I was a backend developer for a startup company where:
Windows servers without any firewall and security hardening.
Docker swarm without WSL. We had to use 4 GB Windows base images for 50MB web apps.
MSSQL without any replication and backups.
Redis installed on Windows via 3rd-party tool that looked like a 2010 era keygen generator.
A malware exploited the Redis * what a surprise * and kept killing processes to mine crypto on CPU...
VPS provider forgot to activate new Windows Server on production and it kept restart for every 30 minutes until I checked the logs and notified them about the missing license.