###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/5/26 ~ 2025/5/30 1.重大弱點漏洞/後門/Exploit/Zero Day VMware 發佈多項產品重大資安更新 https://www.ithome.com.tw/news/169108 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717 Juniper Junos OS CVE-2025-21594 https://nvd.nist.gov/vuln/detail/CVE-2025-21594 思科修補ISE、CUIC的阻斷服務及權限提升漏洞 https://www.ithome.com.tw/news/169153 Cisco 近日發布更新以解決多個產品的安全性弱點 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4 https://www.ithome.com.tw/news/169153 Cisco Identity Services Engine Software https://nvd.nist.gov/vuln/detail/CVE-2025-20152 Cisco Unified Contact Center Express https://nvd.nist.gov/vuln/detail/CVE-2025-20113 Tenable修補網路監控軟體權限提升漏洞，並更新採用的開源程式庫 https://gbhackers.com/flaws-tenable-network/ Node.js程式庫Samlify存在近滿分重大漏洞，攻擊者可輕易冒充管理員身分 https://www.ithome.com.tw/news/169156 AI助手GitLab Duo存在漏洞，恐被用於挾持AI回應、洩露程式原始碼 https://www.ithome.com.tw/news/169196 GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts https://thehackernews.com/2025/05/gitlab-duo-vulnerability-enabled.html Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://thehackernews.com/2025/05/mimo-hackers-exploit-cve-2025-32432-in.html 251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch https://thehackernews.com/2025/05/251-amazon-hosted-ips-used-in-exploit.html Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin https://thehackernews.com/2025/05/over-100000-wordpress-sites-at-risk.html Microsoft Edge (Chromium-based) Updater https://nvd.nist.gov/vuln/detail/CVE-2025-47181 Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File https://thehackernews.com/2025/05/microsoft-onedrive-file-picker-flaw.html Red Hat Enterprise Linux 10 https://nvd.nist.gov/vuln/detail/CVE-2025-5024 Google、Mozilla發布Chrome 137、Firefox 139，修補高風險資安漏洞 https://www.securityweek.com/chrome-137-firefox-139-patch-high-severity-vulnerabilities/ Google發布Chrome 137，修補高風險記憶體使用後再存取利用漏洞 https://securityonline.info/google-chrome-update-8-security-fixes-including-high-severity-flaw/ 資安研究員利用OpenAI o3模型發現Linux核心零時差漏洞 https://www.ithome.com.tw/news/169151 Cloudflare修補代理伺服器框架高風險漏洞 https://thecyberexpress.com/cloudflare-fixes-cve-2025-4366-in-pingora-oss/ GitHub MCP曝嚴重漏洞，惡意Issue可誘使AI代理外洩私有儲存庫資料 https://www.ithome.com.tw/news/169191 Craft CMS已知漏洞出現實際攻擊行動，駭客藉此挖礦、充當代理伺服器 https://thehackernews.com/2025/05/mimo-hackers-exploit-cve-2025-32432-in.html 購物網站商品收藏清單外掛驚傳滿分漏洞，逾10萬網站受影響 https://www.ithome.com.tw/news/169256 2.銀行/金融/保險/證券/金融監理 新聞及資安 凱基證券主辦集團資安月 打造「人人是防線」資安文化 https://www.cna.com.tw/business/chinese/402614 國泰金控要靠自建金融知識LLM，打造臺灣首個金融AI Agent https://www.ithome.com.tw/news/169082 刑事警察局攜手合庫金控簽署反詐騙MOU https://taidaily.com/2025/05/27/542897/ 台灣銀行「1新制」上路！一片哀嚎帳戶被鎖　錢全領不出來 https://news.tvbs.com.tw/life/2886283 俄政府關係智庫警告：系統性銀行危機風險與日俱增 https://today.line.me/tw/v2/article/BEly5e2 3.信用卡/電子支付/行動支付/pay/支付系統/資安 陸行動支付盛行 不用現金 ATM急速消失中 https://udn.com/news/story/7333/8763969 行動支付發達致數量大減 中國大學生：沒用過ATM https://money.udn.com/money/story/5603/8763531 VISA Pay打亞洲市場 ！台灣LINE Pay添3位新同伴 https://reurl.cc/paja34 華盛頓DC地鐵可用卡片支付了！