Last week, Microsoft released new emergency security updates to patch four security vulnerabilities in Microsoft Exchange Server versions 2013 through 2019. It's estimated that over 30,000 U.S. organizations from small businesses to towns, cities, and local governments have been hacked as a result of an aggressive Chinese cyber espionage unit who were actively using the vulnerabilities to funnel email communications from online systems running Microsoft Exchange.
Brian Krebs gives a thorough overview of this very serious situation on his blog post here: https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/