資安事件新聞週報 2026/1/12 ~ 2026/1/16

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2026/1/12 ~ 2026/1/16 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet修補旗下FortiSIEM、FortiFone重大漏洞 https://www.ithome.com.tw/news/173374 Fortinet修補SIEM平臺重大漏洞，若不處理恐導致組態配置外流 https://securityonline.info/fortinet-critical-alert-cve-2025-64155-rce-config-leaks-exposed/ Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution https://thehackernews.com/2026/01/fortinet-fixes-critical-fortisiem-flaw.html 中國駭客利用遭到入侵的SonicWall SSL VPN設備，散布VMware零時差漏洞利用工具包 https://www.bleepingcomputer.com/news/security/vmware-esxi-zero-days-likely-exploited-a-year-before-disclosure/ Palo Alto Networks揭露高風險阻斷服務漏洞，若不處理攻擊者恐讓防火牆停擺 https://www.ithome.com.tw/news/173399 Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login https://thehackernews.com/2026/01/palo-alto-fixes-globalprotect-dos-flaw.html 思科修補網路存取控制平臺ISE資安漏洞，並表示已有概念驗證程式碼出現，恐將被用於實際攻擊 https://www.ithome.com.tw/news/173256 Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways https://thehackernews.com/2026/01/cisco-patches-zero-day-rce-exploited-by.html 中國駭客濫用VMware ESXi零時差漏洞，最早可追溯到2024年 https://www.ithome.com.tw/news/173318 China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines https://thehackernews.com/2026/01/chinese-linked-hackers-exploit-vmware.html 微軟1月修補3個零時差漏洞，其中1個已被用於實際攻擊、2個已公開 https://www.ithome.com.tw/news/173342 Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited https://thehackernews.com/2026/01/microsoft-fixes-114-windows-flaws-in.html 趨勢科技發布Apex Central更新，修補能引發遠端程式碼執行的重大資安漏洞 https://www.ithome.com.tw/news/173278 趨勢科技Apex Central 爆 9.8 分重大漏洞，PoC 程式碼已公開企業須立即修補 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12620 Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html CISA警告Gogs零時差漏洞已被用於實際攻擊 https://www.ithome.com.tw/news/173330 CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution https://thehackernews.com/2026/01/cisa-warns-of-active-exploitation-of.html CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024 https://thehackernews.com/2026/01/cisa-retires-10-emergency-cybersecurity.html 工作流程自動化平臺n8n重大漏洞Ni8mare公開近一周，仍有近6萬臺實體尚未修補 https://www.ithome.com.tw/news/173325 n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens https://thehackernews.com/2026/01/n8n-supply-chain-attack-abuses.html ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation https://thehackernews.com/2026/01/servicenow-patches-critical-ai-platform.html Node.js修補堆疊耗盡DoS風險，React、Next.js與應用效能監控工具受波及 https://www.ithome.com.tw/news/173341 Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow https://thehackernews.com/2026/01/critical-nodejs-vulnerability-can-cause.html AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks https://thehackernews.com/2026/01/aws-codebuild-misconfiguration-exposed.html Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access https://thehackernews.com/2026/01/critical-wordpress-modular-ds-plugin.html IBM修補 API Connect平台重大修補身分驗證繞過漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12605 