CyberSecurityBoard
Sponsor Register Login

Kali Linux warns of update failures after losing repo signing key

​Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures. This isn't the first time Kali Linux users have had to manually update their keyring to avoid having update issues. The announcement comes after OffSec lost the old repo signing key (ED444FF07D8D0BF6) and was forced to create a new one (ED65462EC8D5E4C5) signed by Kali Linux developers using signatures available on the Ubuntu OpenPGP key server. While OffSec didn't share the date when it realized the key was lost, the company added that the Kali Linux repo was frozen on February 18th. In February 2018, Kali devs also let the GPG key expire and asked users to update the new key manually. Those who don't trust manually updating the keyring can also reinstall Kali on their systems using images updated with the new keyring. Sucks for you, but at least you can manually update," the Kali team said at the time. "If you don't update Kali regularly (*cough*), then your archive-keyring package is outdated, and you'll get key mismatches when working with our repositories.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 28 Apr 2025 16:40:00 +0000


Cyber News related to Kali Linux warns of update failures after losing repo signing key

Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More! - As 2023 draws to a close, Kali Linux enthusiasts are in for a treat with the latest release, Kali Linux 2023.4. Packed with innovative features and improvements, this update focuses on expanding platform support and refining existing capabilities. ...
1 year ago Hackread.com
Kali Linux 2023.4 released with GNOME 45 and 15 new tools - Kali Linux 2023.4, the fourth and final version of 2023, is now available for download, with fifteen new tools and the GNOME 45 desktop environment. Kali Linux is a Linux distribution created for ethical hackers and cybersecurity professionals to ...
1 year ago Bleepingcomputer.com
Kali vs. ParrotOS: 2 versatile Linux distros for security pros - Let's examine and compare these two security and privacy distros to help you decide which - Kali Linux vs. ParrotOS - is best for your use case. Kali Linux, focusing on penetration testing, audits and forensics, is one of the industry's best-known ...
1 year ago Techtarget.com
Kali Linux warns of update failures after losing repo signing key - ​Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures. This isn't the first time Kali Linux users have had to manually update their keyring to avoid having update ...
1 month ago Bleepingcomputer.com
Kali Linux 2023.4 Released - Kali Linux 2023.4, the latest version of Offensive Security's renowned operating system, has been released, and it includes the advanced Gnome 45 desktop environment and 15 new tools, with enhancements to existing ones. Kali Linux is a Linux ...
1 year ago Gbhackers.com
Kali Linux Warns that Update Process is Going to Fail for All Users - For users who prefer starting with a clean system, Kali Linux has updated all its distribution images to include the new keyring. Kali Linux users worldwide are facing an imminent disruption as the security-focused distribution has announced that the ...
1 month ago Cybersecuritynews.com
Kali Linux 2025.1a New Tool & Upates to Desktop Environments - Continuing the tradition of annual theme updates with the year’s first release, Kali Linux 2025.1a boasts a modern interface with enhancements to the boot menu, login screen, and desktop wallpapers for both Kali and Kali Purple editions. With ...
3 months ago Cybersecuritynews.com
Beware of Expired or Compromised Code Signing Certificates - One of the vital security measures taken in this direction is the use of code signing certificates to prove software authenticity, integrity and security. Code signing certificates, used for digitally signing applications and software, are an ...
1 year ago Securityboulevard.com
Kali Linux 2025.1a released with 1 new tool, annual theme refresh - Kali Linux has released version 2025.1a, the first version of 2025, with one new tool, desktop changes, and a theme refresh. With the year's first version, the Kali Team introduces a theme update consisting of new wallpapers and changes to the boot ...
3 months ago Bleepingcomputer.com
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago
Signing Executables With Azure DevOps - This signing tool is compatible with all major executable files and works impeccably with all OV and EV code signing certificates. It's mostly used with Azure DevOps due to the benefit of Azure Key Vault. Here, you will undergo the complete procedure ...
1 year ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
Microsoft Trust Signing service abused to code-sign malware - Recently, cybersecurity researchers have seen threat actors utilizing the Microsoft Trusted Signing service to sign their malware with short-lived, three-day code-signing certificates. A cybersecurity researcher and developer known as 'Squiblydoo,' ...
3 months ago Bleepingcomputer.com
Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! - Please turn on your JavaScript for this page to function normally. OffSec has released Kali Linux 2023.4, the latest version of its penetration testing and digital forensics platform. Enum4linux-ng - Next generation version of enum4linux with ...
1 year ago Helpnetsecurity.com
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
8 months ago Aws.amazon.com
Product showcase: Protect digital identities with Swissbit's iShield Key Pro - In today's fast-paced business world, protecting digital identities and optimizing daily workflows are crucial. The iShield Key Pro series from Swissbit addresses these challenges by offering top-notch security combined with effortless usability. ...
11 months ago Helpnetsecurity.com
CVE-2025-47278 - Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is ...
1 month ago
CVE-2022-24731 - Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write ...
3 years ago
Microsoft Boosts MSA Signing Service Security on Azure Following Storm-0558 Breach - “We have applied new defense-in-depth protections, migrated the Microsoft Account (MSA) signing service to run on Azure confidential VMs, and we are migrating the Entra ID signing service to Azure confidential VMs,” states the report, ...
2 months ago Cybersecuritynews.com
CVE-2023-47640 - DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level ...
5 months ago
CVE-2009-3874 - Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary ...
6 years ago
CVE-2024-27916 - Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who ...
1 year ago
CVE-2024-27093 - Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not ...
1 year ago
CVE-2025-24363 - The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or ...
4 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)