###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/8/25 ~ 2025/8/29 1.重大弱點漏洞/後門/Exploit/Zero Day 逾2.8萬臺Citrix NetScaler設備曝露在CVE-2025-7775的資安風險 https://www.bleepingcomputer.com/news/security/over-28-200-citrix-instances-vulnerable-to-actively-exploited-rce-bug/ Citrix修補NetScaler重大層級的RCE漏洞，並警告已有實際利用的情況 https://www.ithome.com.tw/news/170844 Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775 https://thehackernews.com/2025/08/citrix-patches-three-netscaler-flaws.html Commvault揭露備份軟體遠端執行程式碼重大漏洞，須盡速修補 https://www.ithome.com.tw/news/170772 Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks https://thehackernews.com/2025/08/pre-auth-exploit-chains-found-in.html CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git https://thehackernews.com/2025/08/cisa-adds-three-exploited.html Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page https://thehackernews.com/2025/08/click-studios-patches-passwordstate.html Google Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All Integrations https://thehackernews.com/2025/08/google-warns-salesloft-oauth-breach.html Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names https://thehackernews.com/2025/08/researchers-find-vs-code-flaw-allowing.html 資安AI代理Big Sleep再度立功，Google修補Chrome的Angle元件重大漏洞 https://gbhackers.com/critical-chrome-use-after-free-flaw/ GPT-5多模型路由可被誘導降級，ChatGPT安全風險升高 https://www.ithome.com.tw/news/170836 Brave示警Perplexity Comet瀏覽器AI助理可被隱藏指令操控 https://www.ithome.com.tw/news/170795 商業智慧分析軟體Tableau揭露重大資安漏洞，已於7月更新提供修補機制 https://www.ithome.com.tw/news/170839 Windows版Docker應用程式存在SSRF漏洞，恐讓駭客完全掌控電腦 https://www.ithome.com.tw/news/170789 Kubernetes Capsule存在近乎滿分的重大漏洞，攻擊者可注入任意標籤 https://gbhackers.com/kubernetes-capsule-vulnerability/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 Anatsa金融木馬再擴散，鎖定攻擊831款財務與加密貨幣App https://www.ithome.com.tw/news/170855 臺灣金控建構誠信金融 科技阻詐全民安心 https://money.udn.com/money/story/5613/8971447?from=edn_related_storybottom 【台新新光金法說】「 IT系統複雜」台新銀行、新光銀行明年6月合併要延後 https://reurl.cc/gYrLDz 富邦金控「AI防詐三部曲」 從源頭阻斷詐騙案件 https://ubrand.udn.com/ubrand/story/123651/8968292 中國洗錢網絡威脅大 美財政部促銀行警惕 https://www.epochtimes.com/b5/25/8/28/n14583212.htm 日本三菱銀行與酷澎如何借力 AWS 轉骨，分別用 AI 讓銷售覆蓋率提升 10 倍、轉型為全方位金融服務公司 https://today.line.me/tw/v3/article/aGQlD7G 1銀行新規9/3起實施！沒注意這項規定「轉帳轉不出去」，網銀、ATM都受影響 https://www.storm.mg/lifestyle/11063915 澳新銀行CEO就誤發裁員電郵一事向員工道歉 https://reurl.cc/A39G08 3.信用卡/電子支付/行動支付/pay/支付系統/資安 台灣 Pay 淪詐團退票洗錢工具遭停用！財金公司「三大聲明」籲高鐵共同防詐 https://finance.technews.tw/2025/08/28/taiwan-pay/ 高鐵停用台灣Pay　財金公司急發3點聲明 https://finance.ettoday.net/news/3023133 首例！盜行動支付「刷575支iPhone」 詐騙話術曝光 https://reurl.cc/2Qa589 不畏泰山風波！街口宣布用戶數突破700萬 駁電支市場大洗牌預測 https://tech.udn.com/tech/story/124457/8971049 螞蟻國際再夥渣打　與SWIFT試點 ISO 20022標準銀行到錢包支付服務 https://reurl.cc/Om6xVA 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 加密貨幣迎國家認證時代！美政府將GDP數據寫入區塊鏈 比特幣、以太幣等獲官方採用 https://news.cnyes.com/news/id/6131195 投資顧問瘋搶比特幣、以太幣 ETF，為何加密貨幣正成為「主流」投資新寵 https://web3plus.bnext.com.tw/article/4185? Galaxy 分析：10 種幣符合潛在加密 ETF 上市標準，或可進入快速審核流程 https://zombit.info/galaxy-research-noted-10-tokens-meet-potential-crypto-etf-listing-standards/ 鼓勵加密幣產業回流！CFTC 提醒：註冊為「境外交易所」可直通美國市場 https://blockcast.it/2025/08/29/cftc-crypto-firms-that-left-u-s-can-open-doors-here-as-fbot/ 韓國加密貨幣交易所Coinone宣佈推出該國首個比特幣質押服務 https://www.mitrade.com/zh/insights/news/live-news/article-3-1079911-20250829 日本金螎廳計劃設立新的加密貨幣咊創新部門 https://tw.tradingview.com/news/panews:a1409a620acdf:0/ 加密貨幣成替罪羊？