###### tags: `資安事件新聞週報` # 資安事件新聞週報 2026/4/27 ~ 2026/5/1 1.重大弱點漏洞/後門/Exploit/Zero Day Linux作業系統套件管理器存在資安漏洞Pack2TheRoot，攻擊者能取得root權限 https://www.ithome.com.tw/news/175353 群暉修補SSL VPN Client工具程式兩個漏洞，未更新可能導致敏感資料外洩 https://www.ithome.com.tw/news/175110 SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack https://thehackernews.com/2026/04/sap-npm-packages-compromised-by-mini.html Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution https://thehackernews.com/2026/04/google-fixes-cvss-10-gemini-cli-ci-rce.html New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html LMDeploy LLM推論工具SSRF漏洞公開後13小時內即遭利用 https://www.ithome.com.tw/news/175331 LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html LiteLLM重大漏洞公布後36小時出現攻擊活動 https://www.ithome.com.tw/news/175400 LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html 微軟修補Entra ID權限漏洞，防止AI代理管理角色遭到濫用 https://www.ithome.com.tw/news/175399 微軟修補Windows Active Directory重大漏洞，未更新恐成為入侵企業網路入口 https://www.ithome.com.tw/news/175118 微軟開放用戶無限制推遲Windows更新，可不更新就關機 https://www.ithome.com.tw/news/175318 Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover https://thehackernews.com/2026/04/microsoft-patches-entra-id-role-flaw.html Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html APT28將Windows Shell欺騙漏洞用於實際攻擊 https://www.ithome.com.tw/news/175440 美國CISA緊急擴充KEV清單，五大漏洞威脅Windows與網路設備 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12867 CISA警告ConnectWise ScreenConnect、Windows Shell漏洞已出現攻擊行動 https://www.ithome.com.tw/news/175431 CISA將微軟Defender漏洞BlueHammer列入KEV清單，要求各機構限期修補 https://www.ithome.com.tw/news/175320 CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV https://thehackernews.com/2026/04/cisa-adds-actively-exploited.html Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side https://thehackernews.com/2026/04/mythos-changed-math-on-vulnerability.html PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks https://thehackernews.com/2026/04/phantomcore-exploits-trueconf.html Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html cPanel修補重大身分驗證漏洞，未更新可能導致攻擊者接管主機 https://www.ithome.com.tw/news/175449 Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately https://thehackernews.com/2026/04/critical-cpanel-authentication.html Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push https://thehackernews.com/2026/04/researchers-discover-critical-github.html Mandiant示警：企業搶導AI卻忘基本功，舊漏洞趁虛釀成無聲入侵 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12866 Google發布Chrome瀏覽器更新，修補30個安全性問題，含4個重大漏洞 https://www.ithome.com.tw/news/175444 一次盤點OpenClaw近期嚴重漏洞，關注AI代理框架安全風險 https://www.ithome.com.tw/news/175413 OpenClaw強化權限管理與系統穩定性，修復繞過策略與憑證洩漏等弱點 https://www.ithome.com.tw/news/175372 Hugging Face機器人平臺LeRobot存在重大漏洞，未經身分驗證的攻擊者可執行任意程式碼 https://www.ithome.com.tw/news/175397 高風險GitHub漏洞極容易被利用，攻擊者只需透過推送Git就能觸發 https://www.ithome.com.tw/news/175406 TeamT5 ThreatSonar反勒索軟體存在高風險漏洞，可被提升權限、刪除任何檔案 https://www.ithome.com.tw/news/175410 Google修補Gemini CLI重大漏洞，未更新可能導致開發整合流程遭遇遠端執行程式碼攻擊 https://www.ithome.com.tw/news/175384 韓國KISA首度啟動安全漏洞清理服務，首波因應目標是WGear網銀RCE漏洞 https://www.ithome.com.tw/news/175351 RPC零時差漏洞PhantomRPC可被用於提升權限 https://www.ithome.com.tw/news/175341 Notepad++修補字串輸入漏洞，未更新可能導致資訊洩漏或程式當機 https://www.ithome.com.tw/news/175362 Tenable修補Nessus弱點掃描代理程式漏洞，未更新可能導致攻擊者取得SYSTEM權限 https://www.ithome.com.tw/news/175352 CrowdStrike修補LogScale重大漏洞，未更新可能導致遠端讀取任意檔案 https://www.ithome.com.tw/news/175327 Python存在高風險的記憶體存取漏洞，未修補可能導致越界寫入與記憶體資料損毀 https://www.ithome.com.tw/news/175332 用AI發現漏洞還不夠，Google指出自動化大規模修補才是防禦核心 https://www.ithome.com.tw/news/175328 Google發布Chrome瀏覽器更新，修補19項漏洞，含2個高風險漏洞 https://www.ithome.com.tw/news/175322 Web應用框架ASP.NET Core DataProtection套件存在提權漏洞，受影響環境須升級並輪換金鑰 https://www.ithome.com.tw/news/175258 2.