###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/12/15 ~ 2025/12/19 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass https://thehackernews.com/2025/12/fortinet-fortigate-under-active-attack.html 甫修補的FortiCloud SSO重大漏洞已遭駭客濫用 https://www.ithome.com.tw/news/172862 SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances https://thehackernews.com/2025/12/sonicwall-fixes-actively-exploited-cve.html SonicWall旗下VPN設備的管理主控臺存在零時差漏洞，已被用於攻擊行動 https://www.ithome.com.tw/news/172891 WatchGuard修補防火牆產品Firebox多項重大資安漏洞 https://www.ithome.com.tw/news/172858 WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability https://thehackernews.com/2025/12/watchguard-warns-of-active-exploitation.html Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances https://thehackernews.com/2025/12/cisco-warns-of-active-attacks.html 思科電子郵件閘道與網頁安全閘道存在滿分零時差漏洞，中國駭客已用於部署後門程式 https://www.ithome.com.tw/news/172897 微軟12月安全更新造成IIS伺服器與MSMQ功能無法運作 https://www.ithome.com.tw/news/172890 Windows RasMan零時差漏洞恐導致服務中斷，尚無官方修補程式 https://www.ithome.com.tw/news/172841 ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories https://thehackernews.com/2025/12/threatsday-bulletin-whatsapp-hijacks.html React2Shell 滿分漏洞遭瘋狂利用　Google 揭露至少八個中國駭客組織加入攻擊行列 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12534 勒索軟體Weaxor加入利用React滿分漏洞的行列 https://www.ithome.com.tw/news/172889 5個中國國家級駭客加入利用React2Shell的行列，部署後門及隧道工具控制受害主機 https://www.ithome.com.tw/news/172844 滿分資安漏洞React2Shell利用活動急速升溫 https://www.ithome.com.tw/news/172833 有人假借提供React2Shell掃描工具的名義，於GitHub散布惡意軟體 https://www.ithome.com.tw/news/172851 大量React2Shell概念驗證工具出現在GitHub，突顯漏洞極為容易利用 https://www.ithome.com.tw/news/172901 New React RSC Vulnerabilities Enable DoS and Source Code Exposure https://thehackernews.com/2025/12/new-react-rsc-vulnerabilities-enable.html React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation https://thehackernews.com/2025/12/react2shell-exploitation-escalates-into.html React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors https://thehackernews.com/2025/12/react2shell-vulnerability-actively.html PostgreSQL管理工具pgAdmin存在重大漏洞，攻擊者可透過惡意還原挾持資料庫 https://securityonline.info/critical-pgadmin-rce-cve-2025-13780-flaw-bypasses-fix-allowing-server-takeover-via-malicious-database-restore/ CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog https://thehackernews.com/2025/12/cisa-flags-actively-exploited-geoserver.html CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation https://thehackernews.com/2025/12/cisa-flags-critical-asus-live-update.html CISA警告華碩更新工具舊漏洞遭到攻擊 https://www.ithome.com.tw/news/172914 New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards https://thehackernews.com/2025/12/new-uefi-flaw-enables-early-boot-dma.html MITRE 公布 2025 年25個最危險軟體弱點：XSS 蟬聯榜首，六大新弱點首度入榜 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12535 AI瀏覽器Perplexity Comet存在零點擊漏洞，可讓攻擊者抹除Google Drive資料 https://www.ithome.com.tw/news/172755 HPE修補基礎架構管理軟體OneView滿分漏洞 https://www.bleepingcomputer.com/news/security/hpe-warns-of-maximum-severity-rce-flaw-in-oneview-software/ Google發布Chrome 143更新，修補高風險WebGPU及V8漏洞 https://gbhackers.com/chrome-security-update-fixes-flaws/ 遠端管理工具ScreenConnect重大漏洞恐曝露敏感組態設定資料 https://securityonline.info/critical-screenconnect-flaw-cvss-9-1-risks-config-exposure-untrusted-extension-installation/ Windows Admin Center存在高風險提權漏洞，問題源自資料夾權限配置不當 https://securityonline.info/windows-admin-center-flaw-cve-2025-64669-how-a-simple-folder-permission-opened-the-door-to-system-access/ Nvidia機器人模擬與開發框架存在反序列化漏洞，攻擊者可發動RCE攻擊 https://gbhackers.com/nvidia-isaac-lab-flaw-enables-remote-code-execution/ Nvidia機器學習框架Merlin存在高風險漏洞，可被用於執行惡意程式碼、存取敏感資料 https://gbhackers.com/nvidia-merlin-vulnerabilities/ WinRAR路徑遍歷漏洞出現實際攻擊，3組人馬發起網釣活動 https://www.ithome.com.tw/news/172879 Atlassian為旗下應用系統修補Apache Tika滿分漏洞 https://www.securityweek.com/atlassian-patches-critical-apache-tika-flaw/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 金融資安天花板！韓國投資證券借鏡 Coupang 經驗 砸重金建構 AI 驅動防禦體系、資訊保護標準傲視亞太 https://reurl.cc/Zl2yAl 摩根大通、花旗、摩根士丹利客戶資料疑因軟體供應商駭客攻擊外洩，金融資安走向全面外移風險 https://uanalyze.com.tw/articles/6740639789 銀行帳戶凍結或誤判　金管會要求建立快速申訴機制 https://money.udn.com/money/story/5613/9212567 Swift攜手螞蟻國際與匯豐銀行測試基於區塊鏈的跨境支付 https://hao.cnyes.com/post/217648 3.信用卡/電子支付/行動支付/pay/支付系統/資安 香港電子支付｜的士車隊Amigo對接KPay　支援逾30種海外電子支付方式 https://reurl.cc/Ab90Kj KPay 夥 Amigo 推出一站式的士電子支付方案 http://www.aastocks.com/tc/stocks/news/infocast-news/IC4811827/1 全盈支付啟用偉康科技 OETH 無密碼強認證 電支合規全面升級強化資安韌性 https://n.yam.com/Article/20251219350465 電子支付再進化！　升級AR地圖像玩抓寶　中山、西門搶先體驗 https://www.ftvnews.com.tw/news/detail/2025C17F06M1 台北捷運多元支付服務1月正式登場！Apple Pay、LINE Pay可直接掃碼搭捷運 https://www.elle.com/tw/life/hot-news/g69718897/mrt-payby-linepay-apple-pay-2026/ 與時並進/調查：全球逾半網購支付採用電子錢包 https://epaper.tkww.hk/a/202512/19/AP69446142e4b0eb9195c148f8.html iPASS MONEY提款3步驟　13家銀行免收手續費 https://www.cardu.com.tw/news/detail.php?60442 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign https://thehackernews.com/2025/12/compromised-iam-credentials-power-large.html Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft https://thehackernews.com/2025/12/north-korea-linked-hackers-steal-202.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客企圖於義大利渡輪Fantastic植入惡意程式 https://www.ithome.com.tw/news/172918 竊資軟體SantaStealer號稱完全在記憶體內運作，疑似駭客組織東山再起 https://www.bleepingcomputer.com/news/security/new-santastealer-malware-steals-data-from-browsers-crypto-wallets/ 勒索軟體Clop傳出鎖定Gladinet CentreStack而來，企圖利用資安漏洞竊取資料 https://www.bleepingcomputer.com/news/security/clop-ransomware-targets-gladinet-centrestack-servers-for-extortion/ 攻擊行動GhostPoster鎖定Firefox用戶而來，將惡意JavaScript指令碼埋藏在附加元件圖示 https://www.bleepingcomputer.com/news/security/ghostposter-attacks-hide-malicious-javascript-in-firefox-addon-logos/ Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads https://thehackernews.com/2025/12/fake-osint-and-gpt-utility-github-repos.html VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption https://thehackernews.com/2025/12/volklocker-ransomware-exposed-by-hard.html China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware https://thehackernews.com/2025/12/china-linked-ink-dragon-hacks.html GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads https://thehackernews.com/2025/12/ghostposter-malware-found-in-17-firefox.html Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks https://thehackernews.com/2025/12/kimwolf-botnet-hijacks-18-million.html China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware https://thehackernews.com/2025/12/china-aligned-threat-group-uses-windows.html HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution https://thehackernews.com/2025/12/hpe-oneview-flaw-rated-cvss-100-allows.