美國銀行機構才是洗錢大本營，FinCEN 揭 3,120 億美元黑金流 https://zombit.info/fincen-us-banks-moved-312b-in-dirty-money/ Google的野心：從人工智慧到加密貨幣？推出自研L1區塊鏈！ https://hao.cnyes.com/post/190580 CZ：香港競爭成爲加密貨幣中心，但取決於監管速度 https://www.mitrade.com/zh/insights/news/live-news/article-3-1080012-20250829 文化、資本與加密貨幣 https://www.blocktempo.com/culture-capital-and-cryptocurrency/ 彭博分析師：美國加密貨幣ETF申請備案現達92個 https://www.mitrade.com/zh/insights/news/live-news/article-3-1078347-20250829 國際商業結算控股擬募資 5 億港元用於加密貨幣及Web3投資 https://www.mitrade.com/zh/insights/news/live-news/article-3-1081178-20250829 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 偽ChatGPT應用程式傳播Play勒索軟體 攻擊Windows零時差漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12156 Linux惡意程式攻擊新手法：RAR檔名隱藏惡意程式碼躲避防毒偵測 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12159 知名開源建置工具Nx遭植入惡意程式上架NPM，開發者憑證恐外洩 https://www.ithome.com.tw/news/170877 大規模惡意軟體攻擊行動ShadowCaptcha濫用WordPress網站，對使用者散布竊資軟體、勒索軟體、挖礦軟體 https://www.ithome.com.tw/news/170901 Linux後門程式出現新手法，以壓縮檔的檔名搭Bash指令碼引爆攻擊 https://www.ithome.com.tw/news/170810 Linux惡意軟體VShell透過RAR檔案名稱散布 https://thehackernews.com/2025/08/linux-malware-delivered-via-malicious.html 惡意軟體Xworm RAT透過遠端管理工具ScreenConnect散布 https://gbhackers.com/weaponized-screenconnect-rmm-tool-deceives-users/ 大型語言模型Claude AI被用於打造勒索軟體 https://www.bleepingcomputer.com/news/security/malware-devs-abuse-anthropics-claude-ai-to-build-ransomware/ 首款濫用AI生成惡意程式碼的勒索軟體PromptLock現身，可竊取資料與加密綁架文檔 https://www.ithome.com.tw/news/170872 惡意Go模組被用於暴力破解，將SSH帳密傳送給Telegram機器人 https://www.ithome.com.tw/news/170868 勒索軟體Qilin聲稱入侵日產汽車旗下設計公司CBI，竊取4 TB規模的資料 https://www.ithome.com.tw/news/170849 惡意軟體MixShell鎖定美國供應鏈製造商而來，透過聯繫表單散布 https://thehackernews.com/2025/08/mixshell-malware-delivered-via-contact.html 惡意軟體Agent Tesla、AsyncRAT、Snake Keylogger透過QuirkyLoader散布 https://thehackernews.com/2025/08/hackers-using-new-quirkyloader-malware.html 勒索軟體Qilin聲稱入侵日產汽車子公司，竊得4 TB資料 https://hackread.com/qilin-ransomware-gang-4tb-data-breach-nissan-cbi/ 惡意軟體UpCrypter假借語音留言訊息散布，意圖在受害電腦植入RAT木馬 https://thehackernews.com/2025/08/phishing-campaign-uses-upcrypter-in.html 巴基斯坦駭客APT36濫用Linux系統桌面環境組態檔案，對印度政府、國防單位散布惡意程式 https://www.bleepingcomputer.com/news/security/apt36-hackers-abuse-linux-desktop-files-to-install-malware/ 大規模惡意軟體攻擊行動ShadowCaptcha濫用WordPress網站，對使用者散布竊資軟體、勒索軟體、挖礦軟體 https://thehackernews.com/2025/08/shadowcaptcha-exploits-wordpress-sites.html GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets https://thehackernews.com/2025/08/geoserver-exploits-polaredge-and.html Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection https://thehackernews.com/2025/08/linux-malware-delivered-via-malicious.html Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware https://thehackernews.com/2025/08/ex-developer-jailed-four-years-for.html Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot https://thehackernews.com/2025/08/malicious-go-module-poses-as-ssh-brute.html ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners https://thehackernews.com/2025/08/shadowcaptcha-exploits-wordpress-sites.html MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers https://thehackernews.com/2025/08/mixshell-malware-delivered-via-contact.html Malicious Nx Packages in 's1ngularity' Attack Leaked 2,349 GitHub, Cloud, and AI Credentials https://thehackernews.com/2025/08/malicious-nx-packages-in-s1ngularity.html Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model https://thehackernews.com/2025/08/someone-created-first-ai-powered.html TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies https://thehackernews.com/2025/08/tamperedchef-malware-disguised-as-fake.