Do Son 
The Offensive Security team has issued a warning to Kali Linux users regarding potential system update failures—preventable only by manually installing a new repository signing key. The cause of the disruption lies in the loss of the previous key, compelling developers to urgently generate and deploy a replacement.
The former repository signature, identified as ED444FF07D8D0BF6, is no longer in use. In its place, the team has created a new key—ED65462EC8D5E4C5—signed by Kali Linux developers and uploaded to the Ubuntu public keyserver. Although the old key was lost, it was not compromised, and thus remains within the keyring without being revoked.
The issue manifests when users attempt to fetch updates on systems still relying on the outdated key, encountering an error indicating the inability to verify the signature due to the missing ED65462EC8D5E4C5 key. While the exact date of the key loss has not been disclosed, the team noted that the repository was frozen on February 18, and no updates have been published since.
In their statement, the developers acknowledged that within days, nearly all Kali Linux installations would face update failures. They accepted full responsibility, explaining that access to the signing key had been lost, and emphasized that the incident affects all users without exception. As a precaution, the publication of new packages was temporarily suspended until the new key could be generated and distributed.
The repository will be thawed this week and signed with the new key. To avoid update errors, users are advised to manually download and install the updated key using the following command: sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg
Offensive Security has also provided instructions for verifying the file’s checksum and inspecting the key contents to ensure authenticity. Alternatively, users may opt to reinstall the system using updated ISO images that already incorporate the new key.
As one of the principal tools for cybersecurity professionals, Kali Linux is subject to particularly stringent requirements regarding update management. This disruption in key infrastructure serves as a stark reminder of the critical importance of even the most seemingly routine elements of security.
