###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/10/27 ~ 2025/10/31 1.重大弱點漏洞/後門/Exploit/Zero Day 微軟緊急發布 Windows Server 修補程式，修復重大 RCE 漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12372 WSUS重大漏洞微軟破例發布額外更新，傳出已被用於攻擊行動 https://www.ithome.com.tw/news/171857 微軟修補有史以來最嚴重的ASP.NET Core漏洞 https://www.ithome.com.tw/news/171939 威聯通警告旗下備份軟體受到ASP.NET Core近滿分漏洞影響 https://www.ithome.com.tw/news/171906 Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation https://thehackernews.com/2025/10/microsoft-issues-emergency-patch-for.html CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do https://thehackernews.com/2025/10/a-new-security-layer-for-macos-takes.html Chrome Zero-Day Exploited to Deliver Italian Memento Labs' LeetAgent Spyware https://thehackernews.com/2025/10/chrome-zero-day-exploited-to-deliver.html New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands https://thehackernews.com/2025/10/new-chatgpt-atlas-browser-exploit-lets.html Adobe Commerce 重大漏洞遭大規模利用　電商平台面臨帳號劫持風險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12368 Adobe電子商務平臺重大層級漏洞SessionReaper已被用於攻擊行動，逾半數未修補恐成目標 https://www.ithome.com.tw/news/171872 滿分漏洞RediShell迄今仍有超過8,500臺Redis主機尚未修補 https://gbhackers.com/redishell-rce-vulnerability/ 零點擊攻擊手法Shadow Escape利用MCP伺服器弱點，從AI代理竊取敏感資料 https://www.ithome.com.tw/news/171969 WordPress資安外掛存在漏洞，恐向任意訂閱者曝露私人資料 https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/ WordPress外掛已知漏洞被盯上，駭客用於發動大規模攻擊 https://www.bleepingcomputer.com/news/security/hackers-launch-mass-attacks-exploiting-outdated-wordpress-plugins/ 研究揭露TEE.fail攻擊，1000美元裝置可破解Intel、AMD處理器與Nvidia GPU機密運算 https://www.ithome.com.tw/news/171935 Oracle EBS資安漏洞CVE-2025-61884追追追！有資安媒體認為在修補前已被利用 https://www.ithome.com.tw/news/171822 IDE工具Cursor、Windsurf存在近百個Chromium已知漏洞而面臨重大風險 https://www.ithome.com.tw/news/171858 2.銀行/金融/保險/證券/金融監理 新聞及資安 公股銀網站 頻遭駭客攻擊 https://reurl.cc/Eb7Kgg 帳戶太久沒用，會被銀行「合法充公」？網傳存款將被銀行收走，專家揭真相 https://www.storm.mg/lifestyle/11073976 出國旅遊機場充電小心了！專家：當心被竊取銀行密碼 6招安心在外充電 https://reurl.cc/Vm6aYA 王定宇爆：銀行KYC用大陸資料庫 機敏單位官兵申貸列高風險 https://udn.com/news/story/10930/9103974 3.信用卡/電子支付/行動支付/pay/支付系統/資安 產發局獎勵電子支付 北市議員爆有攤商達標就停用疑「騙補助」 https://ec.ltn.com.tw/article/breakingnews/5228929 北捷大升級！明年起可用手機嗶進站，「這群人」不包含在內 https://supertaste.tvbs.com.tw/hot/356995 iPhone還不能「嗶」進機捷... 桃捷公司：Apple Pay最快明年底上線 https://money.udn.com/money/story/122328/9109540 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 深化加密貨幣布局！Visa 宣布支援 4 穩定幣、 4 區塊鏈 https://blockcast.it/2025/10/29/visa-adding-support-for-four-stablecoins-on-four-unique-blockchains/ 11家幣商被鍘！虛擬資產專法上路　金管會證實共罰1300萬元 https://finance.ettoday.net/news/3058984 穩定幣激增促使監管機構對全球銀行加密資產新規進行審查 https://m.cnyes.com/news/id/6213668 競爭對手上市重塑格局，Coinbase 仍在美國加密貨幣競爭中保持優勢 https://tw.tradingview.com/news/reuters.com,2025:newsml_L4T3WC0XF:0/ 中國央行行長潘功勝：堅持嚴打加密貨幣！穩定幣尚在發展早期，力推數位人民幣發展 https://www.blocktempo.com/pan-gongsheng-crypto-and-e-cny/ 穩定幣若成跨境支付工具　央行研議申報規範 https://today.line.me/tw/v3/article/Opg0wBy 以太坊將成最大贏家！