###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/11/24 ~ 2025/11/28 1.重大弱點漏洞/後門/Exploit/Zero Day SonicWall修補防火牆、電子郵件閘道漏洞 https://www.ithome.com.tw/news/172407 大規模掃描鎖定Palo Alto Networks旗下SSL VPN平臺而來，5天出現230萬次活動 https://www.ithome.com.tw/news/172475 Fortinet FortiWeb 雙零日漏洞可遭串聯攻擊！美國CISA 下令一週內完成修補 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12474 微軟緊急發布例外更新，修補部分Windows 10無法安裝ESU更新的問題 https://www.ithome.com.tw/news/172348 CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.html 資料分析系統Grafana存在滿分漏洞，攻擊者有機會以此冒充管理員及提權 https://www.ithome.com.tw/news/172424 Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation https://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions https://thehackernews.com/2025/11/new-fluent-bit-flaws-expose-cloud-to.html 針對近期修補的Firefox高風險漏洞，近半年版本皆曝險，恐影響全球1.8億用戶 https://www.ithome.com.tw/news/172516 Nvidia的機器人生成模型Isaac-GR00T存在漏洞，可被惡意操控機器人 https://www.ithome.com.tw/news/172506 開源輕量級遙測工具Fluent Bit存在一系列漏洞，攻擊者恐串連並接管雲端基礎設施 https://www.ithome.com.tw/news/172484 身分驗證管理平臺Oracle Identity Manager重大漏洞傳出在修補前疑似遭到利用 https://www.ithome.com.tw/news/172478 中國駭客鎖定政府與媒體產業，利用WinRAR漏洞從事攻擊 https://cyberarmor.tech/blog/autumn-dragon-china-nexus-apt-group-targets-south-east-asia 2.銀行/金融/保險/證券/金融監理 新聞及資安 國泰金控如何從軟體供應鏈安全邁向開源治理，開源戰略鐵三角做法大公開 https://www.ithome.com.tw/news/172515 金融木馬Eternidade Stealer鎖定巴西而來，利用WhatsApp接觸受害者及進行散布 https://www.infosecurity-magazine.com/news/eternidade-stealer-trojan-brazil/ 定時炸彈「小烏龜」引爆國安危機，政府、金融、軍方網路門戶洞開 https://www.ithome.com.tw/news/172350 普發現金1843萬人已領錢　財部揪出11個釣魚假網站 https://finance.ettoday.net/news/3074807 摩根大通、花旗、摩根士丹利客戶資料疑因軟體供應商駭客攻擊外洩，金融資安走向全面外移風險 https://uanalyze.com.tw/articles/6740639789 台中攜手永豐建智慧防詐網 AI金流風險控管成焦點 https://news.pchome.com.tw/public/morenews/20251125/index-76403957251099350016.html 從心守護資產安全！永豐銀行推打詐利器　從服務端建立安全防護網 https://finance.ettoday.net/news/3068771 從中華電信到將來銀行！電信老將郭水義揭純網銀成長四大核心能力 https://www.gvm.com.tw/article/126165 中國河南村鎮銀行受害儲戶巴忠俊維權 遭強制驅離 https://www.epochtimes.com/b5/25/11/28/n14645012.htm 3.信用卡/電子支付/行動支付/pay/支付系統/資安 Line Pay電子支付服務12月3日上線 https://www.ithome.com.tw/news/172466 LINE Pay拆夥iPASS MONEY倒數！3步驟「還是能轉帳」 新上線功能一次看 https://reurl.cc/la7oqd 支付革命下的暗影：街口個資風波凸顯台灣行動支付的「數位失能」 https://news.pchome.com.tw/living/cnews/20251126/index-76413734106998227009.html JR東日本將推出「teppay」行動支付，Mobile Suica App整合QR Code掃碼、突破2萬日圓儲值上限 https://reurl.cc/dqm2ED 法推掃碼捐款儲值卡助街友 限制民生用途防弊又抵稅 https://news.pts.org.tw/article/783428 日本交通卡Suica Mobile應用程式將自2026年秋季起提供teppay行動支付與既有交通卡支付功能並行 https://www.cool3c.com/article/244670 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 韓國擬實施「超嚴格反洗錢」打擊拆小額漏洞：金額680美元以下，交易所需KYC搜集個資 https://www.blocktempo.com/south-korea-aml-extends-kyc-to-small-crypto-transfers/ 加密貨幣成完美洗錢工具「平行影子金融」何以難監管| 全球財經 https://vip.udn.com/vip/story/122861/9166371 韓國加密貨幣交易所遭駭　推測北韓駭客組織所為 https://money.udn.com/money/story/5599/9169329 Kraken 推比特幣回饋金融卡，支援 400 種加密貨幣消費 https://www.inside.com.tw/article/40131-kraken-crypto 川普推動「加密之都」引全球關注 勤業眾信解析 加密貨幣交易監理與課稅 https://www.ithome.com.tw/pr/172437 KakaoBank 啟動韓元穩定幣開發！有望成韓國首家銀行級代幣 https://web3plus.bnext.com.tw/article/4438? 