歐洲網友驚嘆：歡迎來到2006年 https://reurl.cc/XAYARD 全盈＋PAY四戰略強攻跨境、移工 迎戰電支新局 https://reurl.cc/QYkYE2 看準80萬移工消費力 全盈+PAY拚打造移工專屬支付 https://ec.ltn.com.tw/article/breakingnews/5058828 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 蘋果電腦用戶遭鎖定，駭客假借冒牌Ledger軟體挾持加密貨幣錢包 https://www.bleepingcomputer.com/news/security/hackers-use-fake-ledger-apps-to-steal-mac-users-seed-phrases/ 川普家族擁抱加密貨幣「來自恨意」：自爆曾被銀行封殺、凍結資金往來 https://www.blocktempo.com/trump-family-crypto-shift-debanking-catalyst/ 歐洲央行官員警告銀行與加密資產相關風險 https://hk.investing.com/news/cryptocurrency-news/article-93CH-950784 Google、貝萊德警告比特幣量子威脅：破解 RSA 加密比想像中簡單 20 倍 https://abmedia.io/google-quantum-computers-break-bitcoin-20-times-easier 比特幣怎麼買？蔡明忠的台灣大虛擬資產交易所「3步驟加入幣圈」！開戶教學文一次看：100元就能買幣 https://www.businesstoday.com.tw/article/category/183012/post/202505280028/ 哈薩克推出「CryptoCity」計劃：建立數位實驗區，加密貨幣融入日常支付 https://www.blocktempo.com/kazakhstan-launches-cryptocity-initiative-to-build-a-new-pilot-zone-for-digital-assets/ 美國加密貨幣立法「第 2 張拼圖」：眾議院提出《數位資產市場明確法案》 https://blockcast.it/2025/05/30/u-s-house-republicans-introduce-crypto-market-structure-bill/ 打擊虛擬幣洗錢詐騙　鍾佳濱：建立交易身份查核制度 https://cnews.com.tw/235250429a04/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC ValleyRAT偽裝VPN與瀏覽器安裝程式！多階段記憶體攻擊鏈「Catena」現身 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11917 表單挾持軟體Stealthy Skimmer鎖定WooCommerce電商網站而來 https://securityonline.info/stealthy-skimmer-new-formjacking-malware-targets-woocommerce-checkouts/ 惡意軟體Winos 4.0透過冒牌VPN和瀏覽器安裝程式散布 https://thehackernews.com/2025/05/hackers-use-fake-vpn-and-browser-nsis.html 竊資軟體Rhadamanthys捲土重來，假借社群網站內容侵權散布 https://securityonline.info/rhadamanthys-stealer-returns-copyright-phishing-targets-europe/ 惡意程式Dero自動感染公開Docker容器，並執行挖礦 https://www.ithome.com.tw/news/169165 勒索軟體DragonForce使用遠端管理工具SimpleHelp漏洞，攻擊MSP業者 https://www.bleepingcomputer.com/news/security/dragonforce-ransomware-abuses-simplehelp-in-msp-supply-chain-attack/ 開發MATLAB的軟體開發商服務中斷，傳出遭遇勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/mathworks-blames-ransomware-attack-for-ongoing-outages/ 木馬程式SilverRAT驚傳原始碼外流 https://hackread.com/silverrat-source-code-leaked-online-you-need-to-know/ 以提供Bitdefender免費防毒軟體為幌子，駭客意圖散布木馬程式VenomRAT搜括帳密 https://www.ithome.com.tw/news/169258 Go語言殭屍網路病毒PumaBot透過SSH暴力破解，鎖定物聯網裝置而來 https://www.bleepingcomputer.com/news/security/new-pumabot-botnet-brute-forces-ssh-credentials-to-breach-devices/ 勒索軟體DragonForce利用遠端管理工具SimpleHelp漏洞，攻擊MSP業者與其客戶 https://www.ithome.com.tw/news/169242 歐洲刑警組織大執法！3天破壞7個Botnet，查封300臺伺服器、650個網域 https://www.ithome.com.tw/news/169158 Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique https://thehackernews.com/2025/05/hackers-use-tiktok-videos-to-distribute.html 300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide https://thehackernews.com/2025/05/300-servers-and-35m-seized-as-europol.html U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation https://thehackernews.com/2025/05/us-dismantles-danabot-malware-network.html Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware