The Equifax breach, one example is, was traced back again into a vulnerability in the Apache Struts Website server software program. If the organization had set up the security patch for this vulnerability it could have prevented the condition, but often the software program update alone is compromised, as https://ieeexplore.ieee.org/document/9941250
