資安事件新聞週報 2025/11/17 ~ 2025/11/21

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/11/17 ~ 2025/11/21 1.重大弱點漏洞/後門/Exploit/Zero Day 雙重資安警報！Fortinet FortiWeb 零日漏洞遭利用、Akira 勒索軟體鎖定 Nutanix AHV https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12447 Fortinet再度對網頁應用程式防火牆用戶發布公告，修補已遭利用的命令注入漏洞 https://www.ithome.com.tw/news/172330 Fortinet公告網頁應用程式防火牆存在重大漏洞，有多家資安業者透露一個月前就被用於攻擊行動 https://www.ithome.com.tw/news/172274 Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild https://thehackernews.com/2025/11/fortinet-warns-of-new-fortiweb-cve-2025.html SonicWall修補防火牆高風險SSL VPN漏洞，未經身分驗證攻擊者可造成服務中斷 https://www.bleepingcomputer.com/news/security/new-sonicwall-sonicos-flaw-allows-hackers-to-crash-firewalls/ 微軟警急發布例外更新，修補Windows 10無法安裝ESU更新的問題 https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-kb5072653-oob-update-fixes-esu-install-errors/ Microsoft 推出 2025年11月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12443 ServiceNow Now Assist預設代理群組設計存在瑕疵，恐放大二階提示注入風險 https://www.ithome.com.tw/news/172392 ServiceNow的AI代理存在弱點，攻擊者有機會透過二階段提示進行注入攻擊 https://thehackernews.com/2025/11/servicenow-ai-agents-can-be-tricked.html 駭客組織Dragon Breath透過多階段載入工具RoningLoader，意圖散布RAT木馬Gh0st RAT https://www.ithome.com.tw/news/172338 Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html 英國針對7-Zip用戶警告，駭客積極利用符號連結漏洞從事活動 https://www.ithome.com.tw/news/172366 NHS Warns of PoC Exploit for 7-Zip Symbolic Link–Based RCE Vulnerability https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html AI推論框架存在ShadowMQ通訊漏洞，商用與開源多個推論引擎受影響 https://www.ithome.com.tw/news/172294 AI推論引擎存在重大漏洞，恐波及Meta、Nvidia、微軟LLM https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html 人工智慧框架Ray已知漏洞出現攻擊行動，歹徒透過GitLab與GitHub犯案，企圖綁架Ray叢集挖礦 https://www.bleepingcomputer.com/news/security/new-shadowray-attacks-convert-ray-clusters-into-crypto-miners/ WordPress外掛W3 Total Cache存在重大漏洞，可被用於注入PHP命令 https://www.bleepingcomputer.com/news/security/w3-total-cache-wordpress-plugin-vulnerable-to-php-command-injection/ Google發布Chrome 142更新，修補V8引擎零時差漏洞 https://www.ithome.com.tw/news/172328 Dell修補Data Lakehouse重大權限提升漏洞 https://www.ithome.com.tw/news/172290 2.銀行/金融/保險/證券/金融監理新聞及資安高科技業逾5成上雲，金融業緊追，台灣企業AI安全需求成長30% https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12445 定時炸彈「小烏龜」引爆國安危機，政府、金融、軍方網路門戶洞開 https://www.ithome.com.tw/news/172350 華南銀行打造安全的智能數位銀行 https://www.ctee.com.tw/news/20251029700342-439901 是詐騙！銀行寄「取消交易」電子郵件是假的　一按錢錢差點飛了 https://www.nownews.com/news/6756618 Android用戶注意！新NFC竊資手法直接清空你的銀行帳戶 https://www.wealth.com.tw/articles/1a3f0e4e-60cb-4ad3-98e8-2a10ab89208a 3.信用卡/電子支付/行動支付/pay/支付系統/資安 LINE Pay 電子支付即將推出？多家銀行 App 已出現「連加支付」轉帳選項 https://applealmond.com/posts/297476 1300萬戶大搬家！LINE Pay電支展開內測轉帳先行 https://ec.ltn.com.tw/article/paper/1732274 全支付傳盜刷　金管會：遭冒名發釣魚郵件騙取資料 https://taronews.tw/2025/11/20/1111702/ 全支付爆釣魚簡訊詐騙案 39人受害 https://ec.ltn.com.tw/article/breakingnews/5252888 全支付又傳盜刷！電子支付綁信用卡比較不安全？金管會：3種訊息千萬別亂點 https://cava.tw/topic/news/261747 全支付盜刷風暴｜電子支付綁定信用卡比銀行帳戶更安全？