Researchers from Unit 42 discovered that a vulnerability in the Realtek Jungle SDK has been exploited in a large-scale attack on IoT devices. The vulnerability, known as CVE-2021-35394, allowed for remote code execution and affected almost 190 device types produced by 66 different companies. Most of the attacks were attempts to infect susceptible devices with malware. The vulnerability was made public in August 2021 and affects UDPServer in Realtek Jungle SDK versions 2.0 and later. The recent uptick in attacks exploiting the vulnerability highlights the danger of supply chain vulnerabilities, and it is crucial to regularly update devices with the latest patches and updates.