Elastic修補Elasticsearch、Kibana與Beats多項漏洞，恐導致資訊外洩與SSRF https://www.ithome.com.tw/news/173380 Java網頁應用程式框架Apache Struts存在XXE漏洞，可致資料外洩、DoS或SSRF攻擊 https://www.ithome.com.tw/news/173381 網頁應用開發框架Angular存在XSS漏洞，攻擊者可在瀏覽器端執行惡意JavaScript https://www.ithome.com.tw/news/173383 WordPress外掛Modular DS重大漏洞被鎖定，駭客藉此得到網站管理權限 https://www.bleepingcomputer.com/news/security/hackers-exploit-modular-ds-wordpress-plugin-flaw-for-admin-access/ AWS CodeBuild存在嚴重配置不當問題，恐曝露GitHub儲存庫引發供應鏈攻擊 https://thehackernews.com/2026/01/aws-codebuild-misconfiguration-exposed.html SAP發布1月例行更新，修補SQL注入、程式碼注入，以及遠端程式碼執行的重大漏洞 https://www.ithome.com.tw/news/173343 Adobe為ColdFusion修補Apache Tika滿分漏洞，呼籲用戶優先處理 https://www.ithome.com.tw/news/173351 Google發布Chrome 144電腦版更新，修補3項高風險漏洞 https://www.ithome.com.tw/news/173333 Apache Struts存在XXE漏洞，恐曝露敏感資料、引發DoS或SSRF攻擊 https://gbhackers.com/critical-apache-struts-2-flaw/ 資料壓縮程式庫zlib存在重大漏洞，恐造成記憶體全域緩衝區溢位 https://securityonline.info/cve-2026-22184-cvss-9-3-critical-zlib-flaw-opens-door-to-global-buffer-overflow/ CISA警告HPE近期修補的OneView滿分漏洞、15年前的PowerPoint漏洞遭到濫用 https://www.ithome.com.tw/news/173263 GitLab修補多項高風險漏洞，涉及跨站指令碼與權限濫用，自管環境應儘速更新 https://www.ithome.com.tw/news/173259 jsPDF修補重大漏洞，Node.js環境恐遭濫用竊取本機敏感資料 https://www.ithome.com.tw/news/173270 2.銀行/金融/保險/證券/金融監理新聞及資安摩根大通受合作的法務業者連累，外洩數百人資料 https://www.ithome.com.tw/news/173379 臺產驚傳遭網路駭客攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=170444&SPOKE_DATE=20260110&COMPANY_ID=2832 金融資安韌性發展藍圖出爐 https://www.ithome.com.tw/news/173253 WhatsApp蠕蟲透過自動語音攻擊巴西用戶，意圖散布金融木馬Astaroth https://thehackernews.com/2026/01/whatsapp-worm-spreads-astaroth-banking.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安駭客長期透過購物網站的結帳網頁從事側錄活動，竊取客戶的信用卡資料 https://thehackernews.com/2026/01/long-running-web-skimming-campaign.html 雙北捷運、公車「乘車碼」正式上路！手機支付搭車前5大重點一次看懂 https://udn.com/news/story/7266/9246020 Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages https://thehackernews.com/2026/01/long-running-web-skimming-campaign.html 悠遊卡以支付大數據助店家解決剩食問題 https://www.ithome.com.tw/news/173412 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool https://thehackernews.com/2026/01/malicious-chrome-extension-steals-mexc.html 美議院推動加密貨幣新法案明確數位資產定位強化穩定幣與市場監管 https://reurl.cc/Ykrl9l 「萬島之國」變身「數位金礦」！印尼加密貨幣用戶破 1,900 萬鏈上交易額躍居亞太前四強 https://news.pchome.com.tw/finance/sunmedia/20260116/index-76854110063867329003.html 幣安研究院年度報告：2025 年如何定義加密市場？2026 年關鍵主線有哪些 https://blockcast.it/2026/01/16/binance-research-what-defined-crypto-markets-in-2025-and-outlining-themes-for-2026/ 道富銀行進軍加密貨幣領域推出數位資產平台，搶攻代幣化產品發行商機 https://cmnews.com.tw/article/newsyoudeservetoknow-59e2d367-f258-11f0-b194-eca350187a50 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 殭屍網路Aisuru與Kimwolf橫行，資安公司對逾550臺C2主機下手，阻止活動規模擴大 https://www.ithome.com.tw/news/173400 針對電子零件製造商信邦遭網攻，勒索軟體DragonForce聲稱是他們所為 https://www.ithome.com.tw/news/173247 惡意軟體Gootloader透過1千個ZIP檔案傳送，企圖迴避防毒軟體偵測 https://www.bleepingcomputer.com/news/security/gootloader-now-uses-1-000-part-zip-archives-for-stealthy-delivery/ 