金管會曝關鍵差異 https://www.bnext.com.tw/article/85075/pxpay-fraud-incident-financial-supervisory-commission-issues 全支付詐騙案39人受害「難求償」　金管會說明原因 https://today.line.me/tw/v3/article/DRXzJYg?view=topic&referral=TOPIC-fraud 中網友稱教科書台灣電子支付沒普及台網友已讀亂回：我們打繩結 https://news.ltn.com.tw/news/novelty/breakingnews/5249688 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安捷克國家銀行投3100萬買區塊鏈資產　測試投資與監管 https://www.cna.com.tw/news/aopl/202511200361.aspx 加密貨幣怎麼選？2025年10大熱門幣種差異全解析 https://www.cw.com.tw/article/5137958 加密幣新手入圈全攻略 https://www.mirrormedia.mg/story/20251114money001 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 中國駭客APT24入侵臺灣數位行銷業者從事供應鏈攻擊，散布惡意程式BadAudio https://www.ithome.com.tw/news/172377 殭屍網路Tsundere以知名遊戲為誘餌，企圖綁架Windows電腦擴張版圖 https://thehackernews.com/2025/11/tsundere-botnet-expands-using-game.html NPM蠕蟲套件規模擴大，攻擊者產生逾15萬套件，目的是牟取加密貨幣換取經濟利益 https://www.ithome.com.tw/news/172364 惡意NPM套件濫用雲端服務Adspect企圖躲過研究人員調查 https://www.ithome.com.tw/news/172299 惡意軟體TamperedChef以提供AI工具為誘餌來散布 https://thehackernews.com/2025/11/tamperedchef-malware-spreads-via-fake.html 國家級駭客Dragon Breath透過多階段載入工具RoningLoader，意圖散布RAT木馬Gh0st RAT https://thehackernews.com/2025/11/dragon-breath-uses-roningloader-to.html 殭屍網路RondoDox鎖定XWiki伺服器而來，利用重大層級已知漏洞發動攻擊 https://www.ithome.com.tw/news/172277 北韓駭客濫用JSON服務，藉此散布惡意軟體 https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html 勒索軟體HelloKitty餘黨另起爐灶Kraken，並在加密檔案前確認受害電腦的性能 https://www.bleepingcomputer.com/news/security/kraken-ransomware-benchmarks-systems-for-optimal-encryption-choice/ Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT https://thehackernews.com/2025/11/dragon-breath-uses-roningloader-to.html RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet https://thehackernews.com/2025/11/rondodox-exploits-unpatched-xwiki.html North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates https://thehackernews.com/2025/11/edgestepper-implant-reroutes-dns.html ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts https://thehackernews.com/2025/11/servicenow-ai-agents-can-be-tricked.html TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign https://thehackernews.com/2025/11/tamperedchef-malware-spreads-via-fake.html Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows https://thehackernews.com/2025/11/tsundere-botnet-expands-using-game.html ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves https://thehackernews.com/2025/11/threatsday-bulletin-0-days-linkedin.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊安卓惡意軟體Sturnus鎖定加密通訊軟體Signal、WhatsApp而來，意圖竊取對話內容 https://www.bleepingcomputer.com/news/security/multi-threat-android-malware-sturnus-steals-signal-whatsapp-messages/ 導入Rust有成，Google讓Android記憶體漏洞降至兩成以下，還提升交付效率 https://www.ithome.com.tw/news/172247 Rust Adoption Drives Android Memory Safety Bugs Below 20% for First Time https://thehackernews.com/2025/11/rust-adoption-drives-android-memory.html CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat https://thehackernews.com/2025/11/ctm360-exposes-global-whatsapp.html New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices https://thehackernews.com/2025/11/new-sturnus-android-trojan-quietly.html 以Python打造的WhatsApp蠕蟲鎖定巴西，散布竊資軟體Eternidade Stealer https://thehackernews.com/2025/11/python-based-whatsapp-worm-spreads.html Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices https://thehackernews.com/2025/11/python-based-whatsapp-worm-spreads.html ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet https://thehackernews.com/2025/11/shadowray-20-exploits-unpatched-ray.