Nation-state exploit kits, such as Coruna and DarkSword, are being disseminated on the Dark Web and publicly available platforms like GitHub, posing a significant threat to organizations worldwide. These kits, initially developed for targeted attacks, are now being commodified and made accessible to a broader range of threat actors. The implications of this trend are far-reaching, as state-aligned threat activity can have geopolitical consequences that extend beyond the immediate target1. The democratization of these exploit kits means that ordinary organizations may struggle to defend themselves against such sophisticated attacks. Technical details of these kits are being openly shared, allowing attackers to refine and adapt them for various campaigns. As a result, practitioners must be aware of the elevated threat landscape and take proactive measures to bolster their defenses. The increased availability of nation-state exploit kits raises the stakes for cybersecurity professionals, who must now contend with potentially state-backed threats.