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 吉爾吉斯與烏茲別克遭鎖定，歹徒試圖散布NetSupport RAT控制受害電腦 https://thehackernews.com/2025/11/bloody-wolf-expands-java-based.html 惡意Blender模型檔案上架3D模型市集，意圖散布竊資軟體StealC V2 https://www.ithome.com.tw/news/172503 半導體精密零件與太陽能模組製造商有成精密遭遇勒索軟體攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=171119&SPOKE_DATE=20251124&COMPANY_ID=4949 間諜軟體Razda偽裝成檔案管理工具，意圖挾持安卓裝置 https://hackread.com/radzarat-spyware-hijack-android-devices/ 冒牌Prettier延伸套件現身VS Code市集，對開發人員散布竊資軟體Anivia Stealer https://hackread.com/prettier-extension-vscode-marketplace-anivia-stealer/ 俄羅斯駭客利用MSC EvilTwin結合被入侵的網站，企圖散布惡意程式 https://www.ithome.com.tw/news/172509 惡意軟體攻擊活動FlexibleFerret鎖定macOS用戶而來，企圖散布Go語言後門 https://www.infosecurity-magazine.com/news/flexibleferret-malware-macos-go/ 美國大型房地產業者遭鎖定，歹徒利用惡意框架Tuoni C2於記憶體內載入有效酬載 https://gbhackers.com/tuoni-c2-framework/ 風險管理業者Crisis24遭駭，波及美國警消緊急通報系統運作，傳出是勒索軟體INC Ransom所為 https://www.bleepingcomputer.com/news/security/onsolve-codered-cyberattack-disrupts-emergency-alert-systems-nationwide/ Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist https://thehackernews.com/2025/11/qilin-ransomware-turns-south-korean-msp.html 惡意框架Matrix Push C2用於無檔案惡意軟體攻擊，駭客鎖定電腦瀏覽器下手 https://gbhackers.com/matrix-push-c2/ 中國駭客加入利用WSUS重大漏洞的行列，以此散布ShadowPad https://www.ithome.com.tw/news/172448 ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access https://thehackernews.com/2025/11/shadowpad-malware-actively-exploits.html Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware https://thehackernews.com/2025/11/hackers-hijack-blender-3d-assets-to.html Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps https://thehackernews.com/2025/11/chrome-extension-caught-injecting.html RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories https://thehackernews.com/2025/11/threatsday-bulletin-ai-malware-voice.html 大規模蠕蟲攻擊Sha1-Hulud再掀波瀾，影響逾1千個NPM套件與2.7萬個GitHub儲存庫 https://www.ithome.com.tw/news/172494 大規模NPM惡意套件攻擊行動Sha1-Hulud引起多家資安業者警告，2.5萬個儲存庫受到波及 https://thehackernews.com/2025/11/second-sha1-hulud-wave-affects-25000.html Shai-Hulud v2 Spreads From npm to Maven, as Campaign Exposes Thousands of Secrets https://thehackernews.com/2025/11/shai-hulud-v2-campaign-spreads-from-npm.html 惡意Blender模型檔案上架3D模型市集，意圖散布竊資軟體StealC V2 https://www.bleepingcomputer.com/news/security/malicious-blender-model-files-deliver-stealc-infostealing-malware/ Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan https://thehackernews.com/2025/11/bloody-wolf-expands-java-based.html ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories https://thehackernews.com/2025/11/threatsday-bulletin-ai-malware-voice.