---
# System prepended metadata

title: 資安事件新聞週報 2026/1/19 ~ 2026/1/23
tags: [資安事件新聞週報]

---

###### tags: `資安事件新聞週報`
# 資安事件新聞週報 2026/1/19 ~ 2026/1/23

1.重大弱點漏洞/後門/Exploit/Zero Day
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
https://thehackernews.com/2026/01/cloudflare-fixes-acme-validation-bug.html

Cloudflare修補ACME驗證邏輯漏洞，攻擊者有機會繞過網頁應用程式防火牆存取原始主機
https://thehackernews.com/2026/01/cloudflare-fixes-acme-validation-bug.html

思科修補郵件安全閘道及上網安全閘道已遭利用的零時差漏洞
https://www.ithome.com.tw/news/173478

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
https://thehackernews.com/2026/01/cisco-patches-zero-day-rce-exploited-by.html

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
https://thehackernews.com/2026/01/cisco-fixes-actively-exploited-zero-day.html

思科修補整合通訊管理平臺Unified CM、Webex產品可允許任意指令執行的零時差漏洞
https://www.ithome.com.tw/news/173521

Fortinet單一登入整合功能的重大漏洞傳出攻擊活動，防火牆遭變更組態
https://www.ithome.com.tw/news/173541

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html

Fortinet 修補 FortiSIEM 重大漏洞，未經驗證攻擊者可遠端執行任意程式碼
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12633

Fortinet FortiSIEM重大漏洞CVE-2025-64155已被攻擊者濫用，資安風險升高
https://www.ithome.com.tw/news/173425

Microsoft推出2026年1月 Patch Tuesday每月例行更新修補包
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12635

微軟1月例行更新出錯，引發Windows裝置無法開機、遠端連線
https://www.ithome.com.tw/news/173472

China-Linked APT Exploited Sitecore Zero-Day in Critical Infrastructure Intrusion
https://thehackernews.com/2026/01/china-linked-apt-exploits-sitecore-zero.html

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs
https://thehackernews.com/2026/01/chainlit-ai-framework-flaws-enable-data.html

Oracle Critical Patch Update for January 2026
https://www.oracle.com/security-alerts/cpujan2026.html

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
https://thehackernews.com/2026/01/certcc-warns-binary-parser-bug-allows.html

AMD處理器存在StackWarp弱點，恐被用於繞過SEV-SNP防護機制
https://thehackernews.com/2026/01/new-stackwarp-hardware-flaw-breaks-amd.html

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
https://thehackernews.com/2026/01/smartermail-auth-bypass-exploited-in.html

Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html

Filling the Most Common Gaps in Google Workspace Security
https://thehackernews.com/2026/01/filling-most-common-gaps-in-google.html

DNS伺服器BIND 9存在高風險漏洞，攻擊者可利用惡意DNS記錄造成當機
https://gbhackers.com/bind-9-flaw-crashes-servers/

NVIDIA CUDA Toolkit漏洞可被用於命令注入、任意程式碼執行
https://gbhackers.com/cuda-flaw-enables-code-execution/

K8s工具External Secrets Operator存在重大漏洞，攻擊者可充當後門竊取敏感資料
https://securityonline.info/cve-2026-22822-critical-flaw-in-external-secrets-operator-breaks-namespace-isolation/

Zoom修補近滿分的命令注入漏洞，參與會議的攻擊者可用於遠端執行任意程式碼
https://gbhackers.com/critical-zoom-vulnerability-enables-remote-code-execution/

GitLab修補高風險的雙因素驗證繞過及DoS漏洞
https://www.bleepingcomputer.com/news/security/gitlab-warns-of-high-severity-2fa-bypass-denial-of-service-flaws/

開源AI應用程式框架Chainlit存在高風險漏洞，攻擊者可用於讀取伺服器任何檔案、洩露敏感資訊
https://www.bleepingcomputer.com/news/security/chainlit-ai-framework-bugs-let-hackers-breach-cloud-environments/

WordPress外掛ACF Extended存在重大漏洞，攻擊者可未經身分驗證取得管理員權限
https://www.bleepingcomputer.com/news/security/acf-plugin-bug-gives-hackers-admin-on-50-000-wordpress-sites/