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Scattered Spider駭客因SIM卡置換攻擊竊幣遭重判10年 https://www.ithome.com.tw/news/170842 New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station https://thehackernews.com/2025/08/new-sni5gect-attack-crashes-phones-and.html 安卓木馬Hook加入覆蓋螢幕的勒索訊息，要脅受害者付錢 https://thehackernews.com/2025/08/hook-android-trojan-adds-ransomware.html HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands https://thehackernews.com/2025/08/hook-android-trojan-adds-ransomware.html Google to Verify All Android Developers in 4 Countries to Block Malicious Apps https://thehackernews.com/2025/08/google-to-verify-all-android-developers.html Google將開始驗證所有Android開發者身分 https://www.ithome.com.tw/news/170805 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 不織布大廠康那香發布資安重訊，部分資訊系統遭到網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=170732&SPOKE_DATE=20250824&COMPANY_ID=9919 微軟VS Code市集允許以已下架的名稱重新發布延伸套件，恐遭攻擊者濫用 https://thehackernews.com/2025/08/researchers-find-vs-code-flaw-allowing.html 思科網址防護服務Safe Links被濫用，駭客試圖迴避掃描並躲過過濾機制 https://www.ithome.com.tw/news/170857 鎖定遠端桌面連線授權伺服器的掃描行為出現大幅增加的現象，疑與美國學校即將開學有關 https://www.bleepingcomputer.com/news/security/surge-in-coordinated-scans-targets-microsoft-rdp-auth-servers/ 開源專案Arch Linux遭到超過一周的DDoS攻擊 https://www.ithome.com.tw/news/170852 惡意流量分配系統Help TDS被用於攻擊網站，利用PHP範本顯示假的微軟警報 https://gbhackers.com/help-tds-hacks-legitimate-websites-using-php-templates/ 駭客組織ShadowSilk鎖定滲透測試工具和已知漏洞，滲透中亞、亞太地區的企業組織 https://gbhackers.com/shadowsilk-targets-penetration-testing-tools/ 瑞典市政IT系統主要供應商Miljödata遭駭，波及當地逾200個城市運作 https://www.bleepingcomputer.com/news/security/it-system-supplier-cyberattack-impacts-200-municipalities-in-sweden/ 中國駭客Silk Typhoon意圖藉由雲端環境的信賴關係發動供應鏈攻擊，存取下游客戶網路環境 https://www.ithome.com.tw/news/170794 美英日等13國聯合警告，中國國家級駭客滲透全球關鍵基礎設施 https://www.ithome.com.tw/news/170869 Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors https://thehackernews.com/2025/08/anthropic-disrupts-ai-powered.html 中國駭客UNC6384鎖定東南亞外交官，企圖散布惡意軟體PlugX https://www.ithome.com.tw/news/170854 UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats https://thehackernews.com/2025/08/unc6384-deploys-plugx-via-captive.html INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown https://thehackernews.com/2025/08/interpol-arrests-1209-cybercriminals.html Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage https://thehackernews.com/2025/08/chinese-hackers-murky-genesis-and.html U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits https://thehackernews.com/2025/08/us-treasury-sanctions-dprk-it-worker.