This is effectively what happened with the BotGhost vulnerability a few months back:

https://news.ycombinator.com/item?id=44359619