###### tags: `資安事件新聞週報` # 資安事件新聞週報 2026/1/19 ~ 2026/1/23 1.重大弱點漏洞/後門/Exploit/Zero Day Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers https://thehackernews.com/2026/01/cloudflare-fixes-acme-validation-bug.html Cloudflare修補ACME驗證邏輯漏洞，攻擊者有機會繞過網頁應用程式防火牆存取原始主機 https://thehackernews.com/2026/01/cloudflare-fixes-acme-validation-bug.html 思科修補郵件安全閘道及上網安全閘道已遭利用的零時差漏洞 https://www.ithome.com.tw/news/173478 Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways https://thehackernews.com/2026/01/cisco-patches-zero-day-rce-exploited-by.html Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex https://thehackernews.com/2026/01/cisco-fixes-actively-exploited-zero-day.html 思科修補整合通訊管理平臺Unified CM、Webex產品可允許任意指令執行的零時差漏洞 https://www.ithome.com.tw/news/173521 Fortinet單一登入整合功能的重大漏洞傳出攻擊活動，防火牆遭變更組態 https://www.ithome.com.tw/news/173541 Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html Fortinet 修補 FortiSIEM 重大漏洞，未經驗證攻擊者可遠端執行任意程式碼 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12633 Fortinet FortiSIEM重大漏洞CVE-2025-64155已被攻擊者濫用，資安風險升高 https://www.ithome.com.tw/news/173425 Microsoft推出2026年1月 Patch Tuesday每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12635 微軟1月例行更新出錯，引發Windows裝置無法開機、遠端連線 https://www.ithome.com.tw/news/173472 China-Linked APT Exploited Sitecore Zero-Day in Critical Infrastructure Intrusion https://thehackernews.com/2026/01/china-linked-apt-exploits-sitecore-zero.html Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs https://thehackernews.com/2026/01/chainlit-ai-framework-flaws-enable-data.html Oracle Critical Patch Update for January 2026 https://www.oracle.com/security-alerts/cpujan2026.html CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution https://thehackernews.com/2026/01/certcc-warns-binary-parser-bug-allows.html AMD處理器存在StackWarp弱點，恐被用於繞過SEV-SNP防護機制 https://thehackernews.com/2026/01/new-stackwarp-hardware-flaw-breaks-amd.html SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release https://thehackernews.com/2026/01/smartermail-auth-bypass-exploited-in.html Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html Filling the Most Common Gaps in Google Workspace Security https://thehackernews.com/2026/01/filling-most-common-gaps-in-google.html DNS伺服器BIND 9存在高風險漏洞，攻擊者可利用惡意DNS記錄造成當機 https://gbhackers.com/bind-9-flaw-crashes-servers/ NVIDIA CUDA Toolkit漏洞可被用於命令注入、任意程式碼執行 https://gbhackers.com/cuda-flaw-enables-code-execution/ K8s工具External Secrets Operator存在重大漏洞，攻擊者可充當後門竊取敏感資料 https://securityonline.info/cve-2026-22822-critical-flaw-in-external-secrets-operator-breaks-namespace-isolation/ Zoom修補近滿分的命令注入漏洞，參與會議的攻擊者可用於遠端執行任意程式碼 https://gbhackers.com/critical-zoom-vulnerability-enables-remote-code-execution/ GitLab修補高風險的雙因素驗證繞過及DoS漏洞 https://www.bleepingcomputer.com/news/security/gitlab-warns-of-high-severity-2fa-bypass-denial-of-service-flaws/ 開源AI應用程式框架Chainlit存在高風險漏洞，攻擊者可用於讀取伺服器任何檔案、洩露敏感資訊 https://www.bleepingcomputer.com/news/security/chainlit-ai-framework-bugs-let-hackers-breach-cloud-environments/ WordPress外掛ACF Extended存在重大漏洞，攻擊者可未經身分驗證取得管理員權限 https://www.bleepingcomputer.com/news/security/acf-plugin-bug-gives-hackers-admin-on-50-000-wordpress-sites/ WordPress外掛Modular DS重大漏洞被鎖定，駭客恐藉此得到網站管理權限 https://www.ithome.com.tw/news/173499 Anthropic用於Git的MCP伺服器曝三漏洞，提示注入可繞過路徑限制並覆寫檔案 https://www.ithome.com.tw/news/173504 ServiceNow AI平臺爆漏洞，允許攻擊者冒用帳號並劫持AI代理流程 https://www.ithome.com.tw/news/173500 駭客鎖定配置錯誤的代理伺服器與LLM端點，試圖濫用付費API https://www.ithome.com.tw/news/173300 HPE修補Instant On高風險漏洞，無線基地臺恐洩漏VLAN資訊並遭DoS攻擊 https://www.ithome.com.tw/news/173454 一度被誤判高風險，zlib漏洞CVE-2026-22184資安風險大轉彎 https://www.ithome.com.tw/news/173395 2.