![Cybersecurity News | Daily Recap [04 Feb 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [04 Feb 2026]")
Daily Recap, patches and active exploitation are underway for several critical flaws, including the Metro4Shell vulnerability (CVE-2025-11953) delivering PowerShell loaders, the vLLM RCE via malicious video URLs affecting millions of AI servers, and Foxit PDF Editor XSS bugs requiring immediate updates and mitigations. Additionally, Iran-linked APT42 used social engineering to deploy the fileless TAMECAT backdoor; Mountain View shut down Flock Safety ALPR cameras after unauthorized searches, Lakelands Health disclosed a cyberattack with no patient data exposure, Grok investigations in France prompting a raid, and RADICL and RapidFort securing funding to boost threat detection and software supply-chain security. #Metro4Shell #vLLMRCE #FoxitXSS #APT42 #TAMECAT #MountainView #FlockSafety #LakelandsHealth #Grok #Europol #FranceBan #RADICL #RapidFort
Vulnerabilities & Exploits
- Active exploitation and patches announced for multiple critical flaws: the React Native Metro4Shell (CVE-2025-11953) delivering PowerShell loaders and Rust payloads, a critical vLLM RCE (CVE-2026-22778) via malicious video URLs affecting millions of AI servers, and Foxit PDF Editor XSS bugs — apply updates and mitigations immediately. – Metro4Shell, vLLM RCE, Foxit XSS
Active Campaigns
- Iran-linked APT42 used social engineering to compromise senior defense officials and deploy the fileless PowerShell backdoor TAMECAT, which runs in memory and uses AES-256 configs plus Telegram/Cloudflare/Discord C2 to steal browser data and exfiltrate information. – TAMECAT
Breaches & Incidents
- The city of Mountain View shut down Flock Safety ALPR cameras after discovering unauthorized out-of-state and nationwide searches of license-plate data, prompting a council review of vendor access controls and surveillance practices. – ALPR Cameras
- Lakelands Public Health confirmed a cyberattack discovered on 29 Jan 2026, saying systems were secured, a major forensics firm was engaged, and initial findings show sensitive immunization and infectious disease records were not impacted. – Lakelands Health
AI & Regulation
- French police raided X offices amid growing probes into the Grok chatbot over nonconsensual sexual deepfakes, potential child sexual abuse material, Holocaust denial content, and alleged moderation failures across EU authorities and Europol. – Grok Raid
- France approved a bill banning social media for children under 15 and restricting mobile phone use in high schools (passed 130-21) with implementation expected in September pending the Senate, aligning with measures in Australia and proposals in the UK. – France Ban
Funding & Industry
- RADICL raised $31 million to expand its virtual SOC (vSOC) capabilities and scale threat detection and response offerings. – RADICL $31M
- RapidFort secured $42M to accelerate automated software supply-chain security, offering SBOMs, near-zero-CVE container images, and runtime hardening to reduce attack surface and meet standards like FedRAMP and CMMC. – RapidFort $42M