Actually that isn't true, there were a few e.g.
https://www.hpcfactor.com/news/?iid=245
I wrote an editorial on it many years back
https://www.hpcfactor.com/reviews/editorial/is-the-hpc-really-anti-virus/
There were no mass exploit infections for Windows CE, due to the market share. This doesn't mean that there aren't actively exploited zero-day vulnerabilities in CE that hackers are unable to compromise. The chances of them coming across a CE device are fairly small however, as most of the rapidly declining number of lingering device swill be on private networks
(petrol pumps, shop tills, ATMs
) and so not represent a high return opportunity.