WordPress外掛Modular DS重大漏洞被鎖定，駭客恐藉此得到網站管理權限
https://www.ithome.com.tw/news/173499

Anthropic用於Git的MCP伺服器曝三漏洞，提示注入可繞過路徑限制並覆寫檔案
https://www.ithome.com.tw/news/173504

ServiceNow AI平臺爆漏洞，允許攻擊者冒用帳號並劫持AI代理流程
https://www.ithome.com.tw/news/173500

駭客鎖定配置錯誤的代理伺服器與LLM端點，試圖濫用付費API
https://www.ithome.com.tw/news/173300

HPE修補Instant On高風險漏洞，無線基地臺恐洩漏VLAN資訊並遭DoS攻擊
https://www.ithome.com.tw/news/173454

一度被誤判高風險，zlib漏洞CVE-2026-22184資安風險大轉彎
https://www.ithome.com.tw/news/173395

2.銀行/金融/保險/證券/金融監理 新聞及資安
加拿大投資監管組織CIRO證實未經授權存取事件，75萬投資人資料受影響
https://www.ithome.com.tw/news/173480

康和證強化資安治理 納入康和期完成驗證
https://reurl.cc/eV2kEm

以信任與韌性驅動金控整併，台新新光金的萬億資產防線
https://www.ithome.com.tw/people/173514

3.信用卡/電子支付/行動支付/pay/支付系統/資安
台北捷運用手機掃碼進站！最強1招「再領2500元回饋金」，乘車碼/信用卡/17家支付方式總整理
https://www.storm.mg/lifestyle/11091949

簡單行動支付推出「藍新簡單收SoftPOS」 首年預計導入千家商戶
https://money.udn.com/money/story/5613/9263134

支付體驗與防詐意識一起來!LINE Pay推「數位共融 青銀共好」公益專案
https://reurl.cc/rKqYaE

Visa揭示2026年從代理式商務到互通支付的新藍圖
https://itpromag.com/2026/01/23/visa-9/

從全支付事件瞭解現行電子支付機制設計及防詐意識
https://tfc-taiwan.org.tw/understanding-e-payment-mechanisms-and-fraud-awareness-from-quanpay-incident/

4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安
2025年加密貨幣竊案創新高，損失達27億美元
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12641

瑞銀傳計劃開放加密貨幣交易，高淨值客戶有望直接買賣比特幣、以太坊
https://www.blocktempo.com/ubs-crypto-private-banking/

加密貨幣交易所熱錢包遭駭 金管會年底控管將趨嚴
https://udn.com/news/story/7239/9285106

Coinbase阻擋立法引反彈 華府加密圈路線分裂
https://reurl.cc/Abr38p

加密貨幣罪犯如何「故伎重演」，從人們手中竊取七億美元
https://www.thenewslens.com/article/263828

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion
https://thehackernews.com/2026/01/tudou-guarantee-marketplace-halts.html

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
中國駭客組織開發VoidLink惡意軟體框架，鎖定Linux雲端環境
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12636

勒索軟體組織RansomHub宣稱成功攻擊立訊，揚言公開其客戶蘋果、Nvidia、特斯拉的資料
https://www.ithome.com.tw/news/173495

APT駭客滲透財星前百大公司的網路環境，利用惡意軟體PDFSider建立後門通訊
https://www.ithome.com.tw/news/173482

後門程式LotusLite鎖定美國政府機關而來，透過委內瑞拉議題為誘餌散布
https://thehackernews.com/2026/01/lotuslite-backdoor-targets-us-policy.html

惡意軟體GootLoader透過1千個ZIP檔串接的壓縮檔傳送，企圖迴避防毒軟體偵測
https://www.ithome.com.tw/news/173475

木馬程式Remcos RAT偽裝成公用程式VeraCrypt散布，目的是竊取各式憑證
https://gbhackers.com/remcos-rat-campaign/

竊資軟體StealC遭駭，研究人員透過跨站指令碼漏洞存取駭客的管理主控臺
https://www.bleepingcomputer.com/news/security/stealc-hackers-hacked-as-researchers-hijack-malware-control-panels/

惡意軟體Evelyn Stealer濫用Visual Studio Code延伸套件散布，以截圖工具引誘開發人員上當
https://gbhackers.com/visual-studio-code/

駭客假借提供Malwarebytes端點防護工具為幌子，透過DLL側載植入竊資軟體
https://securityonline.info/fake-malwarebytes-campaign-exploits-dll-sideloading-to-drop-infostealers/