銀行/金融/保險/證券/金融監理 新聞及資安 加拿大投資監管組織CIRO證實未經授權存取事件，75萬投資人資料受影響 https://www.ithome.com.tw/news/173480 康和證強化資安治理 納入康和期完成驗證 https://reurl.cc/eV2kEm 以信任與韌性驅動金控整併，台新新光金的萬億資產防線 https://www.ithome.com.tw/people/173514 3.信用卡/電子支付/行動支付/pay/支付系統/資安 台北捷運用手機掃碼進站！最強1招「再領2500元回饋金」，乘車碼/信用卡/17家支付方式總整理 https://www.storm.mg/lifestyle/11091949 簡單行動支付推出「藍新簡單收SoftPOS」 首年預計導入千家商戶 https://money.udn.com/money/story/5613/9263134 支付體驗與防詐意識一起來!LINE Pay推「數位共融 青銀共好」公益專案 https://reurl.cc/rKqYaE Visa揭示2026年從代理式商務到互通支付的新藍圖 https://itpromag.com/2026/01/23/visa-9/ 從全支付事件瞭解現行電子支付機制設計及防詐意識 https://tfc-taiwan.org.tw/understanding-e-payment-mechanisms-and-fraud-awareness-from-quanpay-incident/ 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 2025年加密貨幣竊案創新高，損失達27億美元 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12641 瑞銀傳計劃開放加密貨幣交易，高淨值客戶有望直接買賣比特幣、以太坊 https://www.blocktempo.com/ubs-crypto-private-banking/ 加密貨幣交易所熱錢包遭駭 金管會年底控管將趨嚴 https://udn.com/news/story/7239/9285106 Coinbase阻擋立法引反彈 華府加密圈路線分裂 https://reurl.cc/Abr38p 加密貨幣罪犯如何「故伎重演」，從人們手中竊取七億美元 https://www.thenewslens.com/article/263828 Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion https://thehackernews.com/2026/01/tudou-guarantee-marketplace-halts.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 中國駭客組織開發VoidLink惡意軟體框架，鎖定Linux雲端環境 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12636 勒索軟體組織RansomHub宣稱成功攻擊立訊，揚言公開其客戶蘋果、Nvidia、特斯拉的資料 https://www.ithome.com.tw/news/173495 APT駭客滲透財星前百大公司的網路環境，利用惡意軟體PDFSider建立後門通訊 https://www.ithome.com.tw/news/173482 後門程式LotusLite鎖定美國政府機關而來，透過委內瑞拉議題為誘餌散布 https://thehackernews.com/2026/01/lotuslite-backdoor-targets-us-policy.html 惡意軟體GootLoader透過1千個ZIP檔串接的壓縮檔傳送，企圖迴避防毒軟體偵測 https://www.ithome.com.tw/news/173475 木馬程式Remcos RAT偽裝成公用程式VeraCrypt散布，目的是竊取各式憑證 https://gbhackers.com/remcos-rat-campaign/ 竊資軟體StealC遭駭，研究人員透過跨站指令碼漏洞存取駭客的管理主控臺 https://www.bleepingcomputer.com/news/security/stealc-hackers-hacked-as-researchers-hijack-malware-control-panels/ 惡意軟體Evelyn Stealer濫用Visual Studio Code延伸套件散布，以截圖工具引誘開發人員上當 https://gbhackers.com/visual-studio-code/ 駭客假借提供Malwarebytes端點防護工具為幌子，透過DLL側載植入竊資軟體 https://securityonline.info/fake-malwarebytes-campaign-exploits-dll-sideloading-to-drop-infostealers/ 記憶體內運作的惡意程式Pulsar RAT針對Windows電腦而來，駭客利用HVNC進行遠端接管 https://gbhackers.com/pulsar-rat-abuses-memory-only-execution-and-hvnc-for-stealthy-remote-takeover/ 惡意Chrome延伸套件鎖定人資及ERP系統用戶而來，企圖挾持憑證與帳號存取權限 https://www.ithome.com.tw/news/173435 瀏覽器惡意軟體活動GhostPoster可追溯到5年前，Chrome、Edge、Firefox用戶皆為目標 https://www.ithome.com.tw/news/173439 GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection https://thehackernews.com/2026/01/gootloader-malware-uses-5001000.html Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures https://thehackernews.com/2026/01/crashfix-chrome-extension-delivers.html Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations