@Kadsenchaos imagine how you feel as a penetration tester seeing this all day ... :D

I have not had a single internal network assessment last year where default credentials were not an issue...

@Kadsenchaos I have spent over half my working life trying (to help) to protect people and companies. And so often, not only did clients ignore my advice, but they acted in direct contradiction to my recommendations. Always with the same excuses and justifications: "We’re not that interesting", "Nothing has ever happened before", "No one (our competitors) pays attention to such details – we’re already doing much better than the others", "It’s all far too expensive." and so on... Even in years of incredible critical public vulnerabilities. Everytime I think: such massiv impacts could lead into a more secure direction, but... no. It seems like they forget about it 2 seconds later, or think, that happens only other people/companies.

Honestly, I could lean back with a sense of vindication sometimes, but that was never my goal or inner intention — to let people knowingly crash into the proverbial wall.
I wish everyone, especially in light of the recent incidents (for example) at VW and Gematik (with the electronic patient record), would take security more seriously and approach these issues with much greater humility—instead of sometimes still lying to our faces. Because, as you rightly say, @Kadsenchaos : these security vulnerabilities were often preventable.