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 Cloudflare故障6小時，波及ChatGPT及X等服務 https://www.ithome.com.tw/news/172333 開源權重大型語言模型經不起多輪提示攻擊，企業採用安全風險浮現 https://www.ithome.com.tw/news/172206 微軟緩解殭屍網路Aisuru高達15.7 Tbps的DDoS攻擊 https://www.ithome.com.tw/news/172292 東和紡織發布資安重訊，公告部分資訊系統遭網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=173215&SPOKE_DATE=20251119&COMPANY_ID=1414 資服業者中菲電腦發布資安重訊，指出該公司遭遇網路攻擊事故 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=174349&SPOKE_DATE=20251117&COMPANY_ID=5403 Jaguar Land Rover受網路攻擊衝擊，第二季財報認列約2億英鎊相關損失 https://www.ithome.com.tw/news/172284 英國推新網路安全法案 ! 強制MSP通報，擴大監管供應鏈 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12446 從 Log4j 到 IIS：中國駭客將舊漏洞轉為全球間諜工具 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12448 國安局警告中國打造的生成式AI模型存在資安風險 https://www.ithome.com.tw/news/172279 伊朗駭客APT42從事SpearSpecter攻擊活動，鎖定以色列國防機構與政府組織而來 https://www.ithome.com.tw/news/172386 伊朗駭客UNC1549鎖定航太與國防領域而來，透過第三方供應商及VDI環境從事供應鏈攻擊 https://www.ithome.com.tw/news/172394 伊朗駭客UNC1549鎖定航太與國防領域而來，散布惡意程式DeepRoot與TwostRoke https://thehackernews.com/2025/11/iranian-hackers-use-deeproot-and.html 伊朗駭客入侵軍用船艦的自動識別平臺，意圖協助軍隊進行飛彈射擊 https://thehackernews.com/2025/11/iran-linked-hackers-mapped-ship-ais.html 伊朗駭客入侵軍用船艦的自動識別平臺與監視器，意圖協助軍隊進行飛彈射擊 https://www.ithome.com.tw/news/172396 荷蘭警方查獲250臺非法用途的主機代管伺服器 https://www.bleepingcomputer.com/news/security/dutch-police-seizes-250-servers-used-by-bulletproof-hosting-service/ SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny https://thehackernews.com/2025/11/sec-drops-solarwinds-case-after-years.html APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains https://thehackernews.com/2025/11/apt24-deploys-badaudio-in-years-long.html Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt https://thehackernews.com/2025/11/iran-linked-hackers-mapped-ship-ais.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全羅技證實遭 Cl0p 勒索集團攻擊！1.8 TB 資料外洩 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12456 羅技傳因Oracle零時差漏洞攻擊資料遭竊，疑外流1.8 TB資料 https://www.ithome.com.tw/news/172291 網釣攻擊套件Sneaky 2FA整合Browser-in-the-Browser機制，企圖透過幾可亂真的「彈出式視窗」騙取微軟帳號 https://thehackernews.com/2025/11/sneaky-2fa-phishing-kit-adds-bitb-pop.html 法國居家照護服務媒合機構Pajemploi資料外洩，120萬人個資恐外流 https://www.bleepingcomputer.com/news/security/french-agency-pajemploi-reports-data-breach-affecting-12m-people/ Amatera Stealer與NetSupport RAT透過網釣接觸受害者，透過系統呼叫逃過偵測機制 https://www.ithome.com.tw/news/172307 大規模ClickFix網釣鎖定旅館而來，散布惡意軟體PureRAT，得逞後再向住房旅客行騙 https://www.ithome.com.tw/news/172319 中國資安業者知道創宇傳出資料外洩，曝露中國政府對全球進行監控的意圖 https://www.ithome.com.tw/news/172322 電信業者Eurofiber France傳出資料外洩，駭客號稱竊得1萬家企業與政府機關客戶資料 https://www.bleepingcomputer.com/news/security/eurofiber-france-warns-of-breach-after-hacker-tries-to-sell-customer-data/ 深入授權投票釣魚運作流程，LINE臺灣如何找出阻斷詐騙活動的關鍵 https://www.ithome.com.tw/news/172289 駭客宣稱利用約聘人員存取憑證，竊得三星公司機密資料 https://www.ithome.com.tw/news/172266 5 Reasons Why Attackers Are Phishing Over LinkedIn https://thehackernews.com/2025/11/5-reasons-why-attackers-are-phishing.html Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar https://thehackernews.com/2025/11/sneaky-2fa-phishing-kit-adds-bitb-pop.html Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity https://thehackernews.com/2025/11/salesforce-flags-unauthorized-data.html E.