The Equifax breach, by way of example, was traced again to your vulnerability in the Apache Struts Internet server application. If the business had installed the safety patch for this vulnerability it could have avoided the issue, but from time to time the software update itself is compromised, as https://www.researchgate.net/publication/365308473_Development_of_Cyber_Attack_Model_for_Private_Network