February 2026 CVE Landscape: 13 Critical Vulnerabilities Mark 43% Drop from January

**February 2026 vulnerability and exploitation overview:** Recorded Future's Insikt Group documents 13 actively exploited, 'Very Critical' vulnerabilities (a 43% decrease from January) that include a Notepad++ supply-chain compromise delivering Cobalt Strike and the Chrysalis backdoor, MSHTML exploitation by APT28 via malicious .lnk files, and campaigns against Dell RecoverPoint and Cisco SD‑WAN by suspected state-aligned actors; the report provides affected versions, IoCs (IPs and hashes), detection rules, and prioritized remediation actions.