Note: Swipe left on the report content to view the event timeline, historical background, technical details, and quick Q&A information.
Offensive Security Releases Kali Linux 2025.3 with 10 New Tools
Offensive Security has released Kali Linux 2025.3, which includes ten new tools, enhanced Wi-Fi capabilities (including restored Nexmon support), desktop adjustments, and platform updates.
This version improves the Xfce VPN-IP panel, restores monitoring/injection capabilities on Broadcom and Cypress chipsets (including the onboard Wi-Fi of Raspberry Pi 5), and follows Debian’s lead by dropping ARMel support for devices like Raspberry Pi 1 and Zero W, focusing instead on 64-bit ARM images.
The release date was September 23, 2025.
Event Timeline
❶ September 23, 2025 Offensive Security releases Kali Linux 2025.3.
❷ September 2025 Nexmon Wi-Fi monitoring/injection support is restored in Kali 2025.3.
❸ September 2025 Kali drops ARMel support (e.g., Raspberry Pi 1 and Zero W).
Historical Background
Kali Linux is a Debian-based distribution maintained by Offensive Security, widely used for penetration testing, reverse engineering, and digital forensics, provided in a rolling release format. As Debian gradually phases out old architectures, Kali’s decision to drop ARMel in 2025.3 follows this trend, prioritizing newer 64-bit ARM targets.
Did you know?
One of the new tools in Kali 2025.3, Caido, focuses on web security auditing tasks — a convenient addition to the existing web testing tools in the distribution.
Technical Details
Nexmon Monitoring/Injection:Nexmon re-enables packet monitoring and frame injection capabilities for Broadcom and Cypress Wi-Fi chipsets — key features for wireless auditing — now available in 2025.3 with the onboard adapter of Raspberry Pi 5.
ARMel vs ARM64:ARMel refers to the old 32-bit ARM targets used by devices like Raspberry Pi 1 and Zero W, which Kali no longer supports in 2025.3 as the project shifts to 64-bit ARM images for better performance and longevity.
AI-Assisted Tools:New tools like Gemini CLI and llm-tools-nmap integrate AI into workflows for web tasks and network discovery/scanning, reflecting the growing application of AI in accelerating security operations.
Quick Q&A
Which Raspberry Pi models lost Kali support in 2025.3?Raspberry Pi 1 and Raspberry Pi Zero W (and similar ARMel boards) are no longer supported.
Which Wi-Fi hardware benefits from the new enhancements?Broadcom and Cypress chipsets (including the onboard Wi-Fi of Raspberry Pi 5) gain monitoring and injection capabilities through the restored Nexmon support.
Name two of the ten new tools added in Kali 2025.3.Examples include Caido, Gemini CLI, Krbrelayx, and llm-tools-nmap.
Linux 6.18 to Add DualSense Audio Jack Handling
Linux kernel 6.18 will include proper handling of the audio jack on the Sony PlayStation DualSense controller, a change that has been queued in the HID subsystem’s hid-next tree ahead of the merge window.
During the same cycle, patches providing haptic touchpad support are also intended for Linux 6.18.
Additionally, a Reddit user reported that the 8BitDo Ultimate 2 works on Linux via Bluetooth, with its 2.4 GHz dongle providing 1000 Hz polling and a latency of about 1 millisecond on EndeavourOS.
Event Timeline
❶ Ahead of the Linux 6.18 merge window DualSense audio jack handling has been queued in the hid-next tree.
❷ Same development cycle Patches providing haptic touchpad support are intended for Linux 6.18.
Historical Background
The HID subsystem of Linux regularly queues device support updates in the “hid-next” tree before merging them into new kernel versions, and improvements for DualSense audio jack handling are queued there for 6.18. Recent work on DualSense in Linux also includes a patch for haptic touchpad support planned for the same version, continuing the kernel’s steady expansion of game controller support.
Did you know?
Kernel device updates (for input hardware) are queued through subsystem trees like “hid-next” before each merge window, and the changes for the DualSense audio jack are currently sitting there.
Technical Details
hid-next Tree:hid-next is an integration branch of the Linux HID subsystem, where new device support changes are queued before the kernel merge window; it currently includes the DualSense audio jack handling planned for 6.18.
DualSense Audio Jack Handling:This update provides proper handling of the audio jack on the DualSense controller in Linux 6.18, improving the kernel’s interface with the controller’s audio functionality.
Polling Rate and Latency:A user reported that the 8BitDo Ultimate 2’s 2.4 GHz dongle runs at 1000 Hz polling with a latency of about 1 millisecond — useful for more responsive input than Bluetooth.
Quick Q&A
In which kernel branch were the changes for the DualSense audio jack saved before release?In the HID subsystem’s hid-next tree, prior to Linux 6.18.
Are other DualSense features being improved in Linux 6.18?Yes, patches for haptic touchpad support are also queued for 6.18.
Which connection method provides lower latency for the 8BitDo Ultimate 2 on Linux?A user reported that the 2.4 GHz dongle running at 1000 Hz polling (about 1 millisecond) outperforms Bluetooth.
