The Equifax breach, as an example, was traced back again to a vulnerability within the Apache Struts World wide web server application. If the corporate had mounted the security patch for this vulnerability it could have prevented the problem, but sometimes the program update by itself is compromised, as https://www.researchgate.net/publication/365308473_Development_of_Cyber_Attack_Model_for_Private_Network