銀行/金融/保險/證券/金融監理 新聞及資安 銀行業加速調整腳步：傳統風險反彈、新型威脅擴大 關注信用風險、金融犯罪 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12863 一張圖看2026年金融業企業資安風險 https://www.ithome.com.tw/article/175432 資安AI代理崛起，金融和百億企業積極擁抱零信任 https://www.ithome.com.tw/article/175313 FIDO聯盟推動AI代理互動與驗證標準，降低AI代理線上交易風險 https://www.ithome.com.tw/news/175396 整體資安預算大增13％，金融業更加碼近2成 https://www.ithome.com.tw/article/175310 智慧資安攜手池安量子資安 鎖定金融與政府搶攻 PQC 遷移 https://netmag.tw/2026/04/29/taiwan-builds-quantum-resilience 從防禦到韌性：零信任架構重塑金融安全新標竿 https://infosecu.technews.tw/2026/04/27/reshaping-a-new-benchmark-for-financial-security/ Options Technology擴大金融服務版圖，為某一級銀行在冰島大規模佈署人工智慧 https://reurl.cc/zQQvRQ 3.信用卡/電子支付/行動支付/pay/支付系統/資安 美國運通卡支援 Apple Pay 行動支付體驗全面升級 https://www.ctee.com.tw/news/20260428701950-431207 臺網攜手一卡通 強化電子支付資安 https://money.udn.com/money/story/5612/9473746 一卡通導入行動身分識別，靠電信門號身分驗證強化電支交易安全 https://www.ithome.com.tw/news/175386 日本PayPay在台可支付　掃「悠遊付-TWQR」享優惠 https://www.cna.com.tw/news/aloc/202604270315.aspx 日本Bitbank攜手Epos發行加密信用卡 消費享比特幣回饋 https://news.pchome.com.tw/finance/sunmedia/20260429/index-77746758720526329003.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 北韓駭客Famous Chollima透過AI生成惡意NPM套件，藉此洗劫開發人員加密貨幣資產 https://www.ithome.com.tw/news/175450 重磅！PayPal 宣布戰略重組將「支付與加密貨幣」納入三大核心業務，高管大換血強攻 AI 轉型 https://www.blocktempo.com/paypal-strategic-restructuring-crypto-ai-leadership-changes/ 萬事達卡迎戰支付變革 AI與加密貨幣夥伴關係併行股東挑戰 https://pchome.megatime.com.tw/news/cat1/20260430/77752804696270329003.html 加拿大擬禁加密貨幣 ATM 切斷犯罪關鍵工具 https://www.epochtimes.com/b5/26/4/30/n14753822.htm 日本Bitbank攜手Epos發行加密信用卡 消費享比特幣回饋 https://news.pchome.com.tw/finance/sunmedia/20260429/index-77746758720526329003.html Veera與Turnkey合作，為其加密銀行帶來10秒快速入門及生物識別登入功能 https://www.mexc.com/zh-TW/news/1066159 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 委內瑞拉能源及公用事業部門遭資料破壞軟體Lotus Wiper攻擊 https://www.ithome.com.tw/news/175454 後門程式FireStarter鎖定思科防火牆，中國駭客利用已知漏洞滲透裝置 https://www.ithome.com.tw/news/175309 美國聯邦機構的思科防火牆遭後門程式FireStarter攻擊 https://www.ithome.com.tw/news/175314 勒索軟體VECT 2.0加密檔案出錯，受害者付錢也無法完全復原檔案 https://www.ithome.com.tw/news/175417 UNC6692冒充IT服務臺，透過Teams散布惡意軟體套件Snow https://www.ithome.com.tw/news/175394 蠕蟲程式GlassWorm透過73個VS Code延伸套件潛伏於Open VSX儲存庫 https://www.ithome.com.tw/news/175340 勒索軟體Gentlemen透過代理伺服器工具SystemBC滲透企業組織 https://www.ithome.com.tw/news/175442 Linux惡意軟體GoGra濫用Microsoft Graph API隱匿活動蹤跡 https://www.ithome.com.tw/news/175315 New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs https://thehackernews.com/2026/04/new-wave-of-dprk-attacks-uses-ai.html FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches https://thehackernews.com/2026/04/firestarter-backdoor-hit-federal-cisco.html Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2 https://thehackernews.com/2026/04/tropic-trooper-uses-trojanized.html UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware https://thehackernews.com/2026/04/unc6692-impersonates-it-helpdesk-via.html Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software https://thehackernews.com/2026/04/researchers-uncover-pre-stuxnet-fast16.html Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware https://thehackernews.com/2026/04/researchers-uncover-73-fake-vs-code.html EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades https://thehackernews.com/2026/04/etherrat-distribution-spoofing.