The Equifax breach, such as, was traced back into a vulnerability within the Apache Struts Net server application. If the business had set up the safety patch for this vulnerability it might have averted the situation, but often the software package update itself is compromised, as was the situation https://www.researchgate.net/publication/365308473_Development_of_Cyber_Attack_Model_for_Private_Network