渣打預測「代幣化 RWA」市值 2028 年上看 2 兆美元 https://blockcast.it/2025/10/31/standard-chartered-sees-tokenized-real-world-assets-reaching-2-trillion-by-2028/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體Akira聲稱對開源辦公室套件專案Apache OpenOffice下手，竊得23 GB內部資料 https://hackread.com/akira-ransomware-stole-apache-openoffice-data/ 具備自我散布能力的蠕蟲GlassWorm鎖定VS Code用戶而來，在兩大市集橫行 https://www.ithome.com.tw/news/171854 APT駭客Bitter透過WinRAR零時差漏洞從事攻擊，藉由惡意Word檔案竊取資料 https://gbhackers.com/winrar-zero-day/ 中國駭客UTA0388鎖定臺灣等亞太地緣政治議題，透過LLM從事網釣，散布惡意程式GoverShell https://www.ithome.com.tw/news/171861 OpenAI打造的AI瀏覽器Atlas存在弱點，Omnibox可被假URL誘發執行惡意指令 https://www.ithome.com.tw/news/171893 為迴避偵測，勒索軟體Qilin在Windows電腦使用Linux加密工具犯案 https://www.ithome.com.tw/news/171904 惡意NPM套件攻擊PhantomRaven鎖定開發人員，意圖竊取NPM與GitHub憑證等CI/CD機密 https://www.ithome.com.tw/news/171953 竊資軟體透過NPM套件散布，針對三大平臺盜取敏感資料 https://www.ithome.com.tw/news/171963 資安鑑識工具Velociraptor遭到濫用，中國駭客Storm-2603用於勒索軟體活動 https://www.ithome.com.tw/news/171971 惡意軟體Atroposia整合漏洞掃描工具，以便攻擊者進行後續攻擊活動 https://www.bleepingcomputer.com/news/security/new-atroposia-malware-comes-with-a-local-vulnerability-scanner/ 思科回顧今年勒索軟體Qilin攻擊事故，6月與8月均有近百個組織受害 https://www.ithome.com.tw/news/171928 義大利間諜軟體開發商東山再起，濫用Chrome零時差漏洞散布惡意程式Dante https://www.ithome.com.tw/news/171932 APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign https://thehackernews.com/2025/10/apt36-targets-indian-government-with.html ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands https://thehackernews.com/2025/10/chatgpt-atlas-browser-can-be-tricked-by.html Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack https://thehackernews.com/2025/10/qilin-ransomware-combines-linux-payload.html Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.html ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html 10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux https://thehackernews.com/2025/10/10-npm-packages-caught-stealing.html 駭客打造YouTube幽靈網路來散布竊資程式 https://www.ithome.com.tw/news/171885 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation https://thehackernews.com/2025/10/3000-youtube-videos-exposed-as-malware.html Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 安卓惡意程式Herodotus為避免活動被察覺有異，刻意模仿人類打字的頻率 https://www.bleepingcomputer.com/news/security/new-herodotus-android-malware-fakes-human-typing-to-avoid-detection/ Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month https://thehackernews.com/2025/10/googles-built-in-ai-defenses-on-android.html X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts https://thehackernews.com/2025/10/x-warns-users-with-security-keys-to-re.