.ithome.com.tw/news/174224 AI瀏覽器Perplexity Comet存在漏洞PleaseFix，攻擊者可竊取密碼管理工具1Password的保管庫 https://hackread.com/pleasefix-flaw-hackers-1password-vault-comet-ai-browser/ PDF平臺成複雜Web架構攻擊面，AI協助發現16項漏洞 https://www.ithome.com.tw/news/174105 2.銀行/金融/保險/證券/金融監理新聞及資安俄羅斯駭客UAC-0050攻擊歐洲金融機構，假冒烏克蘭司法機構郵件散布RMS遠端工具 https://www.ithome.com.tw/news/174200 FBI示警2025年ATM吐鈔攻擊暴增，占近五年通報逾三成、損失逾2,000萬美元 https://www.ithome.com.tw/news/174093 金融資安韌性發展藍圖金融業資安治理再邁一步 https://www.cio.com.tw/108015/ 3.信用卡/電子支付/行動支付/pay/支付系統/資安消失的錢包消失的自由中國行動支付背後的全透明時代 https://www.rti.org.tw/news?uid=3&pid=195490 台灣行動支付「RE紅包」營運9年突倒閉！萬名用戶資金遭凍結，燒光資金尋求併購 https://www.blocktempo.com/taiwan-mobile-payment-rex-shutdown-users-funds-frozen-liquidation/ Mercedes-Benz推出Mercedes Pay+，首度將汽車變成電子支付設備 https://reurl.cc/7E28x1 海外購物踩雷！她付128元關稅下一秒信用卡竟被盜刷4萬 https://udn.com/news/story/124490/9361272 三成澳洲人從不檢查信用卡每年多付16億利息 https://www.epochtimes.com/b5/26/3/5/n14711739.htm 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams https://thehackernews.com/2026/02/doj-seizes-61-million-in-tether-linked.html 加密貨幣與Web3專家被鎖定，駭客透過假的LinkedIn投資從事ClickFix網釣 https://gbhackers.com/fake-linkedin-vcs/ 惡意Chrome延伸套件透過ClickFix網釣散布，目的是洗劫用戶的加密貨幣資產 https://www.bleepingcomputer.com/news/security/quicklens-chrome-extension-steals-crypto-shows-clickfix-attack/ 1張圖賠1.5億！南韓國稅廳低級失誤害加密貨幣失竊　找回2小時又被盜 https://www.mirrormedia.mg/story/20260303edi033 英國加密貨幣監管路徑：權衡彈性與保護對比歐美框架 https://reurl.cc/aXlYKY 交易所迎來 AI 玩家：OpenClaw、Claude Code 接入幣安、OKX、Bitget Wallet https://abmedia.io/openclaw-claudecode-skills 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 維基百科遭自我傳播JavaScript蠕蟲攻擊，數千頁面遭竄改 https://www.ithome.com.tw/news/174258 中國駭客UAT-9244鎖定南美電信公司，散布Windows及Linux後門程式 https://www.ithome.com.tw/news/174230 駭客利用Windows檔案總管和WebDAV散布惡意程式 https://www.ithome.com.tw/news/174103 APT28對烏克蘭散布惡意程式BadPaw Loader與MeowMeow https://www.ithome.com.tw/news/174232 惡意軟體Dohdoor鎖定美國校園與醫療照護產業而來，透過多階段攻擊散布 https://gbhackers.com/dohdoor-malware/ 伊朗駭客Dust Specter冒充伊拉克外交部，對該國政府官員散布惡意軟體 https://www.ithome.com.tw/news/174248 搜尋引擎Bing遭濫用，駭客藉由冒牌OpenClaw安裝程式散布惡意軟體 https://www.ithome.com.tw/news/174244 惡意OpenClaw技能延伸套件試圖引誘用戶輸入帳密資料，於受害電腦植入竊資軟體AMOS https://gbhackers.com/malicious-openclaw-tactics/ 假面試題庫藏後門，惡意Next.js儲存庫濫用VS Code自動任務竊取開發者憑證 https://www.ithome.com.tw/news/174066 巴基斯坦駭客APT36利用AI生成惡意軟體，企圖滲透印度政府的網路環境 https://hackread.com/pakistan-apt36-indian-govt-networks-ai-vibeware/ 駭客假借提供Claude Code為幌子，透過MSHTA散布竊資軟體 https://gbhackers.com/fake-claude-code/ 北韓駭客APT37濫用Zoho WorkDrive與USB惡意軟體，企圖入侵隔離網路環境 https://www.ithome.com.tw/news/174107 冒牌Laravel散布跨平臺RAT木馬，鎖定Windows、macOS、Linux用戶而來 https://thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html Ivanti Connect Secure遭到惡意軟體Resurge攻擊，駭客採用網路層級手段迴避偵測 https://www.ithome.com.tw/news/174172 有人假借Zoom更新名義對Windows用戶下手，意圖植入監控工具進行後續活動 https://www.ithome.com.tw/news/174169 殭屍網路OCRFix假借提供掃描工具下載散布，並透過ClickFix網釣誘騙使用者上當 https://gbhackers.com/ocrfix-botnet-uses-clickfix/ 荷蘭油漆製造商AkzoNobel美國網路環境遭駭，勒索軟體Anubis聲稱竊得170 GB內部資料 https://www.bleepingcomputer.com/news/security/paint-maker-giant-akzonobel-confirms-cyberattack-on-us-site/ OAuth重新導向機制遭濫用，駭客發展出新型態攻擊手法 https://www.ithome.com.tw/news/174184 Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets https://thehackernews.com/2026/03/microsoft-warns-oauth-redirect-abuse.html SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains https://thehackernews.com/2026/03/sloppylemming-targets-pakistan-and.html Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux https://thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine https://thehackernews.com/2026/03/apt28-linked-campaign-deploys-badpaw.html Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor https://thehackernews.com/2026/02/malicious-go-crypto-module-steals.html ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks https://thehackernews.com/2026/02/scarcruft-uses-zoho-workdrive-and-usb.html Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms https://thehackernews.com/2026/02/trojanized-gaming-tools-spread-java.html North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT https://thehackernews.com/2026/03/north-korean-hackers-publish-26-npm.html Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor https://thehackernews.com/2026/03/iran-linked-muddywater-hackers-target.html China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks https://thehackernews.com/2026/03/china-linked-hackers-use-terndoor.html Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer https://thehackernews.com/2026/03/microsoft-reveals-clickfix-campaign.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 https://thehackernews.com/2026/03/coruna-ios-exploit-kit-uses-23-exploits.html 漏洞利用套件Coruna鎖定舊版iOS裝置弱點，多組人馬用於實際攻擊活動 https://www.ithome.com.tw/news/174211 Google發布Android更新，修補高通晶片零時差漏洞 https://www.ithome.com.tw/news/174168 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力榮創能源科技遭網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=155605&SPOKE_DATE=20260303&COMPANY_ID=3437 駭客可透過Google行事曆與Zoom視訊會議Promptware攻擊，讓受害者的Gemini串流視訊鏡頭影像 https://cybersecuritynews.com/promptware-leverages-google-calendar-invites/ Hackerbot-Claw機器人針對GitHub Actions而來，企圖利用CI/CD弱點攻擊微軟與DataDog https://gbhackers.com/hackerbot-claw-bot/ 駭客濫用Claude Code打造作案工具，從墨西哥政府的資訊系統竊得150 GB資料 https://securityaffairs.com/188696/ai/claude-code-abused-to-steal-150gb-in-cyberattack-on-mexican-agencies.html 網路犯罪者將AI變成武器的態勢加劇，在半小時內全面入侵受害組織的網域環境 https://gbhackers.com/weaponized-ai/ 攻擊者透過駭入分支辦公室的Fortinet防火牆，目的是滲透整個公司的網路環境，企圖竊取備份系統與NAS設備資料 https://www.ithome.com.tw/news/174165 戰火波及中東資料中心，AWS建議客戶啟動跨區備援 https://www.ithome.com.tw/news/174162 AWS中東資料中心服務中斷災情仍持續，修復作業已有進展 https://www.ithome.com.tw/news/174170 戰事持續，AWS中東資料中心服務中斷災情擴大 https://www.ithome.com.tw/news/174125 伊朗禱告行事曆軟體BadeSaba遭駭，駭客喊話要士兵放下武器 https://hackread.com/popular-iranian-app-badesaba-hacked-alerts/ 為報復美國與以色列對伊朗展開軍事行動，駭客已對16個國家發動149起DDoS攻擊 https://thehackernews.com/2026/03/149-hacktivist-ddos-attacks-hit-110.html AI 模型遭中國企業大規模蒸餾竊取　Anthropic 強化安全防線並推出 AI 漏洞掃描工具反擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12723 美國資料分析公司LexisNexis傳出被入侵，駭客透過重大漏洞React2Shell取得其AWS基礎設施而得逞 