---
# System prepended metadata

title: 資安事件新聞週報 2026/3/9  ~  2026/3/13
tags: [資安事件新聞週報]

---

###### tags: `資安事件新聞週報`
# 資安事件新聞週報 2026/3/9  ~  2026/3/13

1.重大弱點漏洞/後門/Exploit/Zero Day
開源AI資安平臺CyberStrikeAI遭濫用，駭客用於大規模攻擊Fortinet防火牆
https://www.ithome.com.tw/news/174167

Fortinet防火牆單一登入漏洞遭利用，攻擊者竊取服務帳號憑證、網路組態設定
https://www.ithome.com.tw/news/174335

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
https://thehackernews.com/2026/03/fortigate-devices-exploited-to-breach.html

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
https://thehackernews.com/2026/03/cisa-flags-actively-exploited-n8n-rce.html

微軟發布3月例行更新，修補2個已被公開的零時差漏洞
https://www.ithome.com.tw/news/174321

APT28在微軟2月修補前 利用MSHTML零時差漏洞發動攻擊
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12749

APT28濫用開源漏洞利用框架Covenant滲透烏克蘭軍方，從事網路間諜活動
https://www.ithome.com.tw/news/174325

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
https://thehackernews.com/2026/03/microsoft-patches-84-flaws-in-march.html

Anthropic與Mozilla合作，找出22個Firefox漏洞
https://www.ithome.com.tw/news/174279

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
https://thehackernews.com/2026/03/anthropic-finds-22-firefox.html

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
https://thehackernews.com/2026/03/web-server-exploits-and-mimikatz-used.html

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
https://thehackernews.com/2026/03/the-zero-day-scramble-is-avoidable.html

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
https://thehackernews.com/2026/03/cisa-flags-solarwinds-ivanti-and.html

工作流程自動化平臺n8n存在沙箱逃逸與未經驗證的表達式評估漏洞
https://thehackernews.com/2026/03/critical-n8n-flaws-allow-remote-code.html

CISA指出n8n重大漏洞已遭利用，要求聯邦機構兩週內完成修補
https://www.ithome.com.tw/news/174346

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
https://thehackernews.com/2026/03/critical-n8n-flaws-allow-remote-code.html

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
https://thehackernews.com/2026/03/dozens-of-vendors-patch-security-flaws.html

Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
https://thehackernews.com/2026/03/google-fixes-two-chrome-zero-days.html

Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
https://thehackernews.com/2026/03/nine-crackarmor-flaws-in-linux-apparmor.html

Veeam修補備份軟體4個近滿分的重大層級漏洞，恐允許攻擊者遠端執行任何程式碼
https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-flaws-exposing-backup-servers-to-rce-attacks/

Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
https://thehackernews.com/2026/03/veeam-patches-7-critical-backup.html

3月更新Adobe修補80個漏洞，呼籲用戶應優先處理Adobe Commerce
https://www.ithome.com.tw/news/174357

CISA警告Ivanti端點裝置管理平臺EPM的身分驗證繞過漏洞已遭到利用
https://www.bleepingcomputer.com/news/security/cisa-recently-patched-ivanti-epm-flaw-now-actively-exploited/

WordPress外掛Elementor Ally存在SQL注入漏洞，影響逾25萬個網站
https://www.bleepingcomputer.com/news/security/sqli-flaw-in-elementor-ally-plugin-impacts-250k-plus-wordpress-sites/

SAP修補FS-QUO與NetWeaver重大漏洞
https://www.ithome.com.tw/news/174324

CISA傳出將CVE專案列為常態資助的專案，相關預算將受到保護
https://www.csoonline.com/article/4142600/cve-program-funding-secured-easing-fears-of-repeat-crisis.html

AI瀏覽器Perplexity Comet存在零點擊漏洞，可被用於竊取密碼管理工具1Password保險庫內容
https://www.ithome.com.tw/news/174297

Check Point揭Claude Code漏洞，惡意專案設定檔可觸發RCE並外洩API金鑰
https://www.ithome.com.tw/news/174267