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 安卓惡意軟體Cellik號稱能捆綁於Google Play市集的任何應用程式，打造惡意版本APK檔案 https://www.bleepingcomputer.com/news/security/cellik-android-malware-builds-malicious-versions-from-google-play-apps/ 安卓惡意程式DroidLock鎖定西班牙語用戶，可全面接管裝置向使用者勒索 https://www.ithome.com.tw/news/172822 Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.html Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 法國逮捕涉嫌對內政部發動網攻的22歲男子 https://www.ithome.com.tw/news/172915 法國內政部遭網路攻擊，駭客入侵郵件伺服器 https://www.ithome.com.tw/news/172840 委內瑞拉石油公司傳出遭網路攻擊，導致出口業務中斷 https://www.bleepingcomputer.com/news/security/cyberattack-disrupts-venezuelan-oil-giant-pdvsas-operations/ 哈瑪斯駭客鎖定中東外交官與政府實體而來，散布惡意軟體AshTag https://hackread.com/hamas-hackers-ashtag-malware-diplomats/ 俄駭客Sandworm鎖定西方國家能源與雲端基礎設施，透過邊緣設備配置不當發動攻擊 https://www.ithome.com.tw/news/172873 Google將在2026年初關閉暗網報告通知服務 https://www.ithome.com.tw/news/172842 Google to Shut Down Dark Web Monitoring Tool in February 2026 https://thehackernews.com/2025/12/google-to-shut-down-dark-web-monitoring.html A Browser Extension Risk Guide After the ShadyPanda Campaign https://thehackernews.com/2025/12/a-browser-extension-risk-guide-after.html Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure https://thehackernews.com/2025/12/amazon-exposes-years-long-gru-cyber.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 未設防MongoDB資料庫曝16 TB職涯資料，近43億筆含大量LinkedIn個資 https://www.ithome.com.tw/news/172911 未受保護的大型MongoDB資料庫存放16 TB資料，43億筆職場社群網站LinkedIn個資曝光 https://securityaffairs.com/185661/data-breach/experts-found-an-unsecured-16tb-database-containing-4-3b-professional-records.html 冒牌ChatGPT Atlas瀏覽器網站鎖定macOS用戶而來，意圖竊取帳密資料 https://www.ithome.com.tw/news/172681 汽車零件大廠LKQ通報Oracle EBS資料外洩，影響近萬人 https://www.ithome.com.tw/news/172892 北韓駭客發動QR Code網釣，意圖散布安卓惡意程式DocSwap https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html 日本電商Askul公布勒索軟體攻擊調查報告，物流與備份系統遭加密，外洩約74萬筆資料 https://www.ithome.com.tw/news/172877 駭客濫用GitHub個人存取權杖，竊取Actions機密憑證攻擊雲端控制平面 https://www.ithome.com.tw/news/172753 成人網站PornHub合作的資料分析服務公司遭ShinyHunters入侵，部分付費會員資料恐外流 https://www.bleepingcomputer.com/news/security/pornhub-extorted-after-hackers-steal-premium-member-activity-data/ 成人網站PornHub合作的資料分析服務公司傳出遭ShinyHunters入侵，部分付費會員資料恐外流 https://www.ithome.com.tw/news/172860 針對2022年密碼管理服務商LastPass資料外洩事故，英國開罰120萬英鎊 https://www.ithome.com.tw/news/172867 日本電商公司Askul遭駭傳出是勒索軟體RansomHouse所為，74萬筆客戶記錄遭竊 https://www.bleepingcomputer.com/news/security/askul-confirms-theft-of-740k-customer-records-in-ransomhouse-attack/ New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale https://thehackernews.com/2025/12/new-advanced-phishing-kits-use-ai-and.html Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector https://thehackernews.com/2025/12/phantom-stealer-spread-by-iso-phishing.html Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats https://thehackernews.com/2025/12/featured-chrome-browser-extension.html APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign https://thehackernews.com/2025/12/apt28-targets-ukrainian-ukr-net-users.html Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks https://thehackernews.com/2025/12/nigeria-arrests-raccoono365-phishing.html E.