I've been playing with new Home Automation software lately, and stumbled on this thread yesterday
Home Assistant security concern
Its relevant to this thread because some HA users were hacked because they had open (forwarded) ports so they could access HA when away from home.
Its a long thread, but if you read the beginning you'll get the point of what happened.
I think they eventually figured out there was a security flaw in HA, which coupled with an open port, and a default samba configuration that allows guests (no password needed), well it was like leaving your front door open.
Guys were able to hack into a network without any passwords.
So another reminder to turn off all port forwarding.
And the tool I linked to a few posts ago works well to check for open ports. I had an open port because of FTP, not because I had forwarded any ports.
Randy