OpenAI推出AI資安代理人Codex Security，可掃描GitHub程式庫自動找漏洞並提出修補
https://www.ithome.com.tw/news/174282

WordPress會員外掛程式存在重大漏洞，未經身分驗證的攻擊者可建立管理員帳號
https://gbhackers.com/wordpress-membership-plugin-flaw/

2.銀行/金融/保險/證券/金融監理 新聞及資安
歐盟法院顧問對銀行提出呼籲，應退還釣魚詐騙受害者被盜款項
https://www.ithome.com.tw/news/174358

伊朗駭客MuddyWater入侵美國銀行與機場網路，部署Dindoor與Fakeset後門程式
https://www.ithome.com.tw/news/174294

凱基人壽用五分鐘，提升金融資安的信任速度
https://www.businessweekly.com.tw/business/indep/1006456

神坊資訊7 x 24 全方位託管，幫國泰地產集團與中小企業打造金融級資安韌性
https://www.businessweekly.com.tw/business/indep/1006360

日本國際金融系統論壇聚焦AI數位化與資安風險
https://reurl.cc/X2eRDE

保險業資安長設置降門檻 範圍將擴大
https://www.chinatimes.com/newspapers/20260311000285-260205?chdtv

樂雲智能完成金融機構履約保證程序，強化資安服務治理機制
https://www.ithome.com.tw/pr/174079

以信任與韌性驅動金控整併，台新新光金的萬億資產防線
https://www.ithome.com.tw/people/173514

金融巨擘的數位轉型考題：台灣銀行跨入虛擬資產　最缺的是「可落地的信任」
https://finance.ettoday.net/news/3131827

力挺官方發展AI、先進製造 陸銀行業擴大科技融資規模
https://udn.com/news/story/7333/9377847

玉山銀行攜手 IBM 建立領先台灣業界的企業級AI治理框架
https://more-news.tw/549991/

3.信用卡/電子支付/行動支付/pay/支付系統/資安
錢領不出來！台灣「1行動支付」驚傳倒閉 逾百萬人受害
https://reurl.cc/WbExek

消失的錢包消失的自由 中國行動支付背後的全透明時代
https://www.rti.org.tw/news?uid=3&pid=195490

八達通、微信… 香港計程車4月起可用至少兩種電子支付
https://udn.com/news/story/7333/9370523

信用卡盜刷新手法曝光！竊盜集團靠這1招 成功率幾乎百分百
https://ec.ltn.com.tw/article/breakingnews/5369017

搭捷運遇竊信用卡被盜刷　北市警：疑跨國集團犯案
https://www.cna.com.tw/news/asoc/202603130210.aspx

信用卡盜刷新招! 錢包遭竊在阿拉伯被盜刷"20分鐘連刷8卡"
https://today.line.me/tw/v3/article/vXMgJR8

4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安
AI吸乾全世界，GitHub數據顯示Crypto加密緩慢死亡
https://www.blocktempo.com/github-crypto-commits-drop-75-developers-halved-blockchain-lost-ai/

MiCA 法規趨嚴，SwissBorg：歐洲加密貨幣公司將更精簡
https://reurl.cc/yOnLxl

CertiK發布加密貨幣ATM欺詐報告：損失達3.3億美元 AI詐騙與跨境洗錢成主要威脅
https://m.cnyes.com/news/id/6383028

泰國證交會追查加密貨幣推銷者 投資人指控網路詐騙損失13.9億泰銖
https://news.pchome.com.tw/finance/sunmedia/20260313/index-77336858582228329003.html

假求職真詐騙！刑事局破獲加密貨幣詐騙集團　主嫌黃男落網
https://n.yam.com/Article/20260313642016

伊朗通過加密貨幣洗錢 規避封鎖
https://www.ntdtv.com/b5/2026/03/12/a104075555.html

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
北韓駭客組織APT37 利用新型惡意軟體攻擊氣隙網路
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12740

