The Equifax breach, such as, was traced again to some vulnerability from the Apache Struts Net server software. If the corporation experienced set up the security patch for this vulnerability it could have prevented the issue, but from time to time the software program update itself is compromised, as https://www.researchgate.net/publication/365308473_Development_of_Cyber_Attack_Model_for_Private_Network
