Lots & lots of companies want to sell you gizmos to turn your dumb domicile into a Smart Home. These devices each have their own mini computer, & just like any computer, it can be hacked. And Very Many of these devices are orphaned the moment you open the box -- for a relatively short while you may be able to return them to the seller, but that's about it. BleepingComputer writes about a severe security flaw [ranked 9.8 out of 10] that was promptly fixed by RealTek, the company that makes the chipset, but just because there's a fix doesn't mean you'll get it, or even know about it -- it's up to the companies that make the devices to incorporate, push out, & inform you of any fixes. Up until December 2022, Palo Alto Networks Unit 42 tracked 134 million exploit attempts -- people trying to find and get access to these IoT [smart home] devices, hoping to incorporate them in their botnets &/or use them as a gateway into your home network & from there your PCs & laptops.
bleepingcomputer[.]com/news/security/malware-exploited-critical-realtek-sdk-bug-in-millions-of-attacks/
Compared to 134 million, it might not seem as bad when another security team monitored people trying to log in via Remote Desktop 4.6 million times, using passwords largely culled from previous security breaches. Except this was one system [likely a VM] over a period of several weeks -- less than one month. While the article has tips to avoid a breach, targeting biz IT, to me the simple lesson is make sure RDP is Turned Off -- very, very few of us actually need it.
bleepingcomputer[.]com/news/security/lessons-learned-from-the-windows-remote-desktop-honeypot-report/