記憶體內運作的惡意程式Pulsar RAT針對Windows電腦而來，駭客利用HVNC進行遠端接管
https://gbhackers.com/pulsar-rat-abuses-memory-only-execution-and-hvnc-for-stealthy-remote-takeover/

惡意Chrome延伸套件鎖定人資及ERP系統用戶而來，企圖挾持憑證與帳號存取權限
https://www.ithome.com.tw/news/173435

瀏覽器惡意軟體活動GhostPoster可追溯到5年前，Chrome、Edge、Firefox用戶皆為目標
https://www.ithome.com.tw/news/173439

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
https://thehackernews.com/2026/01/gootloader-malware-uses-5001000.html

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
https://thehackernews.com/2026/01/crashfix-chrome-extension-delivers.html

Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
https://thehackernews.com/2026/01/security-bug-in-stealc-malware-panel.html

Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
https://thehackernews.com/2026/01/black-basta-ransomware-hacker-leader.html

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
https://thehackernews.com/2026/01/evelyn-stealer-malware-abuses-vs-code.html

VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code
https://thehackernews.com/2026/01/voidlink-linux-malware-framework-built.html

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts
https://thehackernews.com/2026/01/malicious-pypi-package-impersonates.html

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack
https://thehackernews.com/2026/01/new-osiris-ransomware-emerges-as-new.html

B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order
https://thehackernews.com/2026/01/tiktok-forms-us-joint-venture-to.html

5G核心網路元件Open5GS存在憑證寫死的重大漏洞
https://securityonline.info/cve-2026-0622-hardcoded-secret-exposes-open5gs-5g-core-networks/

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
為加速NTLMv1棄用，Mandiant公布Net-NTLMv1彩虹表
https://www.ithome.com.tw/news/173516

美國白宮推動雲端身分安全強化，NIST與CISA發布身分權杖防護指引草案
https://www.ithome.com.tw/news/173481

四個AWS維護的公開儲存庫因建置觸發設定疏漏，一度險遭接管
https://www.ithome.com.tw/news/173418

MITRE公布嵌入式系統安全框架
https://www.ithome.com.tw/news/173523

歐洲首部 AI 資安標準出爐 ! ETSI EN 304 223 建立全生命週期防護框架
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12647

駭客利用假的Ollama伺服器發動逾9萬次攻擊，企圖偵察企業建置的AI系統
https://hackread.com/hackers-attack-ai-systems-fake-ollama-servers/

研究人員揭露新型態Kerberos中繼攻擊手法，可藉由DNS CNAME繞過防禦措施
https://gbhackers.com/new-kerberos-relay-technique-exploits-dns-cnames-to-bypass-existing-defenses/

臺灣面臨的國家級駭客活動事件數量居全球第6，IT產業是中國駭客主要目標
https://www.ithome.com.tw/news/173526

億光子公司億力光電遭駭客攻擊，該公司表示對營運無重大影響
https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=181920&SPOKE_DATE=20260119&COMPANY_ID=2393

美國國會電子郵件系統疑似遭中國駭客入侵
https://www.ithome.com.tw/news/173335

汽車零件業者昭輝遭網路攻擊，伺服器資料遭加密
https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=181312&SPOKE_DATE=20260118&COMPANY_ID=1339

阿富汗政府被鎖定，駭客利用假公告從事網路間諜活動Nomad Leopard
https://securityonline.info/nomad-leopard-spotted-in-the-wild-cyber-espionage-campaign-targets-afghan-government/

以國家安全為由，中國要求企業停用美國、以色列的資安軟體
https://www.ithome.com.tw/news/173493

ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
https://thehackernews.com/2026/01/threatsday-bulletin-pixel-zero-click.html

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
https://thehackernews.com/2026/01/north-korean-purplebravo-campaign.html

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
IT服務臺Zendesk遭到濫用，駭客以此發動大規模垃圾郵件攻擊
https://www.ithome.com.tw/news/173548

駭客透過社交工程對IT服務臺下手，轉走員工薪資牟取經濟利益
https://www.ithome.com.tw/news/173519

微軟聯手執法單位打擊RedVDS網路犯罪訂閱服務，阻斷釣魚詐騙供應鏈
https://www.ithome.com.tw/news/173394

歐鐵票券營運公司被駭，外洩客戶個資及訂位資訊
https://www.ithome.com.tw/news/173405

勒索軟體Everest聲稱入侵印度麥當勞，公布近7,300萬Under Armour客戶資料
https://www.ithome.com.tw/news/173515