研究報告/工具超過六成AI知名新創業者AI機密曝險，攻擊者恐從GitHub挖掘相關資料 https://www.ithome.com.tw/news/172253 Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software https://thehackernews.com/2025/11/application-containment-how-to-use.html Why IT Admins Choose Samsung for Mobile Security https://thehackernews.com/2025/11/why-it-admins-choose-samsung-for-mobile.html F.商業 Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year https://thehackernews.com/2025/11/meta-expands-whatsapp-security-research.html G.政府數發部推「政府AI應用平臺」，共創公私協作AI應用新生態 https://moda.gov.tw/press/press-releases/17952 先試用後採購數發部 TryAI 平台明年將本土 AI 上架共契 https://www.cio.com.tw/102279/ 數位發展部推動防詐新生態《網路詐騙通報查詢網3.0》開啟公私協力新階段 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000738075_CZALPLXN87FJKC4MGS483 數位發展部數位產業署舉辦GenAI Stars Demo Day 金質獎、潛力之星齊秀百工百業AI創新成果 https://moda.gov.tw/ADI/news/latest-news/17926 當民生公共物聯網遇到AI—資料應用成果發表會登場展現AI應用與資料創新成效 https://moda.gov.tw/ADI/news/latest-news/17938 標案遭指違規用中國製品　資安院：驗收人員沒注意到 https://www.cna.com.tw/news/aipl/202511050110.aspx 資安院、大同醫護上下交相賊　數發部次長淡然微笑 https://www.i-meihua.com/Article/Detail/38045 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 ASUS 緊急修補 DSL 路由器重大漏洞，駭客可無需驗證遠端登入 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12457 華碩路由器已知漏洞遭到利用，中國駭客以此綁架設備，意圖架設ORB網路 https://www.ithome.com.tw/news/172360 中國駭客PlushDaemon從事軟體供應鏈攻擊，入侵路由器竄改DNS組態，以便對受害電腦散布惡意軟體更新 https://www.ithome.com.tw/news/172357 已終止支援的D-Link路由器DIR-878存在RCE漏洞，概念驗證程式碼已公開 https://www.bleepingcomputer.com/news/security/d-link-warns-of-new-rce-flaws-in-end-of-life-dir-878-routers/ 華碩DSL系列路由器存在重大漏洞，若不處理攻擊者可繞過身分驗證 https://www.bleepingcomputer.com/news/security/asus-warns-of-critical-auth-bypass-flaw-in-dsl-series-routers/ I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Tech & Tea 2025/11/22 https://www.meetup.com/innovate-taiwan/events/311710516/ Amarathon 2025 2025/11/22 https://www.meetup.com/gcr-aws-usergroup/events/311779758/ Taiwan KUG Conference 2025 2025/11/22 https://www.meetup.com/taiwan-kotlin-user-group/events/311564439/ MaiCoin 反詐騙講座 2025/11/26 https://www.accupass.com/event/2510290804091189108084 Flutter Tokyo #11 2025/11/26 https://www.meetup.com/flutter-meetup-tokyo/events/311758235/ ISC2 Taipei Chapter 2025年第二屆第二次會員大會暨「共益資安共榮台灣」資訊安全研討會 2025/11/29 https://isc2taipei.kktix.cc/events/2025agm Atelli × Meta ｜廣告新時代使用A.I Agent找到高價值客群 2025/12/3 https://www.accupass.com/event/2510150230273871962330 Threat Analyst Summit 2025 威脅分析師高峰會 2025/12/3 - 2025/12/4 https://teamt5.kktix.cc/events/tas2025 從 AI 浪潮看 2026 資安挑戰與治理策略 2025/12/5 https://www.accupass.com/event/2509190930571905392080 國立臺北商業大學資管系AI賦能論壇 2025/12/6 https://www.accupass.com/event/2510150928422567903790 2025 INSIDE Future Day｜人機共築未來新紀元：Next - Gen AI Agents 2025/12/9 https://www.accupass.com/event/2508170359001755695360 軟體開發安全意識與 .NET/Java 安全程式開發課程 2025/12/11-2025/12/12 https://www.accupass.com/event/2501021437092334513410