專為雲端打造的Linux惡意程式VoidLink現身 https://www.ithome.com.tw/news/173384 惡意NPM套件鎖定工作流程自動化平臺n8n而來，目的是竊取用戶的Google Ads憑證 https://www.ithome.com.tw/news/173316 勒索軟體Fog鎖定美國企業組織而來，透過VPN憑證進行滲透 https://gbhackers.com/fog-ransomware/ 兩款惡意Chrome擴充套件洩漏ChatGPT與DeepSeek對話內容，累計安裝超過90萬次 https://www.ithome.com.tw/news/173222 殭屍網路GoBrutforcer鎖定AI生成的部署實作而來，利用常見帳密資料滲透Linux主機 https://www.bleepingcomputer.com/news/security/new-gobruteforcer-attack-wave-targets-crypto-blockchain-projects/ 伊朗駭客MuddyWater鎖定中東而來，透過網釣散布RAT木馬RustyWater https://thehackernews.com/2026/01/muddywater-launches-rustywater-rat-via.html MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors https://thehackernews.com/2026/01/muddywater-launches-rustywater-rat-via.html New Advanced Linux VoidLink Malware Targets Cloud and container Environments https://thehackernews.com/2026/01/new-advanced-linux-voidlink-malware.html New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack https://thehackernews.com/2026/01/new-malware-campaign-delivers-remcos.html GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials https://thehackernews.com/2026/01/gobruteforcer-botnet-targets-crypto.html Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers https://thehackernews.com/2026/01/kimwolf-botnet-infected-over-2-million.html Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware https://thehackernews.com/2026/01/hackers-exploit-c-ares-dll-side-loading.html LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing https://thehackernews.com/2026/01/lotuslite-backdoor-targets-us-policy.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊惡意程式Pluggyape透過即時通訊軟體Signal與WhatsApp，鎖定烏克蘭國防軍而來 https://thehackernews.com/2026/01/pluggyape-malware-uses-signal-and.html PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces https://thehackernews.com/2026/01/pluggyape-malware-uses-signal-and.html 攻擊手法Ghost Tap鎖定安卓手機而來，意圖榨乾使用者的銀行帳戶 https://gbhackers.com/new-ghost-tap-attack/ 安卓核心出現可被用於提升權限的零時差漏洞Chronomaly，攻擊者恐以此取得root權限 https://securityonline.info/zero-day-chronomaly-exploit-grants-root-access-to-vulnerable-linux-kernels/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 2025年臺灣6家企業加入FIRST資安應變組織，合勤、104、元大證券入列，資安產業亦有來毅、數聯、元盾加入 https://www.ithome.com.tw/news/173274 中國駭客Salt Typhoon傳出入侵美眾議院郵件系統，鎖定參與國安事務的委員會從事網路間諜活動 https://gbhackers.com/email-systems-breach/ 英國車廠Jaguar Land Rover銷售下滑43%，網路攻擊事故是主因 https://www.ithome.com.tw/news/173227 歐洲太空總署證實伺服器遭駭，逾200GB資料外洩 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12612 美國最大行動業者Verizon服務中斷數小時，恐影響緊急事故通報 https://www.ithome.com.tw/news/173379 俄羅斯駭客以假藍色當機畫面發動ClickFix攻擊，鎖定旅館業者而來 https://www.ithome.com.tw/news/173215 針對去年連續攻擊臺灣大型醫療機構的勒索軟體CrazyHunter，資安公司Trellix公布其迴避偵測手法 https://www.trellix.com/blogs/research/the-ghost-in-the-machine-crazyhunters-stealth-tactics/ 中國駭客伸手48家主機代管業者，控制1.8萬臺伺服器用於網路犯罪 https://gbhackers.com/chinese-hackers-c2-servers/ 中國駭客UAT-8837鎖定北美關鍵基礎設施而來 https://blog.talosintelligence.com/uat-8837/ 駭客入侵知名電玩遊戲《Apex英雄》比賽挾持玩家角色，比賽被迫暫停及延期 