The Equifax breach, as an example, was traced back again to some vulnerability during the Apache Struts World-wide-web server software package. If the organization experienced installed the security patch for this vulnerability it might have averted the issue, but at times the software update by itself is compromised, as https://ieeexplore.ieee.org/document/9941250