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 崇越科技遭駭客入侵，伺服器資料被加密 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=120009&SPOKE_DATE=20251025&COMPANY_ID=5434 72個國家簽署《聯合國打擊網路犯罪公約》 https://www.ithome.com.tw/news/171903 AWS公布故障原因，是自動化出錯惹的禍 https://www.ithome.com.tw/news/171852 新型態攻擊手法濫用Microsoft Copilot Studio，攻擊者可竊取OAuth憑證 https://www.bleepingcomputer.com/news/security/new-cophish-attack-steals-oauth-tokens-via-copilot-studio-agents/ 資安業者揭露BiDi Swap手法，可透過瀏覽器解讀文字方向的方式愚弄使用者 https://www.bleepingcomputer.com/news/security/bidi-swap-the-bidirectional-text-trick-that-makes-fake-urls-look-real/ AIxCC競賽隊伍現身HITCON 2025，解析用AI發現修補漏洞的經驗 https://www.ithome.com.tw/news/171837 從10年前CGC到AIxCC挑戰賽，Theori在臺揭露發展自動化防禦的旅程與經驗 https://www.ithome.com.tw/news/171873 Azure與Microsoft 365服務異常，微軟指Azure Front Door設定變更所引發 https://www.ithome.com.tw/news/171955 AI瀏覽器底層模型可被操縱，資安業者揭露能讓AI爬蟲引用錯誤訊息的攻擊手法 https://thehackernews.com/2025/10/new-ai-targeted-cloaking-attack-tricks.html 研究人員揭露鎖定排版引擎Blink的攻擊手法，只需單一惡意URL就能讓瀏覽器當機 https://thehackernews.com/2025/10/new-brash-exploit-crashes-chromium.html Shadow Escape 零點擊攻擊威脅數兆筆個資　ChatGPT、Claude、Gemini 全面受影響 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12367 「PassiveNeuron」駭客鎖定 SQL 伺服器 展開網路間諜行動 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12364 駭客聲稱提供開源滲透測試框架AdaptixC2，實際上是發展犯罪工具 https://www.ithome.com.tw/news/171978 新型態ClickFix攻擊PhantomCaptcha鎖定烏克蘭戰爭而來 https://www.bleepingcomputer.com/news/security/phantomcaptcha-clickfix-attack-targets-ukraine-war-relief-orgs/ 俄羅斯駭客Sandworm透過寄生攻擊隱匿行蹤，對烏克蘭大型商業服務及地方政府機關下手 https://www.ithome.com.tw/news/171985 北韓駭客BlueNoroff從事GhostCall與GhostHire攻擊行動，鎖定Web3及區塊鏈領域而來 https://www.ithome.com.tw/news/171987 中國駭客Jewelbug發動供應鏈攻擊，滲透俄羅斯IT服務供應商長達5個月 https://thehackernews.com/2025/10/chinese-threat-group-jewelbug-quietly.html 跨國電信業者Ribbon證實網路環境遭到國家級駭客入侵，相關活動可追溯至去年12月 https://www.bleepingcomputer.com/news/security/major-telecom-services-provider-ribbon-breached-by-state-hackers/ ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More https://thehackernews.com/2025/10/threatsday-bulletin-176m-crypto-fine.html North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets https://thehackernews.com/2025/10/north-korean-hackers-lure-defense.html Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics https://thehackernews.com/2025/10/russian-hackers-target-ukrainian.html SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats https://thehackernews.com/2025/10/sidewinder-adopts-new-clickonce-based.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 社交工程利用信任，擊潰臺灣資安防線 https://www.ithome.com.tw/news/171984 中國駭客Smishing Triad透過逾19萬個惡意網域從事全球網釣活動 https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html Google駁斥數百萬筆Gmail信箱外洩 https://www.ithome.com.tw/news/171929 針對媒體報導全球1.8億Gmail帳號外洩，Google再度強調用戶都受到保護 https://www.bleepingcomputer.com/news/security/google-disputes-false-claims-of-massive-gmail-data-breach/ 玩具反斗城加拿大分公司傳出資料外洩 https://www.bleepingcomputer.com/news/security/toys-r-us-canada-warns-customers-info-leaked-in-data-breach/ 密碼管理業者LastPass針對最新一波網釣提出警告，駭客藉由帳號繼承為幌子，意圖竊取Passkey https://www.bleepingcomputer.com/news/security/fake-lastpass-death-claims-used-to-breach-password-vaults/ Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html E.