https://thehackernews.com/2025/05/hackers-use-fake-vpn-and-browser-nsis.html 駭客組織MUT-9332利用VS Code外掛鎖定開發人員 https://securityonline.info/malicious-vs-code-extensions-deliver-spyware-steal-crypto-credentials/ Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto https://thehackernews.com/2025/05/over-70-malicious-npm-and-vs-code.html New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency https://thehackernews.com/2025/05/new-self-spreading-malware-infects.html DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints https://thehackernews.com/2025/05/dragonforce-exploits-simplehelp-flaws.html Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore https://thehackernews.com/2025/05/iranian-hacker-pleads-guilty-in-19.html New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto https://thehackernews.com/2025/05/new-pumabot-botnet-targets-linux-iot.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 預防Windows 11 Recall截圖影響用戶隱私及資安，即時通訊軟體Signal提供預設阻擋機制 https://www.ithome.com.tw/news/169105 蘋果說明其App Store在過去五年內阻止超過90億美元規模的詐欺交易 https://reurl.cc/nmjmrv 德州通過App Store問責法案，要求程式市集驗證兒童年紀 https://www.ithome.com.tw/news/169220 改機族注意！Google全新安全機制上路、大量App恐無法使用 https://3c.ltn.com.tw/news/61992 Apple 告訴你：感謝我們的安全規則 App Store 你節省了數十億美元 https://www.letemsvetemapplem.eu/zh-TW/2025/05/29/apple-vam-vzkazuje-diky-nasim-bezpecnostnim-pravidlum-v-app-store-jste-usetrili-miliardy-dolaru/ Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats https://thehackernews.com/2025/05/apple-blocks-9-billion-in-fraud-over-5.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 美國NIST推新指標 LEV「可能遭利用漏洞」評估系統 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11916 國家級APT駭客族群如何濫用生成式AI https://www.ithome.com.tw/news/168969 當人資遇上資安挑戰：半導體公司人資主管解析，資安證照如何助力公司和個人價值提升 https://www.ithome.com.tw/news/169002 先下手為強的另一種資安左移策略！掌握可能遭攻擊的先機 https://www.ithome.com.tw/news/168709 新加坡數位發展部：將加碼培養AI專才及支援中小企業數位化 https://www.ttv.com.tw/finance/view/052025291113AB79B448C1444693AF78AB938CD7D711CF89/587#google_vignette 川普政府傳將禁止EDA軟體售予中國 https://www.ithome.com.tw/news/169270 俄羅斯駭客Void Blizzard以假Entra登入網頁為誘餌，入侵逾20家非政府組織 https://www.ithome.com.tw/news/169219 荷蘭警方去年遭駭，傳出是俄羅斯駭客Void Blizzard所為 https://www.ithome.com.tw/news/169223 駭客組織Everest、Gehenna聲稱竊得可口可樂內部資料 https://www.ithome.com.tw/news/169228 駭客組織TA-ShadowCricket控制全球逾2千臺伺服器，44臺在臺灣 https://www.ithome.com.tw/news/169197 駭客組織Careto傳出背後主使是西班牙政府 https://www.ithome.com.tw/news/169179 CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs https://thehackernews.com/2025/05/cisa-warns-of-suspected-broader-saas.html 捷克指控中國駭客APT31攻擊外交部長達3年 https://www.bleepingcomputer.com/news/security/czechia-blames-china-for-ministry-of-foreign-affairs-cyberattack/ Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack https://thehackernews.com/2025/05/czech-republic-blames-china-linked.html APT41濫用Google行事曆進行C2通訊 https://www.bleepingcomputer.com/news/security/apt41-malware-abuses-google-calendar-for-stealthy-c2-communication/ Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations https://thehackernews.com/2025/05/chinese-apt41-exploits-google-calendar.html Mark Your Calendar: APT41 Innovative Tactics https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents https://thehackernews.com/2025/05/russia-linked-hackers-target-tajikistan.