勒索軟體Everest聲稱入侵印度麥當勞，竊得861 GB資料
https://hackread.com/everest-ransomware-mcdonalds-india-breach-customer-data/

IT業者Ingram Micro遭遇勒索軟體攻擊調查結果出爐，逾4.2萬人個資外流
https://www.ithome.com.tw/news/173494

駭客假借提供擋廣告延伸套件從事ClickFix變種網釣，以瀏覽器當機為由誘騙使用者執行惡意指令
https://www.ithome.com.tw/news/173506

永擎電子外包廠商發生帳密資料外流事故
https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=114551&SPOKE_DATE=20260122&COMPANY_ID=7711

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing
https://thehackernews.com/2026/01/lotuslite-backdoor-targets-us-policy.html

LastPass用戶遭鎖定，駭客假借維護通知要求用戶限時備份密碼保險庫，企圖騙取主密碼
https://www.ithome.com.tw/news/173522

LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
https://thehackernews.com/2026/01/lastpass-warns-of-fake-maintenance.html

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
https://thehackernews.com/2026/01/phishing-attack-uses-stolen-credentials.html

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms
https://thehackernews.com/2026/01/microsoft-flags-multi-stage-aitm.html

E.研究報告/工具
OpenAI對ShadowLeak攻擊的防護未完全封堵，研究人員再揭露ChatGPT新濫用手法ZombieAgent
https://www.ithome.com.tw/news/173273

Your Digital Footprint Can Lead Right to Your Front Door
https://thehackernews.com/2026/01/your-digital-footprint-can-lead-right.html

Why Secrets in JavaScript Bundles are Still Being Missed
https://thehackernews.com/2026/01/why-secrets-in-javascript-bundles-are.html

Filling the Most Common Gaps in Google Workspace Security
https://thehackernews.com/2026/01/filling-most-common-gaps-in-google.html

F.商業
CrowdStrike傳出以4.2億美元買下瀏覽器資安業者Seraphic
https://www.ithome.com.tw/news/173479

從網路到資安的進化：第一線資訊科技以SD-WAN結合SASE助台商安全出海
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12634

AI生成漏洞通報氾濫，Curl維護者終止抓蟲獎勵方案
https://www.ithome.com.tw/news/173546

Let's Encrypt六天短效TLS憑證與IP位址憑證正式上線
https://www.ithome.com.tw/news/173453

Anthropic捐150萬美元力挺Python基金會，強化PyPI供應鏈安全
https://www.ithome.com.tw/news/173344

OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans
https://thehackernews.com/2026/01/openai-to-show-ads-in-chatgpt-for.html

DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses
https://thehackernews.com/2026/01/high-costs-of-devops-saas-downtime.html

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs
https://thehackernews.com/2026/01/new-stackwarp-hardware-flaw-breaks-amd.html

The Hidden Risk of Orphan Accounts
https://thehackernews.com/2026/01/the-hidden-risk-of-orphan-accounts.html

Exposure Assessment Platforms Signal a Shift in Focus
https://thehackernews.com/2026/01/exposure-assessment-platforms-signal.html

CTM360 Analysis Shows How Fake Banks Exploit Search and Trust
https://thehackernews.com/expert-insights/2026/01/ctm360-analysis-shows-how-fake-banks.html

Do You Really Know Your AI Landscape
https://thehackernews.com/expert-insights/2026/01/do-you-really-know-your-ai-landscape.html

G.政府
資安署114年12月資安月報：《危害國家資通安全產品審查辦法》正式上路；SSL VPN漏洞成駭客入侵破口
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12640

外交部與數位發展部攜手合作，整合台灣雄厚數位實力，達成固邦榮邦目標
https://www.mofa.gov.tw/News_Content.aspx?n=95&sms=73&s=121555

數位實力鏈結全球 　數發部、外交部首開雙首長會議推動總和外交
https://moda.gov.tw/press/press-releases/18726

H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
西門子、施耐德、菲尼克斯電氣等工控大廠修補高風險漏洞，工業邊緣與製程系統受影響
https://www.ithome.com.tw/news/173434