研究報告/工具 New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts https://thehackernews.com/2025/10/new-ai-targeted-cloaking-attack-tricks.html Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc https://thehackernews.com/2025/10/preparing-for-digital-battlefield-of.html New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves https://thehackernews.com/2025/10/new-teefail-side-channel-attack.html Why Early Threat Detection Is a Must for Long-Term Business Growth https://thehackernews.com/2025/10/why-early-threat-detection-is-must-for.html Is Your Google Workspace as Secure as You Think it is https://thehackernews.com/2025/10/is-your-google-workspace-as-secure-as.html The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently https://thehackernews.com/2025/10/the-cybersecurity-perception-gap-why.html F.商業 AI 安全成 2026 首要任務：Gartner 預測逾半數企業將部署專用安全平台 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12369 Google透過雲端戰略與AI先鋒，重塑資安思維 https://www.ithome.com.tw/news/171869 OpenAI發表資安研究AI代理Aardvark，可自動找漏洞及寫修補程式 https://www.ithome.com.tw/news/171980 守住多元與包容原則，Python基金會退出美國NSF提供的150萬美元補助案 https://www.ithome.com.tw/news/171970 發展AI自動發現與修補漏洞有成，Shellphish在臺揭露實戰經驗 https://www.ithome.com.tw/news/171876 The MSP Cybersecurity Readiness Guide: Turning Security into Growth https://thehackernews.com/2025/10/the-msp-cybersecurity-readiness-guide.html The Death of the Security Checkbox: BAS Is the Power Behind Real Defense https://thehackernews.com/2025/10/the-death-of-security-checkbox-bas-is.html G.政府 資安署25年9月資安月報：《資通安全管理法》修正公布實施；政府陳情管道成釣魚攻擊新途徑 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12362 爆資安院「演練用陸製網通設備」　他點名張榮華、洪奇昌 https://www.chinatimes.com/realtimenews/20251030002444-260407 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 台廠四零四科技 Moxa 修補可能導致系統完全淪陷的硬編碼憑證漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12361 加拿大警示駭客濫用公開工控系統，多起水利與能源設施遭干擾 https://www.ithome.com.tw/news/171977 加拿大警告水力、能源，以及糧食儲存設施遭到入侵，造成服務中斷、誤報，以及導致不安全情況 https://www.bleepingcomputer.com/news/security/canada-says-hacktivists-breached-water-and-energy-facilities/ 殭屍網路PolarEdge綁架2.5萬臺物聯網裝置，被用於架設ORB隱匿網路犯罪活動 https://gbhackers.com/polaredge-botnet/ 鎖定連網設備的漏洞挖掘競賽Pwn2Own Ireland 2025，資安人員找到73個漏洞，得到超過百萬美元獎勵 https://www.bleepingcomputer.com/news/security/hackers-earn-1-024-750-for-73-zero-days-at-pwn2own-ireland/ Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices https://thehackernews.com/2025/10/experts-reports-sharp-increase-in.html Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack https://thehackernews.com/2025/10/active-exploits-hit-dassault-and-xwiki.html I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 AI智慧化流程與管理應用專業人員班 2025/11/12 https://www.accupass.com/event/2509120400472009022575 DQS 年度論壇：迎接全球化，AI 驅動下的供應鏈韌性 2025/11/14 https://www.accupass.com/event/2509250347388679111730