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 抖音成散布竊資軟體的新管道，駭客藉此從事Click網釣 https://www.bleepingcomputer.com/news/security/tiktok-videos-now-push-infostealer-malware-in-clickfix-attacks/ 知名運動品牌Adidas遭網路攻擊，客戶資料外洩 https://www.ithome.com.tw/news/169222 60款NPM套件及VS Code外掛竊取開發人員帳密、加密貨幣錢包 https://thehackernews.com/2025/05/over-70-malicious-npm-and-vs-code.html 資料供應商LexisNexis資料外洩　影響逾36萬用戶 https://www.ithome.com.tw/news/169271 Zscaler ThreatLabz 2025 Phishing Report: Phishing Evolves With GenAI https://thehackernews.com/expert-insights/2025/05/zscaler-threatlabz-2025-phishing-report.html CISO's Guide To Web Privacy Validation And Why It's Important https://thehackernews.com/2025/05/cisos-guide-to-web-privacy-validation.html Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers https://thehackernews.com/2025/05/employees-searching-payroll-portals-on.html Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign https://thehackernews.com/2025/05/hackers-are-calling-your-office-fbi.html E.研究報告/工具 SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection https://thehackernews.com/2025/05/safeline-waf-open-source-web.html AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale https://thehackernews.com/2025/05/ai-agents-and-nonhuman-identity-crisis.html From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign https://thehackernews.com/2025/05/from-infection-to-access-24-hour.html How 'Browser-in-the-Middle' Attacks Steal Sessions in Seconds https://thehackernews.com/2025/05/how-browser-in-middle-attacks-steal.html F.商業 HiTRUST 以 Veri-id 勇奪 2025 智慧創新大賞金牌 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11906 HPE升級HPE Alletra Storage MP，助力客戶強化網路韌性與資料可用性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11912 Computex秀AI資安新方向，趨勢科技用數位孿生助企業攻防演練 https://www.ithome.com.tw/news/169194 雲端資安業者Zscaler宣布買下MDR業者Red Canary https://www.ithome.com.tw/news/169221 G.政府 立院初審 關鍵基礎設施未通報資安事件最高罰千萬 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11910 資安法修法進入委員會審查階段，新增條文擬納入協助民間應對重大資安事件 https://www.ithome.com.tw/news/169202 數發部盼即時修補資安漏洞 號召供應鏈免費加入通報聯盟 https://ec.ltn.com.tw/article/breakingnews/5056404 帶動公部門轉型 政府將成立「AI公務人才發展辦公室」 https://reurl.cc/YYrY04 強化台灣資安 政府攜手產業共築韌性防護網 https://www.epochtimes.com/b5/25/5/27/n14518665.htm 數發部資安署攜手產業共築防護網　公私聯防台灣資安威脅 https://knews.com.tw/news/E56DD30AF15DF1FCA3C0A97F766C0F5B 數發部啟動公私聯防 TWCERT/CC、Google.org助企業強化資安 https://news.pchome.com.tw/science/technice/20250527/index-74833833836232338005.html TWCERT/CC力拚年底達4000會員　政府攜手產業強化資安聯防 https://reurl.cc/qGjGrD 你的資料安全誰在守？