勒索軟體Interlock利用AI打造後門程式Slopoly
https://www.ithome.com.tw/news/174386

阿里巴巴發現模型訓練AI代理程式演化出挖礦等惡意行為
https://www.ithome.com.tw/news/174331

駭客組織Velvet Tempest運用ClickFix手法並搭配Windows公用程式，部署惡意軟體DonutLoader、CastleRAT
https://www.bleepingcomputer.com/news/security/termite-ransomware-breaches-linked-to-clickfix-castlerat-attacks/

巴基斯坦駭客APT36利用AI生成大量惡意軟體，企圖滲透印度與阿富汗的政府及企業組織
https://www.ithome.com.tw/news/174298

鎖定Linux平臺的Rootkit程式手法出現重大變化，駭客偏好採用eBPF與io_uring隱匿行蹤
https://gbhackers.com/new-linux-rootkits-leverage-advanced-ebpf-and-io_uring-techniques/

竊資軟體BoryptGrab透過逾100個GitHub儲存庫散布，並建立反向隧道進行通訊
https://securityaffairs.com/189110/malware/massive-github-malware-operation-spreads-boryptgrab-stealer.html

惡意NPM套件偽裝成OpenClaw安裝程式，企圖在開發人員電腦植入RAT木馬
https://thehackernews.com/2026/03/malicious-npm-package-posing-as.html

中國駭客Camaro Dragon假借中東誘餌攻擊卡達，散布惡意軟體PlugX
https://gbhackers.com/chinese-apt-campaign/

駭客發動InstallFix攻擊，利用冒牌Claude Code安裝指引散布竊資軟體
https://www.ithome.com.tw/news/174283

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
https://thehackernews.com/2026/03/malicious-npm-package-posing-as.html

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India
https://thehackernews.com/2026/03/transparent-tribe-uses-ai-to-mass.html

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
https://thehackernews.com/2026/03/multi-stage-voidgeist-malware.html

Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
https://thehackernews.com/2026/03/iran-linked-muddywater-hackers-target.html

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
https://thehackernews.com/2026/03/microsoft-reveals-clickfix-campaign.html

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
https://thehackernews.com/2026/03/chrome-extension-turns-malicious-after.html

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
https://thehackernews.com/2026/03/apt28-uses-beardshell-and-covenant.html

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
https://thehackernews.com/2026/03/unc4899-used-airdrop-file-transfer-and.html

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
https://thehackernews.com/2026/03/five-malicious-rust-crates-and-ai-bot.html

KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
https://thehackernews.com/2026/03/kadnap-malware-infects-14000-edge.html

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
https://thehackernews.com/2026/03/rust-based-venon-malware-targets-33.html

Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
https://thehackernews.com/2026/03/hive0163-uses-ai-assisted-slopoly.html

B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
荷蘭政府警告俄國駭客攻擊Signal、WhatsApp用戶以竊取敏感資訊
https://www.ithome.com.tw/news/174299

美國CISA警告影響蘋果電腦、行動裝置、穿戴裝置、電視盒的3個資安漏洞已被利用
https://gbhackers.com/cisa-alerts-users-vulnerabilities-impacting-macos-and-ios/

美國指出3個iOS、iPadOS高風險資安漏洞已遭利用
https://www.ithome.com.tw/news/174351

安卓惡意程式BeatBanker冒充衛星網路Starlink應用程式，洗劫用戶資產並將裝置用於挖礦
https://www.bleepingcomputer.com/news/security/new-beatbanker-android-malware-poses-as-starlink-app-to-hijack-devices/

蘋果為舊款iPhone及iPad用戶發布更新，修補已被攻擊套件Coruna利用的漏洞
https://www.ithome.com.tw/news/174383

美國CISA將3個iOS資安漏洞列入已遭利用的漏洞名單，要求聯邦機構限期完成修補
https://cyberpress.org/hackers-exploit-macos-and-ios-vulnerabilities/

已被俄羅斯及中國駭客取得的iOS漏洞利用工具包Coruna，傳出源自美國的國防承包商
https://www.ithome.com.tw/news/174364

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
https://thehackernews.com/2026/03/apple-issues-security-updates-for-older.html

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
https://thehackernews.com/2026/03/six-android-malware-families-target-pix.html