https://www.bleepingcomputer.com/news/security/bad-actor-hijacks-apex-legends-characters-in-live-matches/ Apex Legends爆出角色遭遠端操控與強制斷線事件，開發商Respawn已修復但未說明原因 https://www.ithome.com.tw/news/173332 為了增加作案成功機率，勒索軟體CrazyHunter被發現設有備用攻擊工具 https://www.ithome.com.tw/news/173312 中國APT組織UAT-7290鎖定電信產業，邊緣設備成為初始入侵關鍵管道 https://www.ithome.com.tw/news/173306 中國駭客UAT-7290鎖定南亞電信業者而來，透過邊緣裝置散布Linux惡意軟體 https://www.bleepingcomputer.com/news/security/new-china-linked-hackers-breach-telcos-using-edge-device-exploits/ 美國大型零售業者Target驚傳原始碼遭竊，駭客於私人社群兜售 https://www.bleepingcomputer.com/news/security/targets-dev-server-offline-after-hackers-claim-to-steal-source-code/ Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot https://thehackernews.com/2026/01/researchers-reveal-reprompt-attack.html 俄羅斯駭客APT28試圖竊取微軟OWA、Google、Sophos SSL VPN憑證 https://gbhackers.com/bluedelta-hackers-2/ Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations https://thehackernews.com/2026/01/russian-apt28-runs-credential-stealing.html China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure https://thehackernews.com/2026/01/china-linked-apt-exploits-sitecore-zero.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Instagram 否認遭駭：1,700 萬筆用戶資料實為三年前舊資料重發 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12618 化學廠商磐亞網站遭到DDoS攻擊，已恢復運作、無資料外洩 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=173219&SPOKE_DATE=20260114&COMPANY_ID=4707 攻擊手法Reprompt針對微軟Copilot用戶而來，可竊取連線階段資料及洩露敏感內容 https://www.bleepingcomputer.com/news/security/reprompt-attack-let-hackers-hijack-microsoft-copilot-sessions/ 駭客兜售50家大型企業的內部資料，疑透過員工電腦竊得帳密，入侵雲端檔案共用環境而得逞 https://www.ithome.com.tw/news/173328 駭客論壇BreachForums用戶資料外流，32.4萬筆帳號與管理員PGP私鑰曝光 https://www.ithome.com.tw/news/173296 駭客兜售52萬筆臺灣好市多會員個資，業者澄清：非該公司會員資料 https://www.ithome.com.tw/news/173279 駭客於多個論壇兜售1750萬筆Instagram用戶資料，傳出是4年前的舊資料再度流出 https://www.ithome.com.tw/news/173291 俄駭客組織Everest宣稱入侵日本汽車大廠日產，握有900 GB資料 https://www.ithome.com.tw/news/173315 釣魚郵件改以HTML表格繪製QR Code，目的是規避相關手法的偵測機制 https://www.ithome.com.tw/news/173245 NPM被當成釣魚基礎設施，27個惡意套件鎖定企業帳密 https://www.ithome.com.tw/news/173224 殺豬公詐騙出現分工，資安公司揭露專門提供基礎設施與相關工具的租用服務供應商 https://thehackernews.com/2026/01/researchers-uncover-service-providers.html 鎖定OAuth身分驗證的ConsentFix網釣手法出現變形，新調查發現可繞過Entra ID竊取金鑰 https://gbhackers.com/new-oauth-attack/ 歐鐵票券營運公司被駭　外洩客戶個資及訂位資訊 https://www.ithome.com.tw/news/173405 Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime https://thehackernews.com/2026/01/europol-arrests-34-black-axe-members-in.html FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing https://thehackernews.com/2026/01/fbi-warns-north-korean-hackers-using.html Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud https://thehackernews.com/2026/01/researchers-uncover-service-providers.html Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime https://thehackernews.com/2026/01/europol-arrests-34-black-axe-members-in.html Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud https://thehackernews.com/2026/01/microsoft-legal-action-disrupts-redvds.html E.