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 蘋果App Store驚見假錢包，FakeWallet攻擊竊取助記詞 https://www.ithome.com.tw/news/175477 26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases https://thehackernews.com/2026/04/26-fakewallet-apps-found-on-apple-app.html 手機借人不怕被亂看！Android新功能可幫App上鎖 https://www.sogi.com.tw/articles/how-to-android/6268420 歐盟出手立法！手機重回「換電池」時代　2巨頭面臨挑戰 https://www.mirrormedia.mg/story/20260428edi029 三星研究指出：大眾對於公共場合使用智慧型手機的隱私保護意識日益提升 https://reurl.cc/2aa2V4 OpenAI 可能會開始生產內建晶片的智慧型手機 https://www.gamereactor.cn/openai-might-start-producing-a-smartphone-with-in-house-chips-1302493/ 智生活取得 MAS L3 認證 守護社區 App 資安及隱私 https://news.cnyes.com/news/id/6438608 AI爭奪戰！這款APP大陸用戶增長最猛 遠超其他應用程式 https://udn.com/news/story/7333/9472441 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 600萬臺連網伺服器還在使用FTP，四成未加密 https://www.ithome.com.tw/news/175232 AI代理人9秒刪掉新創公司PocketOS的資料庫及備份 https://www.ithome.com.tw/news/175391 Google六月起將處罰使用返回鍵劫持手法的網站 https://www.ithome.com.tw/news/175106 因應資安人才缺口， 3成CIO想靠AI緩解 https://www.ithome.com.tw/article/175311 人才和資料治理是AI資安兩大難題 https://www.ithome.com.tw/article/175312 中國駭客Tropic Trooper鎖定臺灣、日本、韓國，透過Adaptix C2與VS Code隧道控制受害電腦 https://www.ithome.com.tw/news/175324 中國駭客GopherWhisper鎖定蒙古，利用多種雲端服務從事網路間諜活動 https://www.ithome.com.tw/news/175325 數位控制器製造商新代科技遭勒索軟體攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=213035&SPOKE_DATE=20260429&COMPANY_ID=7750 SAP的NPM套件遭Mini Shai-Hulud攻擊 https://www.ithome.com.tw/news/175446 藏匿於合法流量之中：UNC6692 如何以 AWS S3 繞過網路聲譽過濾 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12869 荷蘭軍情機構示警：中國網攻能力已與美國並駕齊驅，大量行動潛伏未被偵測 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12864 Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks https://thehackernews.com/2026/04/chinese-silk-typhoon-hacker-extradited.html Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign https://thehackernews.com/2026/04/brazilian-lofygang-resurfaces-after.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 金鑰管理問題大！Thales警示過半企業未自行掌控雲端資料加密金鑰 https://www.ithome.com.tw/news/174807 影音串流平臺Vimeo遭Anodot資料外洩事件波及，部分用戶與客戶資料遭未經授權存取 https://www.ithome.com.tw/news/175403 駭客冒充IT與客服人員，透過跨租戶Teams通訊進行社交工程攻擊 https://www.ithome.com.tw/news/175392 駭客組織BlackFile鎖定零售與餐旅業竊取資料，並索討7位數的高價贖金 https://www.ithome.com.tw/news/175383 Checkmarx證實GitHub資料遭駭客團體Lapsus$流入暗網 https://www.ithome.com.tw/news/175338 醫療設備製造商美敦力資料外洩，駭客聲稱竊取逾900萬筆個資 https://www.ithome.com.tw/news/175360 網路學習平臺Udemy傳資料外洩，ShinyHunters聲稱竊得140萬筆個資 https://www.ithome.com.tw/news/175367 美國NASA傳出遭中國駭客網釣，意圖竊取美國國防軟體 https://www.ithome.com.tw/news/175457 NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud https://thehackernews.com/2026/04/fake-captcha-irsf-scam-and-120-keitaro.html ShinyHunters傳竊得保全巨人ADT、遊輪業者Carnival數百萬筆資料 https://www.ithome.com.tw/news/175316 E.