I.教育訓練
資安事件發生必要知道的復原程序，降低傷害
https://www.ithome.com.tw/pr/163614

iPAS資訊安全工程師中級筆記
https://hackmd.io/@Not/iPASInformationSecuritySpecialist

iPas資安工程師證照考前研習
https://reurl.cc/GEbA3p

iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題)
https://reurl.cc/orlD1g

EC Council CASE.NET 認證準備
https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html

EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義
https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html

GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計
https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad

Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！
https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/

一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程
https://www.ithome.com.tw/pr/160954

全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口
https://reurl.cc/m39MDj

CISSP資安認證的8大領域
https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html

CISSP考試心得
https://reurl.cc/KbY83j

CISSP考試心得 – Benson
https://reurl.cc/GbWvxd

目標導向-20天光速考過CISSP
https://reurl.cc/2Zq6zn

CISSP證照考試實戰心得 第一章：初期準備工作
https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat

CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略
https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies

CISSP證照考試實戰心得 第三章：終極一戰
https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle

Quick CISSP Infographic for IPSec
https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec

CSSLP Certification - Security models in F#
https://github.com/vbocan/csslp

Certified Secure Software Lifecycle Professional in bullet points
https://github.com/joeyhage/csslp-notes

CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/

EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8

CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh

CEH
https://github.com/a3cipher/CEH

CodeRed by EC-Council
https://github.com/codered-by-ec-council

EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習
https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2

EC-Council CEHP考試準備心得
https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po

My ceh practical notes
https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md

CEHP課程筆記
https://hackmd.io/@nfu-johnny/B1Ju_BMPR

ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials
https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4

EC-Council ECSA資安分析專家 v10 考試心得分享
https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html

20180817 EC-Council ECSA v10 PASS
https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html

關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享
https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d

深度解析 CPENT 考試心得、以及與 OSCP 的比較
https://reurl.cc/41eL8v

EC-Council CPENT v1 滲透測試認證 – 內容及心得分享
https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review

CPENT 從暴力到破解
https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295

Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master
https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f

CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證
https://ucom.uuu.com.tw/web/Testimony/Article/4404

kaizensecurity/CPENT
https://github.com/kaizensecurity/CPENT/tree/master

CPENT : Pentesting like NO OTHERS !
https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/

Journey of My CPENT Exam
https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917

[備考心得]CompTIA Security+ (SY0–601) 上篇
https://reurl.cc/M053DK

[備考心得]CompTIA Security+ (SY0–601) 下篇
https://reurl.cc/M053Gv

comptia-security-plus
https://github.com/ajfuto/comptia-security-plus

security-plus
https://github.com/fjavierm/security-plus

CompTIA Security+ Certification Practice Test Questions
https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette

不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書）
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html

App防駭學，資安防護實戰課程全面提升安全觀念
https://www.ithome.com.tw/pr/161505

OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享
https://hackmd.io/@henry-ko/HyQ56e8eF

OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 
http://github.com/In3x0rabl3/OSEP

OSCP（Offensive Security Certified Professional）
https://github.com/0x584A/oscp-notes/tree/master

ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年
https://reurl.cc/aVLoX9

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html

駭客與國家: 網路攻擊與地緣政治新常態
The hacker and the state: cyber attacks and the new normal of geopolitic
https://reurl.cc/D3nKKj

Practical Network Penetration Tester (PNPT) Certification Review
https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df

WUSON常用的基本詞彙
https://choson.lifenet.com.tw/?p=1958

證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」
https://www.ithome.com.tw/news/156754

用證照證明自己實力之餘，更應將證照視為督促學習的最大動力
https://www.ithome.com.tw/news/156756

打破證照誤解與迷思，資安專家帶你釐清資安證照的意義
https://www.ithome.com.tw/news/156755

Accelerate Your Career with the Global Leader in Cyber Security Training
https://www.sans.org/mlp/promo-partnership-hacker-news/

【成大資安社社課】資安禁術 - 逆向工程地獄試煉
https://www.youtube.com/watch?v=4Yc3-9CjG6U

透過實務演練，教你建立實作標準的安全SOP流程
https://www.ithome.com.tw/pr/163514

6.近期資安活動及研討會
用積木學 Scrum - 台中敏捷社群推廣活動  2026/1/31
https://www.accupass.com/event/2512021357487819263820

AI資安新戰場 企業超前部屬防駭 免費體驗  2026/2/11
https://www.accupass.com/event/2502110717236228411690

DEVCORE CONFERENCE 2026   2026/3/14
https://devcore.kktix.cc/events/devcoreconf2026