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 台灣 2200 萬 LINE 用戶拉警報　研究揭重大加密協議缺陷恐成間諜工具 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12484 LINE全程加密通訊存在弱點，可被用於訊息重送、表情符號洩露、假冒用戶 https://www.darkreading.com/application-security/line-messaging-bugs-asian-cyber-espionage 蘋果宣布推出數位ID，未來出示iPhone即可在美國國內機場進行身分驗證 https://www.ithome.com.tw/news/172267 高通發表Snapdragon 8 Gen 5行動平臺，AI效能提升46% https://www.ithome.com.tw/news/172485 美國警告商業間諜軟體與RAT木馬鎖定WhatsApp與Signal用戶而來 https://thehackernews.com/2025/11/cisa-warns-of-active-spyware-campaigns.html CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users https://thehackernews.com/2025/11/cisa-warns-of-active-spyware-campaigns.html MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants https://thehackernews.com/2025/11/ms-teams-guest-access-can-remove.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 DeepSeek-R1處理帶有中國政治敏感詞彙的AI提示，會導致生成的程式碼漏洞風險增加43％ https://www.ithome.com.tw/news/172460 Cloudflare 近 6 小時服務中斷：分散式系統快速傳播機制成故障放大器 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12473 伊朗駭客入侵軍用船艦的自動識別平臺與監視器，意圖協助軍隊進行飛彈射擊 https://www.ithome.com.tw/news/172396 Mixpanel遭駭殃及OpenAI API用戶 https://www.ithome.com.tw/news/172518 Canon、Mazda美國分公司雙雙被駭入Oracle EBS https://www.ithome.com.tw/news/172491 台灣某行銷公司遭中國APT組織反覆入侵　超過千個網域淪供應鏈攻擊跳板 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12482 倫敦多個法院遭遇網路攻擊，IT系統服務面臨中斷 https://www.bleepingcomputer.com/news/security/multiple-london-councils-it-systems-disrupted-by-cyberattack/ Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft https://thehackernews.com/2025/11/second-sha1-hulud-wave-affects-25000.html Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs https://thehackernews.com/2025/11/chinese-ai-model-deepseek-r1-generates.html China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services https://thehackernews.com/2025/11/china-linked-apt31-launches-stealthy.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 程式碼編排服務JSON Formatter和CodeBeautify被上傳大量機敏資訊，有人爬梳資料並試圖利用 https://www.ithome.com.tw/news/172520 哈佛大學校友事務系統驚傳外洩，校友與捐款者的個資流出 https://securityaffairs.com/185034/security/harvard-reports-vishing-breach-exposing-alumni-and-donor-contact-data.html 伊比利亞航空供應商資料外洩，通知客戶防範網釣 https://www.infosecurity-magazine.com/news/iberia-airlines-supply-chain-data/ 美國媒體與電信集團Cox通報遭Oracle EBS零時差攻擊，個資外洩近萬人受害 https://www.ithome.com.tw/news/172489 達特茅斯學院通報Oracle EBS資料外洩，影響至少上千人 https://www.ithome.com.tw/news/172492 美國房地產融資暨IT服務供應商SitusAMC遭駭，主要銀行客戶資料恐外流 https://www.ithome.com.tw/news/172449 CrowdStrike驚傳員工遭駭客收買，企圖外流身分驗證Cookie與內部螢幕畫面 https://www.ithome.com.tw/news/172443 勒索軟體駭客Cl0p聲稱透過Oracle EBS零時差漏洞，得手博通內部資料 https://www.ithome.com.tw/news/172420 ClickFix網釣出現新變種JackFix，假借Windows更新名義引誘使用者上當 https://www.ithome.com.tw/news/172511 JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers https://thehackernews.com/2025/11/jackfix-uses-fake-windows-update-pop.html Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html ToddyCat's New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens https://thehackernews.com/2025/11/toddycats-new-hacking-tools-steal.html FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams https://thehackernews.com/2025/11/fbi-reports-262m-in-ato-fraud-as.html Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys https://thehackernews.com/2025/11/years-of-jsonformatter-and-codebeautify.html Gainsight串接Salesforce的應用程式遭駭，傳逾200家企業組織受害 https://www.ithome.com.tw/news/172406 Salesforce與Gainsight遭到非法存取，疑似勒索軟體團體ShinyHunters發動攻擊 https://www.ithome.com.tw/news/172514 Gainsight Expands Impacted Customer List Following Salesforce Security Alert https://thehackernews.com/2025/11/gainsight-expands-impacted-customer.html E.