研究報告/工具 2025年五大Web安全威脅重塑防護策略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12526 2026資安三大趨勢預測： AI工業化推升攻擊自動化，多雲與供應鏈仍為駭客主戰場，企業治理破口成AI攻擊跳板 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12529 Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work https://thehackernews.com/2025/12/securing-genai-in-browser-policy.html Why Data Security and Privacy Need to Start in Code https://thehackernews.com/2025/12/why-data-security-and-privacy-need-to.html Fix SOC Blind Spots: See Threats to Your Industry & Country in Real Time https://thehackernews.com/2025/12/fix-soc-blind-spots-see-threats-to-your.html F.商業 The Case for Dynamic AI-SaaS Security as Copilots Scale https://thehackernews.com/2025/12/the-case-for-dynamic-ai-saas-security.html 卡巴斯基報告：2025上半年智慧型手機攻擊大幅增加 惡意軟體威脅持續升級 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12528 Check Point Software 發佈 2026 年資安預測 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12533 AI投資增加、技術、市場、法規驅動下，將對企業資安市場帶來影響 https://www.ithome.com.tw/news/172908 【產品資安實務經驗：威聯通】主動公開與修補CVE弱點，再以漏洞懸賞與安全設計鞏固防線 https://www.ithome.com.tw/news/172775 【產品資安實務經驗：合勤科技】不能只當漏洞救火隊，更要落實「設計即安全」 https://www.ithome.com.tw/news/172774 【當資安已成產品「內建」基本要求】漏洞風險與法規遵循壓力與日俱增，臺廠做好產品資安刻不容緩 https://www.ithome.com.tw/news/172773 Brave測試AI代理上網功能，加入多項安全隱私機制 https://www.ithome.com.tw/news/172792 G.政府 數位情報網再升級，跨界聯防共築全民防線：網詐通報查詢網3.0全新改版 https://www.ithome.com.tw/news/172848 數位發展部舉辦「數位憑證皮夾」試營運暨應用體驗記者會 打造全民數位生活新紀元 https://ocacnews.net/article/415666?cid=10 響應數位發展部政策！7-ELEVEN、全家可憑「數位憑證皮夾」取件 https://technews.tw/2025/12/18/7-eleven-familymart-wz-digi-wallet/ 數位發展部數位產業署攜手國際科技大廠深化AI合作 國際技術日系列活動打造開發者社群年度盛事，台智雲壓軸登場 https://www.cw.com.tw/article/5138935 資安署114年11月資安月報：偽冒Chrome更新誘騙下載惡意程式；弱密碼致臉書粉專遭奪 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12536 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 美國CISA聯合多國發布「AI在關鍵基礎設施OT環境的資安指引」 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12523 【產品資安實務經驗：四零四科技】從依循IEC 62443到成立PSC，產品資安強化成為公司的長期工程 https://www.ithome.com.tw/news/172776 CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks https://thehackernews.com/2025/12/cisa-adds-actively-exploited-sierra.html IP電話管理系統FreePBX多重漏洞可被串連濫用，攻擊者恐取得遠端執行程式碼能力 https://www.ithome.com.tw/news/172854 FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE https://thehackernews.com/2025/12/freepbx-authentication-bypass-exposed.html I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Transform Your Business Through Strategic Cloud Migration - A Practical Framewor 2025/12/20 https://www.meetup.com/hang-zhou-atlassian-community-events/events/312234973/ 【課程諮詢】物聯網邊緣運算與資安實戰 2025/12/20 https://www.accupass.com/event/2412260751154280345070 【AI與健康照護】｜BEING HUMAN：AI與人共生的那一天 2025/12/20 https://www.accupass.com/event/2511040559456239777670 經濟部產業人才能力鑑定 IPAS 證照-AI應用規劃師+資訊安全工程師證照趨勢 2025/12/20 https://www.accupass.com/event/2511100938472545413330 【資安講座】滲透測試實務分享 2025/12/22 https://hackersir.kktix.cc/events/20251222-practical-pentest WordPress 台北 x 彩虹 聯合小聚 尾牙場 @ 言文字 2025/12/22 https://www.meetup.com/taipei-wordpress/events/312164321/ AI X-Mas event 2025/12/23 https://www.meetup.com/taipei-education-technology-meetup-group/events/312277145/ 【十二月場】MaiCoin 反詐騙講座 2025/12/24 https://www.accupass.com/event/2512060436481692456595