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
供應鏈攻擊鎖定NuGet與NPM套件生態系，竊取憑證與敏感資訊並建立遠端控制能力
https://www.ithome.com.tw/news/174266

生技公司浩泰公告資安事件，駭客入侵並加密伺服器資料
https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=152532&SPOKE_DATE=20260306&COMPANY_ID=4131

財富500大企業與政府機關曝露逾2,600個有效的TLS憑證，恐導致GitHub或DockerHub等環境遭到入侵
https://hackread.com/certificates-fortune-500-gov-exposed-key-leaks/

OWASP列出AI代理10大風險，臺灣分會長呼籲別把排行示警當教條
https://www.ithome.com.tw/news/174355

微軟警告駭客在攻擊的各個層面廣泛濫用AI，加速攻擊及擴大活動規模
https://www.bleepingcomputer.com/news/security/microsoft-hackers-abusing-ai-at-every-stage-of-cyberattacks/

Salesforce用戶再遭鎖定，ShinyHunters傳出針對配置不當的Experience Cloud網站下手
https://www.ithome.com.tw/news/174337

Claude Code Security 影響被高估
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12744

川普公布「美國網路戰略」，以「六個支柱」落實美國優先，吹響數位戰鬥號角
https://www.ithome.com.tw/news/174338

駭客濫用DeepSeek與Claude對Fortinet防火牆發動大規模攻擊，相關活動可追溯至去年12月
https://www.ithome.com.tw/news/174163

俄羅斯駭客鎖定人資部門而來，利用EDR殺手BlackSanta癱瘓端點防護系統運作
https://www.bleepingcomputer.com/news/security/new-blacksanta-edr-killer-spotted-targeting-hr-departments/

親伊朗駭客攻擊美國醫療巨頭Stryker
https://www.ithome.com.tw/news/174347

輪胎巨擘米其林證實Oracle系統遭駭
https://www.ithome.com.tw/news/174350

駭客組織UNC6426透過NPM供應鏈攻擊外流金鑰，3天內入侵受害組織的AWS環境
https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html

俄羅斯駭客組織APT28發動MacroMaze行動，濫用合法Webhook與Word巨集鎖定西歐與中歐目標
https://www.ithome.com.tw/news/174161

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
https://thehackernews.com/2026/03/threat-actors-mass-scan-salesforce.html

China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
https://thehackernews.com/2026/03/china-linked-hackers-use-terndoor.html

OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues
https://thehackernews.com/2026/03/openai-codex-security-scanned-12.html

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
加拿大BPO業者Telus Digital遭駭，疑外洩1 PB資料
https://www.ithome.com.tw/news/174387

即時通訊軟體Signal用戶遭到針對性網路釣魚攻擊，駭客意圖挾持帳號
https://gbhackers.com/signal-confirms-sophisticated-phishing-scheme/

第三方廠商遭駭，波及愛立信美國分公司逾4千名客戶、員工資料外洩
https://www.ithome.com.tw/news/174305

駭客假借提供系統清理工具CleanMyMac從事ClickFix網釣，向Mac電腦用戶散布竊資軟體
https://www.ithome.com.tw/news/174293

研究人員揭露AI瀏覽器Perplexity Comet零點擊漏洞PerplexedBrowser，恐導致電腦本機檔案被外流
https://www.ithome.com.tw/news/174296

駭客透過微軟Teams從事社交工程攻擊，冒充IT人員散布惡意軟體A0Backdoor
https://www.ithome.com.tw/news/174307

ClickFix網釣出現新變種，駭客要求使用者開啟終端機執行惡意PowerShell指令，意圖散布竊資軟體Lumma Stealer
https://www.securityweek.com/clickfix-attack-uses-windows-terminal-to-evade-detection/

研究人員藉由AI推理行為降低瀏覽器防護，誘騙Perplexity Comet存取釣魚網頁
https://thehackernews.com/2026/03/researchers-trick-perplexitys-comet-ai.html