https://thehackernews.com/2026/01/security-bug-in-stealc-malware-panel.html Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice https://thehackernews.com/2026/01/black-basta-ransomware-hacker-leader.html Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto https://thehackernews.com/2026/01/evelyn-stealer-malware-abuses-vs-code.html VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code https://thehackernews.com/2026/01/voidlink-linux-malware-framework-built.html Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts https://thehackernews.com/2026/01/malicious-pypi-package-impersonates.html New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack https://thehackernews.com/2026/01/new-osiris-ransomware-emerges-as-new.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order https://thehackernews.com/2026/01/tiktok-forms-us-joint-venture-to.html 5G核心網路元件Open5GS存在憑證寫死的重大漏洞 https://securityonline.info/cve-2026-0622-hardcoded-secret-exposes-open5gs-5g-core-networks/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 為加速NTLMv1棄用，Mandiant公布Net-NTLMv1彩虹表 https://www.ithome.com.tw/news/173516 美國白宮推動雲端身分安全強化，NIST與CISA發布身分權杖防護指引草案 https://www.ithome.com.tw/news/173481 四個AWS維護的公開儲存庫因建置觸發設定疏漏，一度險遭接管 https://www.ithome.com.tw/news/173418 MITRE公布嵌入式系統安全框架 https://www.ithome.com.tw/news/173523 歐洲首部 AI 資安標準出爐 ! ETSI EN 304 223 建立全生命週期防護框架 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12647 駭客利用假的Ollama伺服器發動逾9萬次攻擊，企圖偵察企業建置的AI系統 https://hackread.com/hackers-attack-ai-systems-fake-ollama-servers/ 研究人員揭露新型態Kerberos中繼攻擊手法，可藉由DNS CNAME繞過防禦措施 https://gbhackers.com/new-kerberos-relay-technique-exploits-dns-cnames-to-bypass-existing-defenses/ 臺灣面臨的國家級駭客活動事件數量居全球第6，IT產業是中國駭客主要目標 https://www.ithome.com.tw/news/173526 億光子公司億力光電遭駭客攻擊，該公司表示對營運無重大影響 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=181920&SPOKE_DATE=20260119&COMPANY_ID=2393 美國國會電子郵件系統疑似遭中國駭客入侵 https://www.ithome.com.tw/news/173335 汽車零件業者昭輝遭網路攻擊，伺服器資料遭加密 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=181312&SPOKE_DATE=20260118&COMPANY_ID=1339 阿富汗政府被鎖定，駭客利用假公告從事網路間諜活動Nomad Leopard https://securityonline.info/nomad-leopard-spotted-in-the-wild-cyber-espionage-campaign-targets-afghan-government/ 以國家安全為由，中國要求企業停用美國、以色列的資安軟體 https://www.ithome.com.tw/news/173493 ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories https://thehackernews.com/2026/01/threatsday-bulletin-pixel-zero-click.html North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews https://thehackernews.com/2026/01/north-korean-purplebravo-campaign.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 IT服務臺Zendesk遭到濫用，駭客以此發動大規模垃圾郵件攻擊 https://www.ithome.com.tw/news/173548 駭客透過社交工程對IT服務臺下手，轉走員工薪資牟取經濟利益 https://www.ithome.com.tw/news/173519 微軟聯手執法單位打擊RedVDS網路犯罪訂閱服務，阻斷釣魚詐騙供應鏈 https://www.ithome.com.tw/news/173394 歐鐵票券營運公司被駭，外洩客戶個資及訂位資訊 https://www.ithome.com.tw/news/173405 勒索軟體Everest聲稱入侵印度麥當勞，公布近7,300萬Under Armour客戶資料 https://www.ithome.com.tw/news/173515 勒索軟體Everest聲稱入侵印度麥當勞，竊得861 GB資料 https://hackread.com/everest-ransomware-mcdonalds-india-breach-customer-data/ IT業者Ingram Micro遭遇勒索軟體攻擊調查結果出爐，逾4.2萬人個資外流 https://www.ithome.com.tw/news/173494 駭客假借提供擋廣告延伸套件從事ClickFix變種網釣，以瀏覽器當機為由誘騙使用者執行惡意指令 https://www.ithome.com.tw/news/173506 永擎電子外包廠商發生帳密資料外流事故 