資安事件新聞週報 2025/10/20 ~ 2025/10/24

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/10/20 ~ 2025/10/24 1.重大弱點漏洞/後門/Exploit/Zero Day 逾26萬F5 BIG-IP執行個體曝險 https://www.ithome.com.tw/news/171795 F5資料外洩事故延燒，逾26.6萬臺BIG-IP執行個體恐面臨遠端攻擊的資安風險 https://www.bleepingcomputer.com/news/security/over-266-000-f5-big-ip-instances-exposed-to-remote-attacks/ 是誰駭入F5、偷走主力產品原始碼？有媒體點名中國駭客組織UNC5221 https://www.ithome.com.tw/news/171761 CISA警示高風險Windows SMB漏洞已被攻擊者利用 https://www.ithome.com.tw/news/171796 微軟10月更新同時修補史上最嚴重 ASP.NET Core 漏洞與 Windows 本地連線 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12344 微軟緊急限制 Edge 瀏覽器 IE 模式　駭客已利用零時差漏洞發動攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12333 微軟修補有史以來最嚴重的ASP.NET Core漏洞，通過身分驗證的攻擊者可用來繞過安全功能 https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-highest-severity-aspnet-core-flaw-ever/ 微軟以Rust打造的GDI模組存在漏洞，攻擊者可遠端攻擊Windows電腦 https://gbhackers.com/windows-gdi-vulnerability-in-rust-kernel/ Oracle公布的EBS漏洞CVE-2025-61884，CISA證實已被用於攻擊行動 https://www.ithome.com.tw/news/171811 美航子公司Envoy Air遭遇Oracle E-Business Suite攻擊 https://www.ithome.com.tw/news/171753 The Critical Patch Update Advisory for October 2025 is available at the following location https://www.oracle.com/security-alerts/cpuoct2025.html Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets https://thehackernews.com/2025/10/five-new-exploited-bugs-land-in-cisas.html TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution https://thehackernews.com/2025/10/tarmageddon-flaw-in-async-tar-rust.html Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms https://thehackernews.com/2025/10/critical-lanscope-endpoint-manager-bug.html IDE工具Cursor、Windsurf存在近百個Chromium已知漏洞 https://www.bleepingcomputer.com/news/security/cursor-windsurf-ides-riddled-with-94-plus-n-day-chromium-vulnerabilities/ GitHub Copilot Chat存在CamoLeak弱點，可洩漏私有程式碼與密鑰 https://www.ithome.com.tw/news/171744 2.銀行/金融/保險/證券/金融監理新聞及資安亞洲、非洲、拉丁美洲的政府機關、金融與工業組織遭鎖定，駭客透過SQL Server進行滲透 https://www.ithome.com.tw/news/171841 普發現金1萬元來了！11月5日開始分流登記、17日 ATM 領現 https://money.udn.com/money/story/7307/9093132 小心「普發一萬」詐騙網站！資安署列出 2 大查證方式 https://3c.ltn.com.tw/amp/news/63694 普發現金將至　資安署示警詐騙手法、3步驟防護 https://www.cna.com.tw/news/ahel/202510210126.aspx 永續金融評鑑再升級！金管會增列資安與職場防霸凌項目近百家受評機構 https://news.cnyes.com/news/id/6202917 銀行資安審查納入外資背景 https://money.udn.com/money/story/122376/9075454 兆豐銀強化資安防護引入AI與零信任架構 https://udn.com/news/story/7239/9077329 你的電子轉帳是否受到足夠保護 https://www.epochtimes.com/b5/25/10/23/n14622493.htm 3.信用卡/電子支付/行動支付/pay/支付系統/資安 "Jingle Thief" Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards https://thehackernews.com/2025/10/jingle-thief-hackers-exploit-cloud.html LINE Pay 跟一卡通 iPass MONEY 分家後，新時代的行動/電子支付怎麼選？5 個選擇行動支付的疑問與建議 https://www.techbang.com/posts/125488-electronic-payment-options 7-ELEVEN刷卡掃碼卡關只能使用現金結帳 https://news.pchome.com.tw/expense/cardu/20251024/index-17612661100213441013.html 全台首創「免解鎖秒通關」　台中捷運Apple Pay快速交通卡上線 https://www.taichung.gov.tw/8868/8872/9962/3125379 台灣目前沒有類似案例。官方停車單的QR Code或條碼，會透過官方或合作平台繳費 https://tfc-taiwan.org.tw/fact-check-reports/taiwan-no-scam-cases-parking-qr-code-payment/ 行動支付疑爆「600萬用戶數據外洩」包含網紅明星個資 https://reurl.cc/yA5Eaa 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More https://thehackernews.com/2025/10/threatsday-bulletin-176m-crypto-fine.html 加密貨幣大亨自由了！川普特赦幣安創辦人趙長鵬，結束拜登政府的加密貨幣戰爭 https://reurl.cc/pYqgAa OG 套現，礦工「叛逃」，一文揭露比特幣的供需困局 https://www.blocktempo.com/bitcoin-supply-demand-dilemma-veterans-cash-out-miners-defect/ 黃立成傳買陶朱隱園　加密貨幣賠17億元眼不眨 https://www.peoplenews.tw/articles/5a8881a92d 渣打香港預告：今年 11 月推出「加密貨幣 ETF 交易服務」 https://blockcast.it/2025/10/22/standard-chartered-hong-kong-to-launch-crypto-etf-trading-in-november/ 就在今晚！聯準會首次開講加密貨幣，數位資產、穩定幣登官方會議 https://www.cryptocity.tw/news/fed-crypto-meeting-stablecoin-token-agenda 香港首家Solana ETF獲批　成比特幣以太幣外另一加密貨幣現貨ETF https://reurl.cc/axp9g4 總統也炒幣？