資安署出手聯手企業打造「數位防火牆」 https://tw.nextapple.com/life/20250527/4B89705E18AA3291F4EB8DDBF8CB65F2 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 透過IEC 62443-3-2與3-3標準 打造更具韌性的工控系統防護網 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11913 洛克威爾自動化發布資安白皮書 以企業治理強化數位防線 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11911 5,300臺網路設備遭殭屍網路綁架，中國駭客ViciousTrap利用未有修補程式的已知漏洞入侵 https://www.ithome.com.tw/news/169195 思科小型路由器遭鎖定，駭客ViciousTrap利用已知漏洞入侵 https://thehackernews.com/2025/05/vicioustrap-uses-cisco-flaw-to-build.html ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices https://thehackernews.com/2025/05/vicioustrap-uses-cisco-flaw-to-build.html Netgear路由器存在重大漏洞，攻擊者能得到完整管理員權限 https://gbhackers.com/netgear-router-flaw/ 9千臺華碩路由器遭殭屍網路AyySSHush入侵，駭客植入SSH後門 https://www.ithome.com.tw/news/169252 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 LeetCode Weekly Contest Review & Discussion 2025/6/1 https://www.meetup.com/codeseoul/events/308124092/ TDF × Crypto Day｜Web3 Panel with TempoHouse 2025/6/3 https://www.meetup.com/taiwan-digital-nomads-hub-%E5%8F%B0%E7%81%A3%E6%95%B8%E4%BD%8D%E9%81%8A%E7%89%A7%E8%80%85%E7%A4%BE%E7%BE%A4/events/308001939/ Algorithms Study Group! 2025/6/3 https://www.meetup.com/codeseoul/events/307934874/ Software Crafters - June 2025: Building Momentum 2025/6/5 https://www.meetup.com/software-crafters-manila/events/307799219/ Brave New Words 讀書分享午餐聚 2025/6/5 https://www.meetup.com/taipeiwomenintech/events/308107202/ Slot 1 (APAC/EMEA) 2025/6/5 https://www.meetup.com/coop-casual-conference/events/307857779/ 網路自由小聚 EX：資訊時代的自我防衛術 2025/6/6 https://ocftw.kktix.cc/events/internetfreedom-2025ex 物聯網資訊安全實務 2025/6/6 https://www.accupass.com/event/2412260750552102835426 Flutter Tokyo #8 2025/6/7 https://www.meetup.com/flutter-meetup-tokyo/events/308078305/ Taiwan Digital Fest 臺灣數位嘉年華 - The Biggest Nomad Fest in Asia! 2025/6/7 https://www.meetup.com/taiwan-digital-nomads-hub-%E5%8F%B0%E7%81%A3%E6%95%B8%E4%BD%8D%E9%81%8A%E7%89%A7%E8%80%85%E7%A4%BE%E7%BE%A4/events/307616875/ 物聯網邊緣運算與資安實戰 2025/6/7 https://www.accupass.com/event/2412260751154280345070 Atlassian TEAM'25 台灣社群大會 2025/6/7 https://www.meetup.com/taipei-atlassian-community-events/events/307519419/ iPAS AI應用規劃師 × 資策會生成式AI能力認證 最強陪跑班第一期 2025/6/8 https://www.accupass.com/event/2505210136041031208432 iPAS 資訊安全工程師中級證照培訓班：引領你掌握職涯未來 2025/6/8 https://acsiacad.kktix.cc/events/a2f3d0ef-ipascyberengineer-copy-1 標準引領．韌性共建：CRA 時代下的 ISA 資安治理新篇章 2025/6/10 https://isatw.kktix.cc/events/isa-2025q2-isataiwan-meeting AMA with VCs, featuring Linh Nguyen, Investment Associate, Ansible Ventures 2025/6/10 https://www.meetup.com/hanoi-startup-founder-101/events/308085450/ 風傳媒反詐新戰術2.0《剖析詐騙內幕》論壇 2025/6/10 https://www.accupass.com/event/2505060252006801588340 Workshop: Building a Quiz App with Angular & TypeScript 2025/6/11 https://www.meetup.com/treelevel-io/events/306859952/ 打造中小企業精準抗勒索防護方程式研討會 2025/6/11 https://www.accupass.com/event/2505261049291928593618 數位資產與穩定幣論壇：新法規、新格局、新機遇 2025/6/11 https://www.accupass.com/event/2505080859005008557500 Google Cloud Summit Taipei 2025/6/12 https://cloudonair.withgoogle.com/events/summit-taipei-2025 