The Equifax breach, for instance, was traced again into a vulnerability from the Apache Struts Net server application. If the organization had put in the safety patch for this vulnerability it might have prevented the condition, but at times the application update itself is compromised, as was the situation https://www.researchgate.net/publication/365308473_Development_of_Cyber_Attack_Model_for_Private_Network