Exploits are everywhere in IT, including Cisco. So yes, there is/was big vulnerability, misused massively. It is already fixed for several months and you can read more on forum or shortly summarized on blog: https://blog.mikrotik.com/
There are many topics all around. I am really surprised you were able to miss them
I really cant point one specific topic because there are bits and pieces in many and i already lost track of them. Main topic is viewtopic.php?f=21&t=133533
make sure to disconnect your device from any non-trusted network before you start proceeding
. Safest method will be always Netinstall as it completely wipe the storage and config so nothing can survive, however, I strongly recommend you to read more about different ways to clean your device.