How do I know/find out about Minecraft Server Vulnerabilities?

I remember playing Minecraft (Java-we’re only talking about Minecraft Java on the computer here) at like 13-14 years old, and having this server owner claim that the server has been hacked, and that attackers were able to gain extra privileges on Minecraft, like operator (in-game admin) status and such, as well as griefing (destroying other people’s builds without permission) and other types of attacks.

But I have always wondered how the attackers did it, or if the server owner even knew what was going on. There are lots of mods and “tricks” out there on getting operator status, getting creative mode, blaw blaw blaw, but most of it, as far as I have seen, are either bogus mods (probably infested with malware for the player), or social engineering attacks.

Are there any legitimate attacks on the Minecraft server Java application itself, that would allow players to give themselves operator (admin) status? How would I go about finding the technical details of those attacks?

The social engineering attacks make sense, but I am still puzzled on how to figure out how the other attacks happened. Since it was a modded server, some of the griefing protections didn’t work. Those attacks made sense. But I never understood about them getting administrator access though the Minecraft Java server. Maybe they SSH’d into the server? Maybe they hacked into Multicraft (a web-based control panel for Minecraft)? Maybe another application on the server, that wasn’t Minecraft Server Java application? Maybe they exploited the Mojang account, by either having a bogus web page for the server owner to fill in the credentials, to get the password? That would still be a social engineering attack.