時代力量3.3萬筆個資外流，官方發聲明指出是CRM系統遭入侵
https://www.ithome.com.tw/news/174265

Meta被揭露AI眼鏡偷錄隱私畫面，引發控告、政府關切
https://www.ithome.com.tw/news/174271

駭客集團SLH招募女性發動IT服務臺語音釣魚攻擊，每通報酬最高1,000美元
https://www.ithome.com.tw/news/174254

越南駭客團體O-UNC-036從事大規模註冊詐騙活動，透過假帳號騙取高額簡訊費用
https://gbhackers.com/cybercrime-group-in-vietnam/

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
https://thehackernews.com/2026/03/researchers-trick-perplexitys-comet-ai.html

Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
https://thehackernews.com/2026/03/meta-disables-150k-accounts-linked-to.html

How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
https://thehackernews.com/2026/03/how-to-scale-phishing-detection-in-your.html

E.研究報告/工具
RWC 2026在臺登場，公鑰密碼學發明者與Tamarin Prover團隊獲Levchin獎殊榮
https://www.ithome.com.tw/news/174289

AI 加速攻擊、身分識別入侵，以及不斷擴大的軟體供應鏈暴露風險 共同形塑 2026 年的網路威脅版圖
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12737

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
https://thehackernews.com/2026/03/how-to-stop-ai-data-leaks-webinar-guide.html

PQC遷移最新發展受矚目，4項最新研究成果於RWC揭露
https://www.ithome.com.tw/news/174341

Google示警雲端攻擊加速，漏洞利用已由數週縮短到數天
https://www.ithome.com.tw/news/174327

公有雲儲存商Wasabi調查報告指出，超過一半企業已在資安監控應用中導入AI
https://www.ithome.com.tw/news/174308

研究人員揭露迴避偵測手法Zombie ZIP，操弄檔案標頭欺騙資安系統
https://www.bleepingcomputer.com/news/security/new-zombie-zip-technique-lets-malware-slip-past-security-tools/

F.商業
中華資安揭2026年新戰略，布局無人機、船舶、低軌衛星資安服務，並看好AI資安商機與自主研發成長
https://www.ithome.com.tw/news/174264

The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity
https://thehackernews.com/2026/03/the-msp-guide-to-using-ai-powered-risk.html

微軟擴大 Copilot 資料控管範圍至所有儲存位置
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12735

2026 年六成組織存在「關鍵資安債」
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12742

資安託管服務邁入新里程碑：從點防禦到第三方風險管理
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12741

OpenAI併購AI安全測試工具Promptfoo，強化AI代理安全評估能力
https://www.ithome.com.tw/news/174301

Google完成史上金額最高的併購案，Wiz將整併至Google Cloud
https://www.ithome.com.tw/news/174345

Gartner揭露2026年網路安全六大趨勢
https://www.ithome.com.tw/news/174342

G.政府
資安署：駭客寄行政訴訟通知　誘騙點擊下載惡意檔案
https://www.cna.com.tw/news/ahel/202603090110.aspx

AI懂台灣嗎？數發部用高中學測「考」百款LLM
https://ec.ltn.com.tw/article/breakingnews/5363990

H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
https://thehackernews.com/2026/03/authorities-disrupt-socksescort-proxy.html

殭屍網路KadNap入侵華碩路由器與其他邊緣裝置，提供固定代理伺服器服務供網路罪犯運用
https://www.ithome.com.tw/news/174328

海康威視視訊監控設備存在不當驗證漏洞，可被用於提升權限，CISA列入KEV
https://gbhackers.com/hikvision-multiple-product-vulnerability/

I.教育訓練
資安事件發生必要知道的復原程序，降低傷害
https://www.ithome.com.tw/pr/163614

iPAS資訊安全工程師中級筆記
https://hackmd.io/@Not/iPASInformationSecuritySpecialist

iPas資安工程師證照考前研習
https://reurl.cc/GEbA3p

iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題)
https://reurl.cc/orlD1g

EC Council CASE.NET 認證準備
https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html

EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義
https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html

GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計
https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad

Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！
https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/

一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程
https://www.ithome.com.tw/pr/160954

