A series of cybersecurity incidents have highlighted vulnerabilities in VPNs, IoT devices, and routers, exposing over 4 million systems to potential attacks. Researchers identified flaws in tunneling protocols such as IP6IP6, GRE6, 4in6, and 6in4, affecting VPN servers, routers, and 46,000 VPN servers. These vulnerabilities allow attackers to bypass security measures, infiltrate networks, and launch denial-of-service (DoS) attacks. Separately, a China-aligned APT group, PlushDaemon, targeted South Korean VPN provider IPany in a supply chain attack, embedding the SlowStepper backdoor in legitimate installer files. This malware enables extensive surveillance and data collection. Another campaign by Silver Fox APT used the PNGPlug loader to deliver ValleyRAT malware in espionage operations. Additionally, IoT botnets like the AIRASHI and Murdoc botnets have been exploiting zero-day vulnerabilities in devices such as cnPilot routers and Huawei routers to execute large-scale distributed denial-of-service (DDoS) attacks, with some attacks reaching capacities of up to 5.6 Tbps. The Murdoc Botnet, involving 1,300 IPs, also incorporates proxyware functionality. These incidents underscore the ongoing risks posed by inadequate IoT security and the need for robust cybersecurity measures.