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=114551&SPOKE_DATE=20260122&COMPANY_ID=7711 LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing https://thehackernews.com/2026/01/lotuslite-backdoor-targets-us-policy.html LastPass用戶遭鎖定，駭客假借維護通知要求用戶限時備份密碼保險庫，企圖騙取主密碼 https://www.ithome.com.tw/news/173522 LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords https://thehackernews.com/2026/01/lastpass-warns-of-fake-maintenance.html Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access https://thehackernews.com/2026/01/phishing-attack-uses-stolen-credentials.html Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms https://thehackernews.com/2026/01/microsoft-flags-multi-stage-aitm.html E.研究報告/工具 OpenAI對ShadowLeak攻擊的防護未完全封堵，研究人員再揭露ChatGPT新濫用手法ZombieAgent https://www.ithome.com.tw/news/173273 Your Digital Footprint Can Lead Right to Your Front Door https://thehackernews.com/2026/01/your-digital-footprint-can-lead-right.html Why Secrets in JavaScript Bundles are Still Being Missed https://thehackernews.com/2026/01/why-secrets-in-javascript-bundles-are.html Filling the Most Common Gaps in Google Workspace Security https://thehackernews.com/2026/01/filling-most-common-gaps-in-google.html F.商業 CrowdStrike傳出以4.2億美元買下瀏覽器資安業者Seraphic https://www.ithome.com.tw/news/173479 從網路到資安的進化：第一線資訊科技以SD-WAN結合SASE助台商安全出海 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12634 AI生成漏洞通報氾濫，Curl維護者終止抓蟲獎勵方案 https://www.ithome.com.tw/news/173546 Let's Encrypt六天短效TLS憑證與IP位址憑證正式上線 https://www.ithome.com.tw/news/173453 Anthropic捐150萬美元力挺Python基金會，強化PyPI供應鏈安全 https://www.ithome.com.tw/news/173344 OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans https://thehackernews.com/2026/01/openai-to-show-ads-in-chatgpt-for.html DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses https://thehackernews.com/2026/01/high-costs-of-devops-saas-downtime.html New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs https://thehackernews.com/2026/01/new-stackwarp-hardware-flaw-breaks-amd.html The Hidden Risk of Orphan Accounts https://thehackernews.com/2026/01/the-hidden-risk-of-orphan-accounts.html Exposure Assessment Platforms Signal a Shift in Focus https://thehackernews.com/2026/01/exposure-assessment-platforms-signal.html CTM360 Analysis Shows How Fake Banks Exploit Search and Trust https://thehackernews.com/expert-insights/2026/01/ctm360-analysis-shows-how-fake-banks.html Do You Really Know Your AI Landscape https://thehackernews.com/expert-insights/2026/01/do-you-really-know-your-ai-landscape.html G.政府 資安署114年12月資安月報：《危害國家資通安全產品審查辦法》正式上路；SSL VPN漏洞成駭客入侵破口 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12640 外交部與數位發展部攜手合作，整合台灣雄厚數位實力，達成固邦榮邦目標 https://www.mofa.gov.tw/News_Content.aspx?n=95&sms=73&s=121555 數位實力鏈結全球 　數發部、外交部首開雙首長會議推動總和外交 https://moda.gov.tw/press/press-releases/18726 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 西門子、施耐德、菲尼克斯電氣等工控大廠修補高風險漏洞，工業邊緣與製程系統受影響 https://www.ithome.com.tw/news/173434 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 用積木學 Scrum - 台中敏捷社群推廣活動 2026/1/31 https://www.accupass.com/event/2512021357487819263820 AI資安新戰場 企業超前部屬防駭 免費體驗 2026/2/11 https://www.accupass.com/event/2502110717236228411690 DEVCORE CONFERENCE 2026 2026/3/14 https://devcore.kktix.cc/events/devcoreconf2026