https://www.bleepingcomputer.com/news/security/lexisnexis-confirms-data-breach-as-hackers-leak-stolen-files/ FBI調查監控系統疑似遭駭事件 https://www.ithome.com.tw/news/174236 五角大廈首次將美國AI公司列為供應鏈風險，Anthropic成爭議焦點 https://www.ithome.com.tw/news/174229 Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute https://thehackernews.com/2026/02/pentagon-designates-anthropic-supply.html 與APT41有關的中國駭客組織鎖定政府機關與公部門，濫用Google Drive充當C2 https://www.ithome.com.tw/news/174218 APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2 https://thehackernews.com/2026/03/apt41-linked-silver-dragon-targets.html 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict https://thehackernews.com/2026/03/149-hacktivist-ddos-attacks-hit-110.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全餐飲科技服務供應商HungerRush傳出資料外洩，駭客向用戶寄信要脅該公司付錢 https://www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/ 美國紐約體育館Madison Square Garden發生資料外洩，起因是Oracle EBS系統遭駭 https://securityaffairs.com/188814/cyber-crime/oracle-ebs-2025-campaign-impacts-madison-square-garden-sensitive-data-leaked.html 歐洲刑警組織主導大規模執法行動，摧毀網釣平臺Tycoon 2FA逾330個網域 https://www.ithome.com.tw/news/174205 Starkiller釣魚框架採AiTM反向代理，轉送真實登入頁面繞過MFA https://www.ithome.com.tw/news/174119 14國聯手關閉駭客論壇LeakBase，查扣14.2萬會員資料 https://www.ithome.com.tw/news/174207 LastPass用戶被鎖定，駭客發送假的帳號異常警告，意圖挾持密碼保險庫 https://www.ithome.com.tw/news/174221 激進駭客滲透美國政府網站竊得外包商資料，起因是抗議ICE執法過當 https://www.ithome.com.tw/news/174122 荷蘭電信公司Odido發生大規模資料外洩，100萬筆記錄恐流出 https://gbhackers.com/1-million-records-from-dutch-telco-odido-leaked-online-in-massive-data-breach/ Google Cloud API 金鑰預設權限過大數千組金鑰暴露 Gemini 存取風險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12731 Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement https://thehackernews.com/2026/02/thousands-of-public-google-cloud-api.html Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication https://thehackernews.com/2026/03/starkiller-phishing-suite-uses-aitm.html Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations https://thehackernews.com/2026/03/fake-tech-support-spam-deploys.html Where Multi-Factor Authentication Stops and Credential Abuse Starts https://thehackernews.com/2026/03/where-multi-factor-authentication-stops.html Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks https://thehackernews.com/2026/03/europol-led-operation-takes-down-tycoon.html FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials https://thehackernews.com/2026/03/fbi-and-europol-seize-leakbase-forum.html DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams https://thehackernews.com/2026/02/doj-seizes-61-million-in-tether-linked.html E.