Just had to deal with a Cisco firewall / VPN that died. The hardware did not die - the firmware was compromised. Someone botched a remote update -- at least that is my best guess. And it was a good thing this happened. After replacing the Cisco device with a generic OpenWRT device, intruder attempts to the local server dropped to zero. Previously there were hundreds of attempts a day. Attempts to track down the malicious network device always came up empty - so I assumed a core network device was responsible but lacked the incentive to identify the specific device.
It is not like I never checked for firmware updates. The Cisco firewall reported the latest firmware with a matching checksum. But this was obviously not the case. I believe the device could have been compromised from day 1. Too bad, it was a well made device (good PCB design, components, etc.). Possibly that MachXO CPLD had a compromised firmware?