On March 10, the Cyber Threat Alert Level was evaluated and is being raised to Yellow (Elevated). On March 3, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released an activity alert (AA21-062A) and Emergency Directive (ED) 21-02, both addressing critical vulnerabilities in versions of Microsoft Exchange servers. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network. These vulnerabilities are being actively exploited in the wild and all organizations with affected versions of Microsoft Exchange Server are urged to patch their systems immediately. For more information on this threat, CIS has created a web page at https://www.cisecurity.org/ms-exchange-zero-day/. On March 4, the MS-ISAC released an update to an advisory for multiple vulnerabilities in Google Android OS, the most severe of which could allow for remote code execution. On March 9, the MS-ISAC released two advisories. The first of these was for multiple vulnerabilities in Microsoft products, the most severe of which could allow for remote code execution. The second advisory released was for a vulnerability in Apple products, which could allow for arbitrary code execution. On March 10, the MS-ISAC released an advisory for multiple vulnerabilities in Adobe products, the most severe of which could allow for arbitrary code execution. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.