Exploit Pack, a well-known automated penetration testing framework and exploit repository, has allegedly been compromised. An unauthorized party claims to have exploited a vulnerability on the official exploitpack.com website to access and exfiltrate restricted data. The leak surfaced on February 1, 2026, with the actor stating they accessed the system via a security flaw on the site itself.
According to the actor, the compromised data represents a complete dump of the framework’s assets. The threat actor has released a file listing that reportedly includes:
-
Full Exploit Repository: A comprehensive collection of exploits dating from 2020 to 2026.
-
Shellcodes: Various shellcode files used for payload execution.
-
Source Code: Underlying code for specific vulnerability proofs-of-concept (PoCs).
-
Future/Premium Content: The actor explicitly mentions “Kernel Pack” and “Control Pack” exploits, which they claim will be released in a subsequent leak.
Daily Dark WebRead More
T1