川普家族靠加密資產大賺監管機制怎管 https://www.ctee.com.tw/news/20251023701299-430701 渣打銀行：加密市場清算190億是好事，為加碼比特幣衝20萬美元鋪路 https://www.blocktempo.com/standard-chartered-bitcoin-200k-forecast/ 瑞士銀行Sygnum將推出由多簽錢包控制的比特幣抵押貸款平台 https://news.cnyes.com/news/id/6203737 日本三大銀行將聯合發行穩定幣 https://news.cnyes.com/news/id/6197416 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體癱瘓日本物流巨頭：無印良品等零售商營運中斷凸顯供應鏈韌性危機 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12352 日本無印良品第三方物流業者遭勒索軟體攻擊，暫停網購業務 https://www.ithome.com.tw/news/171785 北韓駭客從事ClickFake Interview攻擊，散布惡意軟體OtterCandy https://gbhackers.com/clickfake-interview-campaign/ 北韓駭客整併BeaverTail與OtterCookie，打造更具破壞力的惡意程式 https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html Rootkit程式LinkPro濫用eBPF機制隱匿行蹤，並在收到特定封包才會運作 https://thehackernews.com/2025/10/linkpro-linux-rootkit-uses-ebpf-to-hide.html 具備自我散布能力的GlassWorm鎖定Visual Studio市集、OpenVSX用戶而來 https://www.bleepingcomputer.com/news/security/self-spreading-glassworm-malware-hits-openvsx-vs-code-registries/ 竊資軟體Vidar Stealer 2.0透過多執行緒加快竊取資料速度 https://www.bleepingcomputer.com/news/security/vidar-stealer-20-adds-multi-threaded-data-theft-better-evasion/ New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs https://thehackernews.com/2025/10/new-net-capi-backdoor-targets-russian.html Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT https://thehackernews.com/2025/10/silver-fox-expands-winos-40-attacks-to.html North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts https://thehackernews.com/2025/10/north-korean-hackers-use-etherhiding-to.html Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign https://thehackernews.com/2025/10/microsoft-revokes-200-fraudulent.html Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network https://thehackernews.com/2025/10/hackers-used-snappybee-malware-and.html Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware https://thehackernews.com/2025/10/researchers-identify-passiveneuron-apt.html PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign https://thehackernews.com/2025/10/polaredge-targets-cisco-asus-qnap.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 131個Chrome惡意延伸套件挾持網頁版WhatsApp，進行大規模垃圾訊息攻擊 https://thehackernews.com/2025/10/131-chrome-extensions-caught-hijacking.html 131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign https://thehackernews.com/2025/10/131-chrome-extensions-caught-hijacking.html 安卓間諜軟體ClayRat鎖定俄羅斯而來 https://www.ithome.com.tw/news/171749 歐洲進行SIMCartel執法行動，拆除被用於超過3千起網路詐欺的貓池 https://www.ithome.com.tw/news/171800 Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide https://thehackernews.com/2025/10/europol-dismantles-sim-farm-network.html 澳洲電信公司Dodo與iPrimus遭網路攻擊，1,600個客戶帳戶遭存取，部分用戶遭SIM卡交換攻擊 https://7news.com.au/news/dodo-and-iprimus-customers-warned-of-major-hack-on-parent-company-vocus-c-20400457 Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams https://thehackernews.com/2025/10/meta-rolls-out-new-tools-to-protect.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力商用視訊會議設備商圓展發布重訊，部分資訊系統遭受攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=214321&SPOKE_DATE=20251019&COMPANY_ID=3669 遭駭的Jaguar Land Rover估計損失高達19億英鎊，為英國史上之最 https://www.ithome.com.tw/news/171829 發展用AI處理漏洞的解決方案，美政府舉辦AIxCC競賽秀實力，自動發現漏洞取得實質進展 https://www.ithome.com.tw/news/171720 AWS美東-1服務中斷近3小時，Disney+、麥當勞程式及Lyft全停擺 https://www.ithome.com.tw/news/171777 中國駭客進行新一波Winos 4.0攻擊行動，將範圍延伸到日本及馬來西亞 https://thehackernews.com/2025/10/silver-fox-expands-winos-40-attacks-to.html 中國駭客Salt Typhoon鎖定歐洲電信業者發動攻擊，利用惡意程式Snappybee滲透網路環境 https://www.ithome.com.tw/news/171827 中國駭客Salt Typhoon鎖定歐洲電信業者而來，利用惡意程式Snappybee滲透網路環境 https://thehackernews.com/2025/10/hackers-used-snappybee-malware-and.html 中國指控美國入侵其授時中心 https://www.ithome.com.tw/news/171762 中東電信業者遭駭，中國駭客利用ToolShell入侵網路環境 https://www.ithome.com.tw/news/171830 鎖定台灣半導體投資機構！