研究報告/工具 AI 告別測試期，正式進入「商業融合時代」與「代理化革命」 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12615 Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can't) https://thehackernews.com/2026/01/cybersecurity-predictions-2026-hype-we.html What Should We Learn From How Attackers Leveraged AI in 2025 https://thehackernews.com/2026/01/what-should-we-learn-from-how-attackers.html Why Ad-Hoc OSINT Doesn't Scale: From analyst workflows to institutional intelligence https://thehackernews.com/expert-insights/2026/01/why-ad-hoc-osint-doesnt-scale-from.html New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification https://thehackernews.com/2026/01/new-research-64-of-3rd-party.html Model Security Is the Wrong Frame – The Real Risk Is Workflow Security https://thehackernews.com/2026/01/model-security-is-wrong-frame-real-risk.html 4 Outdated Habits Destroying Your SOC's MTTR in 2026 https://thehackernews.com/2026/01/4-outdated-habits-destroying-your-socs.html AI Agents Are Becoming Authorization Bypass Paths https://thehackernews.com/2026/01/ai-agents-are-becoming-privilege.html Your Digital Footprint Can Lead Right to Your Front Door https://thehackernews.com/2026/01/your-digital-footprint-can-lead-right.html F.商業 Anthropic Launches Claude AI for Healthcare with Secure Health Record Access https://thehackernews.com/2026/01/anthropic-launches-claude-ai-for.html RAG 重新定義中小企業的資安防護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12614 Google開源Salesforce配置錯誤偵測工具 https://www.ithome.com.tw/news/173338 CrowdStrike併購SGNL，身分安全邁向即時授權時代 https://www.ithome.com.tw/news/173272 G.政府入侵攻擊占比逾37% ！資安署示警弱密碼風險，呼籲落實三大帳密防護原則 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12619 衛福部公布主權雲八大方針，醫療雲端採購新基準出爐 https://www.ithome.com.tw/news/173353 【TWCERT/CC發布PSIRT建置參考指引】產品資安事件應變走向制度化！企業可從5大規畫與7大執行階段著手 https://www.ithome.com.tw/news/173413 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安威聯通更新兩款NAS應用程式，修補高風險路徑遍歷及SQL注入漏洞 https://www.ithome.com.tw/news/173185 研華科技修補工業物聯網平臺與設備管理平臺10分重大漏洞 https://www.ithome.com.tw/news/173372 Moxa修補工業交換器的OpenSSH元件重大漏洞 https://www.ithome.com.tw/news/173378 Totolink無線訊號強波器重大漏洞，可讓攻擊者完全控制裝置 https://www.ithome.com.tw/news/173231 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Design in the Age of AI: Lessons from 2025, Signals for 2026 2026/1/18 https://www.meetup.com/tokyo-design-career/events/312550455/ How to Strategize and Execute Your Job Search with ChatGPT in One Hour 2026/1/20 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/312232017/ Auditing permission and object changes that put you at risk 2026/1/22 https://www.meetup.com/manageengine-philippines-events/events/312560182/ [On-Line] AWS Global Community Gatherings #15 2026/1/23 https://www.meetup.com/awsglobalcommunitygatherings/events/311684318/ 用積木學 Scrum - 台中敏捷社群推廣活動 2026/1/31 https://www.accupass.com/event/2512021357487819263820 AI資安新戰場企業超前部屬防駭免費體驗 2026/2/11 https://www.accupass.com/event/2502110717236228411690 DEVCORE CONFERENCE 2026 2026/3/14 https://devcore.kktix.cc/events/devcoreconf2026