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 AI網站生成工具Lovable遭大規模濫用打造釣魚與詐欺網站 https://www.ithome.com.tw/news/170860 MATLAB軟體開發商證實勒索軟體攻擊外洩萬名用戶資料 https://www.ithome.com.tw/news/170890 Salesloft Drift整合遭濫用，企業Salesforce資料恐被大規模竊取 https://www.ithome.com.tw/news/170866 竊資軟體Shamos鎖定macOS用戶而來，假借排除電腦問題為誘餌，透過ClickFix網釣散布 https://www.ithome.com.tw/news/170831 英國電信商Colt通報資料遭竊，暗網外流檔案可能涉及客戶資訊 https://www.ithome.com.tw/news/170783 Orange Belgium通報資料外洩，85萬客戶資料遭未授權存取 https://www.ithome.com.tw/news/170773 麥當勞的數位基礎設施存在嚴重漏洞，恐曝露客戶資料、允許未經授權存取 https://gbhackers.com/mcdonalds-free-nuggets-hack-exposed/ 外籍移工仲介業者統振傳出遭駭，勒索軟體Qilin聲稱竊得逾70萬筆個資，恐有上千筆資料仍外流 https://stock.ltn.com.tw/article/2gsyfetkq25f 駭客組織PoisonSeed釣魚攻擊繞過MFA，入侵CRM與大量郵件發送服務 https://www.ithome.com.tw/news/170622 駭客組織Storm-0501將目標延伸到關係企業，進行跨租戶資料竊取、檔案加密及勒索 https://www.ithome.com.tw/news/170880 Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks https://thehackernews.com/2025/08/storm-0501-exploits-entra-id-to.html Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing https://thehackernews.com/2025/08/transparent-tribe-targets-indian-govt.html Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data https://thehackernews.com/2025/08/salesloft-oauth-breach-via-drift-ai.html Blind Eagle's Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra https://thehackernews.com/2025/08/blind-eagles-five-clusters-target.html Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain https://thehackernews.com/2025/08/feds-seize-64m-veriftools-fake-id.html E.研究報告/工具 戰爭期間核電廠真的安全嗎？美商資安顧問示警台灣核電廠的資安危機 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12153 Automation Is Redefining Pentest Delivery https://thehackernews.com/2025/08/automation-is-redefining-pentest.html Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations https://thehackernews.com/2025/08/why-siem-rules-fail-and-how-to-fix-them.html Can Your Security Stack See ChatGPT? Why Network Visibility Matters https://thehackernews.com/2025/08/can-your-security-stack-see-chatgpt-why.html F.商業 亞洲組織要求供應商滿足資安標準 方能建立業務合作關係 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12152 2025年全球終端用戶資訊安全支出將達6.5兆台幣 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12144 OpenAI與Anthropic互相檢視彼此模型的安全性 https://www.ithome.com.tw/news/170875 微軟Universal Print Anywhere功能全面上線，M365用戶可在任意印表機安全列印 https://www.ithome.com.tw/news/170618 要用生成式AI解析事件或報告，時間資訊是最棘手的挑戰，奧義智慧公開因應之道 https://www.ithome.com.tw/news/170870 AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals https://thehackernews.com/2025/07/ai-driven-trends-in-endpoint-security.html The 5 Golden Rules of Safe AI Adoption https://thehackernews.com/2025/08/the-5-golden-rules-of-safe-ai-adoption.html Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Them https://thehackernews.com/2025/08/hidden-vulnerabilities-of-project.html G.政府 資安管理法修法三讀 相關違者最高罰1,000萬元 https://udn.com/news/story/7238/8971700 刑事局參加內政部黑客松：善用AI技術從源頭阻斷詐騙人頭帳戶，初估斬斷70%金流 https://www.ithome.com.tw/news/170884 數位政府高峰會：蔡福隆揭示我國最新國家資通安全發展方向，4大策略推動信賴安全的數位社會 https://www.ithome.com.tw/news/170917 行政院通過AI基本法草案，將不設立AI專責機關 https://www.ithome.com.tw/news/170874 行政院公布AI行動內閣2.0：林宜敬接任數發部長，石崇良將升任衛福部長 https://www.ithome.com.tw/news/170856 BTC國科會主委吳誠文：行政院擬成立健康數據服務公司，帶頭促進跨院電子病歷、醫療影像等健康數據分析應用 https://www.ithome.com.tw/news/170838 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 FreePBX存在零時差漏洞，已被攻擊者積極利用 https://www.bleepingcomputer.com/news/security/freepbx-servers-hacked-via-zero-day-emergency-fix-released/ FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available https://thehackernews.com/2025/08/freepbx-servers-targeted-by-zero-day.html 全球OT資安風險可能超過3,295億美元 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12143 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965