開源授權管理與 .NET/Java 安全程式開發課程 2025/6/12 https://www.accupass.com/event/2412190240311871400665 Masterclass | Warren Redlich - Why All Musk Companies Are AI Native 2025/6/12 https://www.meetup.com/workoptional-ai/events/307932191/ 物聯網智造基地主題式課程－智慧裝置X資安防護：物聯網資安實務全攻略 2025/6/13 https://www.accupass.com/event/2505200140446281638930 sciwork seminar 2025 2025/6/14 https://sciwork.kktix.cc/events/sciworkseminar-202506 WordPress 彩虹小聚 ：開源專案變桌遊：快速體驗《開源星手村》 2025/6/16 https://www.meetup.com/taipei-wordpress/events/308102467/ PrestoCon Day 2025 2025/6/17 https://www.meetup.com/presto-meetup-shanghai/events/308087734/ #137 GenAI Series 2 2025/6/18 https://www.meetup.com/r-user-group-philippines/events/307026465/ Online Workshop 🎨 UX for beginner s2025/6/18 https://www.meetup.com/le-wagon-tokyo-coding-station/events/308078454/ 智能資安解決方案：Elastic AI+ML Security，打破傳統 SIEM 限制 2025/6/18 https://www.accupass.com/event/2504280713232836866920 【AI 防洩密偵測術】ARES PP 線上資安研討會 2025/6/18 https://www.accupass.com/event/2505060949206034400380 識詐風雲：虛擬資產防詐反洗錢課程 2025/6/19 https://www.accupass.com/event/2503170733116092889810 2025 TILO 「人工智慧X資訊安全」研討會 2025/6/20 https://www.accupass.com/event/2505270448471809413622 GitHub Copilot Global Bootcamp | Microsoft Makati 2025/6/20 https://www.meetup.com/microsoftph/events/307172864/ Season of AI Agents: Build the Future with AI 2025/6/21 https://www.meetup.com/cloud-experts-group/events/307650330/ Elasticsearch x RAG：從架構到部署，帶你學會 RAG 應用實作流程 2025/6/25 https://www.accupass.com/event/2505210739587773218720 2025 TAICS 論壇 2025/6/25 https://www.accupass.com/event/2505200823402070149514 智慧產學新藍圖—智慧教育 x 產業創新 2025/6/26 https://www.accupass.com/event/2505230743101674621110 ISO資安×隱私×AI 三合一內部稽核員訓練課程 2025/6/26 https://www.accupass.com/event/2504140907521623826500 [On-Line] AWS Global Community Gatherings #8 2025/6/27 https://www.meetup.com/awsglobalcommunitygatherings/events/307414965/ ESG再升級 -- 資訊安全如何撐起企業永續力 2025/6/27 https://www.accupass.com/event/2505230142041886681305 Taiwan Robotics Meetup 六月場 2025/6/27 https://www.meetup.com/taipei-robotics-meetup-group/events/308129341/ 2025年6月-iPAS 資訊安全工程師(中級)能力培訓班 2025/6/28 https://www.accupass.com/event/2504240832428194630570 Startup Teaming (Online) 2025/6/28 https://www.meetup.com/startup-agile-bangkok/events/307437160/ CraftCon Taiwan 2025/7/4 https://www.accupass.com/event/2504040359201021066990 2025 鋼索上管理課：國際資安/工安職人達人交流會 2025/7/6 https://www.accupass.com/event/2505010751034173651060 國際證照：AI人工智慧核心能力 2025/7/6 https://www.accupass.com/event/2503161022177054945860 InfoSec Taiwan 2025 國際資安組織大會 2025/7/9 https://csa.kktix.cc/events/infosectaiwan2025 HITCON Cyber Range 2025 企業藍隊競賽 2025/7/18 https://hitcon.kktix.cc/events/hitcon-cyberrange-2025 台灣駭客年會 HITCON Training 2025 2025/7/23 https://hitcon.kktix.cc/events/hitcon-training-2025 2025年8月-iPAS 資訊安全工程師(初級)能力培訓班-高雄場 2025/8/21 https://www.accupass.com/event/2504240921341381390216 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965