Threat actors use bots to automatically scan large numbers of systems for known vulnerabilities. When an exploitable system is found, hackers follow up with direct attacks.
The follow-up activity can take a variety of forms, depending on the weakness that was discovered. Immediate attacks include data breaches, malware drops, and ransomware encryption attacks. For large networks that are perceived to have high long-term value, the attacker might install a backdoor instead, then use it to penetrate the network more deeply.
There are many examples of discoverable vulnerabilities being exploited. Perhaps the most severe and notorious recent security incident is the Equifax breach, which was made possible by an unpatched vulnerability in Apache Struts.