研究報告/工具研究人員揭露新型態手法AirSnitch，可突破Wi-Fi網路的用戶端隔離防護機制發動攻擊 https://www.securityweek.com/new-airsnitch-attack-shows-wi-fi-client-isolation-could-be-a-false-sense-of-security/ 為隱匿行蹤，駭客濫用WMI事件訂閱功能持續存取受害電腦並進行控制 https://gbhackers.com/cybercriminals-exploit-windows-management-instrumentation-wmi/ AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged https://thehackernews.com/2026/03/ai-agents-next-wave-identity-dark.html New RFP Template for AI Usage Control and AI Governance https://thehackernews.com/2026/03/new-rfp-template-for-ai-usage-control.html Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow https://thehackernews.com/2026/03/building-high-impact-tier-1-3-steps.html Demystifying Key Exchange: From Classical Elliptic Curve Cryptography to a Post-Quantum Future https://thehackernews.com/expert-insights/2026/03/demystifying-key-exchange-from.html How to Protect Your SaaS from Bot Attacks with SafeLine WAF https://thehackernews.com/2026/03/how-to-protect-your-saas-from-bot.html Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders https://thehackernews.com/2026/03/preparing-for-quantum-era-post-quantum.html F.商業 NVIDIA將AI驅動的資訊安全導入全球關鍵基礎設施 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12724 資安公司Arctic Wolf宣布買下暴露資產平臺視覺化公司Sevco Security https://www.ithome.com.tw/news/174175 The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity https://thehackernews.com/2026/03/the-msp-guide-to-using-ai-powered-risk.html G.政府數發部拚 AI 算力加碼百片 GPU，林宜敬：算力中心電力供應可望無虞 https://technews.tw/2026/03/04/moda-ai-server/ 數發部揭4大施政成果！林宜敬：AI、打詐與數位政府同步推進 https://ec.ltn.com.tw/article/breakingnews/5358400 數發部百億AI新創計畫首年成績出爐：5家獲投、6案拍板，百億目標還差多少 https://meet.bnext.com.tw/articles/view/53073? 數發部：擴大數位動能落實於全民生活 https://today.line.me/tw/v3/article/XY8GxGl 數發部今年以「數位發動機」為目標 4大施政主軸曝 https://turnnewsapp.com/livenews/politicsv3/20260304003396-260407 赴中使用手機要留意　七大資安風險與防護重點整理 https://news.immigration.gov.tw/NewsSection/Detail/1e67d5c0-ea5b-4ba2-a1da-75758662f3e2?category=6&lang=TW 數發部：酷澎台灣個資管理有缺失，將依法裁處 https://infosecu.technews.tw/2026/02/26/moda-coupang-2/ 中科院與資安院簽署合作備忘錄　攜手強固國防科研數位韌性 https://mna.mnd.gov.tw/news/detail/?UserKey=864475e1-79f8-4131-b1a8-317c391e21c9 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 n8n平臺與中國騰達路由器漏洞遭利用，駭客藉以散布Zerobot殭屍網路 https://www.ithome.com.tw/news/174188 華芸修補NAS FTP備份功能重大漏洞，可能導致系統檔案遭覆寫或執行任意程式碼 https://www.ithome.com.tw/news/174111 小晶片Chiplet 設計興起帶來全新資安挑戰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12727 HPE修補Juniper PTX路由器程式碼重大RCE漏洞 https://www.ithome.com.tw/news/174102 超過900個VoIP電話系統FreePBX被入侵，駭客利用命令注入漏洞植入Web Shell https://thehackernews.com/2026/02/900-sangoma-freepbx-instances.html 900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks https://thehackernews.com/2026/02/900-sangoma-freepbx-instances.html Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog https://thehackernews.com/2026/03/hikvision-and-rockwell-automation-cvss.html I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會從對話到執行自動化： Gemini Enterprise 代理功能引爆企業生產力 2025/3/12 https://www.accupass.com/event/2602090758435000622010 DEVCORE CONFERENCE 2026 2026/3/14 https://devcore.kktix.cc/events/devcoreconf2026 物聯網邊緣運算與資安實戰 2026/3/28 https://www.accupass.com/event/2412260751154280345070 應對 2026 資安新法：Google SecOps 如何自動化您的合規地圖 2026/3/31 https://www.accupass.com/event/2602240656105983582800 Gemini實戰全攻略-打造你的AI工作流 2026/5/30 https://www.accupass.com/event/2602191339327923594810