"Attackers were able to glean user credentials from memory on a CHS Juniper device via the heartbleed vulnerability (which was vulnerable at the time) and use them to login via a VPN." TrustedSec explained.
there are still millions of instances that are NOT patched as it should have been and there is also the worry that they didn't use new certificates because the old ones could have been compromised
so there is still more like this shit to come
and as a reminder for Belgians there was before the summer some very critical infrastructure that was NOt patched as it should have been and it took weeks to have it patched