"Researchers have discovered at least 9,000 exposed #VNC endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks"

https://www.bleepingcomputer.com/news/security/over-9-000-vnc-servers-exposed-online-without-a-password/