Kali Linux 2026.2 trims VM boot times, refreshes its desktops

Penetration testers who run Kali Linux inside virtual machines boot their systems faster after the 2026.2 release. The change comes from a decision about graphics firmware, the code that drives NVIDIA, AMD, and Intel GPUs. That firmware has grown large enough to slow the early stages of startup, and few virtual machines need it.

Kali images traditionally shipped with a broad set of firmware so hardware worked out of the box. Graphics firmware alone now reaches almost 300 MB. Parts of it load very early in startup, which placed them in the initrd, the small system the kernel reads at boot.

A heavier initrd slows startup and can crowd a small /boot partition. The Kali initrd had climbed to around 200 MB.

Pre-built VM images now omit graphics firmware, and the installer detects a virtual machine and skips that firmware during setup. The initrd for VM users drops to 60 MB, and boot time on a QEMU virtual machine running on a Linux host falls to roughly a third. Baremetal installs keep all the graphics firmware.

New desktop versions

Every other Kali release brings a major desktop update, and this cycle covers GNOME and KDE Plasma. GNOME moves to version 50. Its file manager gained optimizations that speed thumbnail and icon loading, improve responsiveness, and lower memory use. The desktop adds accessibility features through a new preferences window, screen reader tweaks, and automatic language switching. The Document Viewer app supports annotations, so users can add notes and highlights to documents.

KDE Plasma reaches version 6.6 with a focus on usability and accessibility. A new on-screen keyboard improves the experience on touch devices. The Spectacle screenshot utility can recognize and extract text from screenshots, putting OCR on the desktop. Plasma also adds color-vision options, Zoom and Magnifier improvements, Slow Keys support on Wayland, and the standardized Reduced Motion setting.

More consistent service helper scripts

Many Kali tools depend on a background service, and their helper scripts now behave the same way across packages. A script can start or stop the service, check whether it already runs, show its status, display any default credentials, and point to a web UI by opening the URL in the browser. Kali packages that include a service use a tool-start and tool-stop naming pattern for their commands.

A new APT sources format

Kali retires the long-standing /etc/apt/sources.list file in favor of /etc/apt/sources.list.d/kali.sources. The new file uses the deb822 style, which spreads the repository definition across labeled fields such as Types, URIs, Suites, and Components. Fresh installs receive the new format. Existing systems continue with the old file, which works the same way, and a future APT version will warn when the old file is in use and recommend the new one. Debian and its derivatives are making the same shift, and Kali follows that course.

Reboots for polkit and xrdp

Two package updates call for a system reboot. The polkitd update requires one, and GUI applications started as root will fail with cryptic errors until the reboot happens. The hint appears in the upgrade logs, buried among other output. Users who need to restore root application access afterward can enable the polkit-agent-helper socket.

The xrdp and xorgxrdp packages move to the v0.10 series, and xrdp users need a reboot after the upgrade. People who run Kali in Hyper-V with Enhanced Session Mode count as xrdp users. Some report that xrdp stops working after the upgrade, and toggling Hyper-V Enhanced Session Mode off and on through kali-tweaks can restore it.

Kernel 6.19, with 7.0 available

Kali ships with the 6.19 kernel this release. Recent vulnerability disclosures, among them Copy Fail and Dirty Frag, supported moving to the newest kernel. The 7.0 kernel showed incompatibility with the NVIDIA DKMS drivers in Debian. The team chose 6.19 to keep NVIDIA users working and placed the 7.0 kernel in kali-experimental for anyone who wants it.

Nine new tools and NetHunter work

The release adds nine tools to the network repositories. They include arsenal-ng, a Go command library carrying a couple hundred cybersecurity cheat-sheets; legba, a multiprotocol credentials bruteforcer; oletools for analyzing MS Office documents; shell-gpt, a command-line tool powered by large language models; and tailscale for secure connectivity. The hydra-gtk GUI returns as well.

On mobile, the NetHunter app launches instantly and gains an EvilTwin Wi-Fi fake access point tab. The release begins a wave of Qcacld-3.0 injection support, bringing packet injection to devices such as the OnePlus 7, POCO X3 Pro, and Xiaomi Mi A3. Kali also welcomed its first mirror in Africa, hosted in South Africa.

Must read:

• 25 open-source cybersecurity tools that don’t care about your budget
• GitHub CISO on security strategy and collaborating with the open-source community

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!