全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口
https://reurl.cc/m39MDj

CISSP資安認證的8大領域
https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html

CISSP考試心得
https://reurl.cc/KbY83j

CISSP考試心得 – Benson
https://reurl.cc/GbWvxd

目標導向-20天光速考過CISSP
https://reurl.cc/2Zq6zn

CISSP證照考試實戰心得 第一章：初期準備工作
https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat

CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略
https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies

CISSP證照考試實戰心得 第三章：終極一戰
https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle

Quick CISSP Infographic for IPSec
https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec

CSSLP Certification - Security models in F#
https://github.com/vbocan/csslp

Certified Secure Software Lifecycle Professional in bullet points
https://github.com/joeyhage/csslp-notes

CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/

EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8

CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh

CEH
https://github.com/a3cipher/CEH

CodeRed by EC-Council
https://github.com/codered-by-ec-council

EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習
https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2

EC-Council CEHP考試準備心得
https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po

My ceh practical notes
https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md

CEHP課程筆記
https://hackmd.io/@nfu-johnny/B1Ju_BMPR

ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials
https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4

EC-Council ECSA資安分析專家 v10 考試心得分享
https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html

20180817 EC-Council ECSA v10 PASS
https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html

關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享
https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d

深度解析 CPENT 考試心得、以及與 OSCP 的比較
https://reurl.cc/41eL8v

EC-Council CPENT v1 滲透測試認證 – 內容及心得分享
https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review

CPENT 從暴力到破解
https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295

Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master
https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f

CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證
https://ucom.uuu.com.tw/web/Testimony/Article/4404

kaizensecurity/CPENT
https://github.com/kaizensecurity/CPENT/tree/master

CPENT : Pentesting like NO OTHERS !
https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/

Journey of My CPENT Exam
https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917

[備考心得]CompTIA Security+ (SY0–601) 上篇
https://reurl.cc/M053DK

[備考心得]CompTIA Security+ (SY0–601) 下篇
https://reurl.cc/M053Gv

comptia-security-plus
https://github.com/ajfuto/comptia-security-plus

security-plus
https://github.com/fjavierm/security-plus

CompTIA Security+ Certification Practice Test Questions
https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette

不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書）
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html

App防駭學，資安防護實戰課程全面提升安全觀念
https://www.ithome.com.tw/pr/161505

OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享
https://hackmd.io/@henry-ko/HyQ56e8eF

OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 
http://github.com/In3x0rabl3/OSEP

OSCP（Offensive Security Certified Professional）
https://github.com/0x584A/oscp-notes/tree/master

ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年
https://reurl.cc/aVLoX9

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html

駭客與國家: 網路攻擊與地緣政治新常態
The hacker and the state: cyber attacks and the new normal of geopolitic
https://reurl.cc/D3nKKj

Practical Network Penetration Tester (PNPT) Certification Review
https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df

WUSON常用的基本詞彙
https://choson.lifenet.com.tw/?p=1958

證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」
https://www.ithome.com.tw/news/156754

用證照證明自己實力之餘，更應將證照視為督促學習的最大動力
https://www.ithome.com.tw/news/156756

打破證照誤解與迷思，資安專家帶你釐清資安證照的意義
https://www.ithome.com.tw/news/156755

Accelerate Your Career with the Global Leader in Cyber Security Training
https://www.sans.org/mlp/promo-partnership-hacker-news/

【成大資安社社課】資安禁術 - 逆向工程地獄試煉
https://www.youtube.com/watch?v=4Yc3-9CjG6U

透過實務演練，教你建立實作標準的安全SOP流程
https://www.ithome.com.tw/pr/163514

6.近期資安活動及研討會
DEVCORE CONFERENCE 2026   2026/3/14
https://devcore.kktix.cc/events/devcoreconf2026

物聯網邊緣運算與資安實戰 2026/3/28
https://www.accupass.com/event/2412260751154280345070

應對 2026 資安新法：Google SecOps 如何自動化您的合規地圖 2026/3/31
https://www.accupass.com/event/2602240656105983582800

Gemini實戰全攻略-打造你的AI工作流 2026/5/30
https://www.accupass.com/event/2602191339327923594810