研究報告/工具 2025年API資安事故頻傳，遭遇危機的企業比例高達87％ https://www.ithome.com.tw/news/175459 Google警告量子破解門檻下降20倍，ECC攻擊時間縮至分鐘級 https://www.ithome.com.tw/news/174829 3月多起供應鏈攻擊揭露CI/CD管線風險，GitLab提出防護建議 https://www.ithome.com.tw/news/174939 OpenAI開源可自動去識別化資料的Privacy Filter模型，強化AI隱私基礎設施 https://www.ithome.com.tw/news/175246 從「零信任網路」到「雙零安全」 https://www.ithome.com.tw/article/175255 Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine https://thehackernews.com/2026/04/bridging-ai-agent-authority-gap.html Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About https://thehackernews.com/2026/04/why-secure-data-movement-is-zero-trust.html Mythos模型問世，臺灣兩大資安廠商警示AI將使攻擊門檻大幅降低 https://www.ithome.com.tw/news/175398 After Mythos: New Playbooks For a Zero-Window Era https://thehackernews.com/2026/04/after-mythos-new-playbooks-for-zero.html What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong) https://thehackernews.com/2026/04/what-to-look-for-in-exposure-management.html What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong) https://thehackernews.com/2026/04/what-to-look-for-in-exposure-management.html F.商業 CTM360 Exposes Global GovTrap Campaign With 11,000+ Fake Government Portals Targeting Citizens Worldwide https://thehackernews.com/expert-insights/2026/04/ctm360-exposes-global-govtrap-campaign.html 2025企業面臨勒索軟體攻擊的衝擊，Veeam警示能完全復原資料的比例不到3成 https://www.ithome.com.tw/news/175416 一張圖看2026年整體臺灣企業資安風險 https://www.ithome.com.tw/article/175420 一張圖看2026年高科技製造業企業資安風險 https://www.ithome.com.tw/article/175433 儲域網路進入128G FC時代，博科第8代產品結合AI與量子安全 https://www.ithome.com.tw/review/172764 Mandiant推出免費資安教學平臺FLARE Learning Hub https://www.ithome.com.tw/news/175228 今年臺灣大型企業IT預算成長9%，CIO從數位轉型邁向AI轉型布局 https://www.ithome.com.tw/news/175333 Fortinet新一代中高階NGFW登場，提供26 Gbps威脅防護效能 https://www.ithome.com.tw/review/172669 微軟對Exchange與Skype for Business發布第二階段ESU，延長安全更新至2026年10月 https://www.ithome.com.tw/news/175218 為因應生成式AI帶來的資安風險，開源排程平臺Cal.com宣布商業版本轉為閉源 https://www.ithome.com.tw/news/175107 看好基於eBPF的執行期防護與韌體分析市場，義大利商Exein登臺設立亞太營運中心 https://www.ithome.com.tw/news/175206 G.政府 資安院9月啟動第二屆漏洞獵捕　鎖定政府機關常用軟體強化供應鏈安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12868 資安院首屆漏洞獵捕活動發現20個硬體產品漏洞，今年第二屆活動開放AI工具挖掘軟體漏洞 https://www.ithome.com.tw/news/175329 資安署與資安院共同舉辦SBOM工作坊 助企業布局全球市場 https://moda.gov.tw/ACS/press/news/press/19580 臺馬三號海纜部分芯線受損不到一個月發生全斷，中華電信緊急以微波備援東引通訊 https://www.ithome.com.tw/news/175455 臺馬三號北竿東引段海纜全斷 數發部啟動微波備援 https://ec.ltn.com.tw/article/breakingnews/5420382 高德一亮燈，數位發展部露餡了嗎 https://reurl.cc/dppE8k 從算力到碳管理 AI助攻產業雙軸轉型 https://www.cna.com.tw/newsworld/article/20260429n007/ 日本前數位大臣平將明訪台 將見賴清德、拜會國防部與數發部 https://today.line.me/tw/v3/article/gz9p1Ra H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software https://thehackernews.com/2026/04/researchers-uncover-pre-stuxnet-fast16.html 關鍵基礎設施資安警訊：美國電力商 Itron 遭駭，DC 電源調節器成新型攻擊入口 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12865 研究人員揭露比Stuxnet還要早被利用的工控惡意軟體Fast16 https://www.ithome.com.tw/news/175389 CISA警告D-Link路由器命令注入漏洞被用於實際攻擊 https://www.ithome.com.tw/news/175346 殭屍網路Mirai變種綁架生命週期結束的D-Link路由器 https://www.ithome.com.tw/news/175307 樹莓派OS新版改變預設行為，sudo指令需輸入密碼 https://www.ithome.com.tw/news/175109 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Jamf 資安體驗館 - CYBERSEC 2026 台灣資安大會 2026/5/5 - 2026/5/7 https://jamf.kktix.cc/events/cybersec2026-jamf 邁向現代化資安防禦：以零信任為核心的 macOS 全方位管理架構 2026/5/25 https://jamf.kktix.cc/events/mac-security-workshop-2026q2 Gemini實戰全攻略-打造你的AI工作流 2026/5/30 https://www.accupass.com/event/2602191339327923594810 行動優先時代：如何兼顧工作效率與企業資安 2026/6/5 https://jamf.kktix.cc/events/mobile-security-workshop-2026q2 CraftCon Taiwan 2026｜全台唯一 AI 資安技術研討會 2026/7/3 https://cycraft.kktix.cc/events/craftcon2026