中國駭客組織 DropPitch 利用 AI 強化攻擊鏈失敗 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12342 英國國家資安事件年增 130%、荷蘭管制中資半導體廠　關鍵基礎設施成攻擊焦點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12334 英國國防部的承包商傳出遭俄羅斯駭客入侵，員工個資與國防部人員聯絡資訊外流 https://securityaffairs.com/183640/data-breach/russian-lynk-group-leaks-sensitive-uk-mod-files-including-info-on-eight-military-bases.html MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems https://thehackernews.com/2025/10/mss-claims-nsa-used-42-cyber-tools-in.html Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers https://thehackernews.com/2025/10/google-identifies-three-new-russian.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全俄羅斯駭客ColdRiver透過圖靈驗證從事ClickFix網釣，散布惡意軟體NoRobot、MaybeRobot https://www.bleepingcomputer.com/news/security/russian-hackers-evolve-malware-pushed-in-i-am-not-a-robot-clickfix-attacks/ 福斯汽車疑遭8Base勒索軟體攻擊，外洩公司業務及個資 https://www.ithome.com.tw/news/171772 交通部針對易飛網資料外洩事故判罰100萬元罰鍰，並指出原因是該公司未採行適當安全措施 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=194650&SPOKE_DATE=20251020&COMPANY_ID=2734 組態配置不當的Elasticsearch存放1.12 TB資料，洩露逾60億筆記錄 https://www.ithome.com.tw/news/171746 防範社交工程，守護全民資安-洞察騙局，從識破謊言開始 https://moda.gov.tw/ACS/press/news/press/17714 E.研究報告/工具 Identity Security: Your First and Last Line of Defense https://thehackernews.com/2025/10/identity-security-your-first-and-last.html Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices https://thehackernews.com/2025/10/researchers-uncover-watchguard-vpn-bug.html Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches https://thehackernews.com/2025/10/analysing-clickfix-3-reasons-why.html Securing AI to Benefit from AI https://thehackernews.com/2025/10/securing-ai-to-benefit-from-ai.html Why You Should Swap Passwords for Passphrases https://thehackernews.com/2025/10/why-you-should-swap-passwords-for.html Why Organizations Are Abandoning Static Secrets for Managed Identities https://thehackernews.com/2025/10/why-organizations-are-abandoning-static.html F.商業 Cloudera：96%企業已將AI納入核心營運　資料治理與安全成關鍵挑戰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12335 SailPoint 推出全新SailPoint平台引領自適應身分新時代 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12347 LevelBlue併購資安公司Cybereason https://www.ithome.com.tw/news/171745 Google發表Quantum Echoes演算法，實現可驗證量子優勢，運算速度達超級電腦的1.3萬倍 https://www.ithome.com.tw/news/171848 蘋果加碼零點擊利用鏈漏洞懸賞至200萬美元 https://www.ithome.com.tw/news/171750 思科開源Project CodeGuard程式碼安全框架，推動預設即安全開發 https://www.ithome.com.tw/news/171747 微軟發布Microsoft數位防禦報告2025，其中有項發現是觀測臺灣近一年遭國家級駭客攻擊達143起，全球第六嚴峻 https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025/#nation-state G.政府普發現金詐騙多資安署長蔡福隆：政府不會主動發送簡訊 https://udn.com/news/story/124490/9086027 數發部舉辦「2025數位憑證皮夾國際應用趨勢研討會」邀集全球專家探討數位信任及創新應用潛力 https://moda.gov.tw/press/press-releases/17722 資安署25年9月資安月報：《資通安全管理法》修正公布實施；政府陳情管道成釣魚攻擊新途徑 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12362 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution https://thehackernews.com/2025/10/tp-link-patches-four-omada-gateway.html TP-Link修補Omada閘道器4項漏洞　2項可允許執行任意指令 https://www.ithome.com.tw/news/171849 臺灣工控設備業者Moxa修補近滿分漏洞，影響網路安全設備與路由器 https://www.ithome.com.tw/news/171843 通用汽車準備導入Google Gemini，全面棄用蘋果CarPlay與Android Auto https://www.ithome.com.tw/news/171835 尚有7.5萬臺WatchGuard防火牆設備存在重大層級RCE漏洞而曝險 https://www.bleepingcomputer.com/news/security/over-75-000-watchguard-security-devices-vulnerable-to-critical-rce/ I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 AI智慧化流程與管理應用專業人員班 2025/11/12 https://www.accupass.com/event/2509120400472009022575 DQS 年度論壇：迎接全球化，AI 驅動下的供應鏈韌性 2025/11/14 https://www.accupass.com/event/2509250347388679111730