研究報告/工具 從布拉格協議到企業韌性重構　地緣政治下的供應鏈資安新戰局 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12471 2026必須關注的資安大趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12480 攻擊手法EchoGram可翻轉AI模型防護，危及大型語言模型輸出安全 https://www.ithome.com.tw/news/172275 F.商業 Azure Local成為主權私有雲核心，微軟同步擴充SAN、GPU與大規模部署能力 https://www.ithome.com.tw/news/172507 資安力量匯聚南臺灣《CYBERDAY 2025資安產業日》 11月28日將於臺南沙崙資安服務基地舉行 https://www.ithome.com.tw/pr/172376 中華資安推出高性價比「資安眼」服務，讓企業輕易做好外部曝險管理 https://www.ithome.com.tw/pr/167622 Palo Alto Networks斥資33.5億美元，宣布買下監測平臺供應商Chronosphere https://www.securityweek.com/palo-alto-networks-to-acquire-observability-platform-chronosphere-in-3-35-billion-deal/ Google推出Private AI Compute，在雲端提供裝置端等級的隱私運算 https://www.ithome.com.tw/news/172203 Smarter Access, Better Protected Data, Faster Audits: Enhancing Your Insider Threat Defense https://thehackernews.com/expert-insights/2025/11/smarter-access-better-protected-data.html 3 SOC Challenges You Need to Solve Before 2026 https://thehackernews.com/2025/11/3-soc-challenges-you-need-to-solve.html When Your $2M Security Detection Fails: Can your SOC Save You https://thehackernews.com/2025/11/when-your-2m-security-detection-fails.html Why Organizations Are Turning to RPAM https://thehackernews.com/2025/11/why-organizations-are-turning-to-rpam.html Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update https://thehackernews.com/2025/11/microsoft-to-block-unauthorized-scripts.html G.政府 國網中心新超級電腦的Nano4系統登上500大超級電腦第29名 https://www.ithome.com.tw/news/172397 臺灣為何需要AI影響性研究中心？衛福部資訊處：要讓醫療AI有機會走進健保給付 https://www.ithome.com.tw/news/172442 數位發展部推動臺灣軟體產業從Project到Product，打造AI 時代產品化與國際化新格局 https://moda.gov.tw/ADI/news/latest-news/18018 國際資安專家齊聚台北！攻防演練聚焦醫療防護 https://ec.ltn.com.tw/article/breakingnews/5261508 跨國網路攻防演練 吸引逾20個國際資安組織參與 https://money.udn.com/money/story/5613/9169694?from=edn_newest_index H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 中國駭客行動「WrtHug」劫持數千台華碩路由器 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12478 華碩DSL系列路由器存在重大漏洞，若不處理攻擊者可繞過身分驗證 https://www.ithome.com.tw/news/172403 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 ISC2 Taipei Chapter 2025年第二屆第二次會員大會暨「共益資安 共榮台灣」資訊安全研討會 2025/11/29 https://isc2taipei.kktix.cc/events/2025agm Atelli × Meta ｜廣告新時代 使用A.I Agent找到高價值客群 2025/12/3 https://www.accupass.com/event/2510150230273871962330 Threat Analyst Summit 2025 威脅分析師高峰會 2025/12/3 - 2025/12/4 https://teamt5.kktix.cc/events/tas2025 從 AI 浪潮看 2026 資安挑戰與治理策略 2025/12/5 https://www.accupass.com/event/2509190930571905392080 國立臺北商業大學資管系AI賦能論壇 2025/12/6 https://www.accupass.com/event/2510150928422567903790 2025 INSIDE Future Day｜人機共築未來新紀元：Next - Gen AI Agents 2025/12/9 https://www.accupass.com/event/2508170359001755695360 軟體開發安全意識與 .NET/Java 安全程式開發課程 2025/12/11-2025/12/12 https://www.accupass.com/event/2501021437092334513410