> Why isn't there criminal prosecution for the managers of companies that leave vulnerabilities unpatched?
Because that would be damn stupid thing to do.
> As far as I can tell, they are directly acting to help the activities of criminals and organized crime all around the world.
So does roads and airports, but nobody is trying to prosecute them.
> Oh, and maybe they should be forced to pay a reparation of $100k at least (or an equal share of their assets after they declare bankruptcy due to this) for every person they intentionally put in danger of getting all their personal data stolen and/or destroyed.
Or you could just take responsibility for your own life and not use shitty software.