The Equifax breach, by way of example, was traced again to some vulnerability during the Apache Struts Website server software program. If the business had put in the safety patch for this vulnerability it might have averted the condition, but often the software update itself is compromised, as was https://ieeexplore.ieee.org/document/9941250