GE-Proton 10-17 Fixes Warframe on Linux
GE-Proton 10-17 has been released, fixing Warframe, just days after version 10-16, aimed at improving compatibility for Windows games on Linux, SteamOS, and Steam Deck.
GamingOnLinux notes that this update may also benefit other games.
Historical Background
Valve’s Proton brings mainstream Windows game compatibility to Linux by combining Wine with a graphics translation layer, allowing many games to run without native ports. Community variants like GE-Proton often bundle updated patches and tweaks between official Proton releases to address specific game issues and regressions more quickly.
Technical Details
Proton (Compatibility Layer):Proton is based on Wine and translation tools (like DXVK), allowing Windows games to run on Linux by translating Windows API and DirectX calls to their Linux-native equivalents.
Custom Proton Builds:Community builds like GE-Proton integrate upstream fixes and specific game patches faster than official versions, helping to resolve specific game bugs.
Quick Q&A
Which game is explicitly fixed in GE-Proton 10-17?Warframe is explicitly mentioned as fixed in this update.
Which platforms benefit from GE-Proton 10-17?It aims to improve compatibility for Windows games on Linux, SteamOS, and Steam Deck.
SUSE Adds Official NVIDIA CUDA Support
SUSE has announced in collaboration with NVIDIA that the NVIDIA CUDA toolkit is now officially available through SUSE repositories on the SUSE platform, simplifying installation for GPU users.
Community reports indicate that continuous updates will keep pace with NVIDIA’s latest CUDA packages.
This move coincides with Ubuntu’s recent addition of official CUDA packages to its archives.
Event Timeline
❶ Not specified in sources SUSE announces official CUDA availability through SUSE repositories.
Historical Background
CUDA is NVIDIA’s parallel computing platform and programming model, widely used for GPU-accelerated workloads in AI, HPC, and graphics. Linux users typically install CUDA from NVIDIA’s own repositories or manual installers, which can introduce dependency complexities compared to distribution-native packages. Recently, Ubuntu added official CUDA packages to its archives; SUSE’s move today reflects a broader trend of integrating CUDA directly into major distribution repositories.
Did you know?
SUSE describes the new CUDA support as a result of “close collaboration” with NVIDIA, emphasizing a smoother developer experience on SUSE systems.
Technical Details
CUDA Toolkit:The CUDA toolkit bundles compilers, libraries, and tools for building GPU-accelerated applications; packaging by the distribution reduces setup friction for developers.
Distribution Repositories:Distributing CUDA through SUSE’s repositories allows for direct installation and continuous updates, keeping pace with NVIDIA’s latest versions, enhancing maintainability for enterprises and labs.
Quick Q&A
Which SUSE versions are covered?This change applies to all SUSE platforms, including SUSE Enterprise Linux.
How will CUDA updates be delivered on SUSE?CUDA packages in the SUSE repositories will receive continuous updates to stay aligned with NVIDIA’s latest versions.
How does this compare to Ubuntu?It coincides with Ubuntu’s recent addition of official CUDA packages to its archives, providing similar distribution-native installation and updates.
KDE Releases Alpha Version of Immutable Linux Based on Arch
KDE has released the Alpha version of “KDE Linux,” an immutable operating system based on Arch, announced at the Akademy conference.
This Alpha version is intended for testing by developers and advanced users, while regular users are advised to wait before installation.
The distribution is made by the developers of the KDE Plasma desktop and applications, with at least one early hands-on article expressing strong enthusiasm after testing.
Event Timeline
❶ Akademy (date not specified in source) KDE Linux Alpha version announced at Akademy conference.
❷ September 24, 2025 Early hands-on articles praise the new distribution.
Historical Background
KDE has been dedicated to developing the Plasma desktop environment and a multitude of applications for decades, serving as a pillar of the Linux desktop ecosystem. Akademy is KDE’s long-standing annual conference where contributors gather, and project news is often announced.
Did you know?
“KDE Linux” is explicitly described as a distribution made by the KDE Plasma developers.
Technical Details
Immutable Operating System:Immutable operating systems keep core system files read-only to enhance reliability and consistency; KDE Linux adopts this model as its defining feature.
Arch-Based Foundation:Being based on Arch means this distribution builds on the ecosystem and tools of Arch Linux, aligning it with the rolling release cadence favored by many advanced users.
KDE Plasma Integration:This distribution is made by the team behind KDE (Plasma and its applications), meaning tight integration and a showcase environment for KDE technologies.
Quick Q&A
What stage is KDE Linux currently in?It is in the Alpha stage, intended for early testing by developers and advanced users.
How does KDE Linux differ from many other distributions?It is both based on Arch and designed as an immutable operating system, which is the emphasized combination at its release.
Who is making KDE Linux?It is made by the developers of the KDE Plasma desktop and its related applications.
GitHub Mandates npm to Implement 2FA and Short-Lived Tokens
GitHub has announced upcoming changes to npm releases that will require two-factor authentication (2FA) and introduce short-lived access tokens to curb supply chain attacks, following recent incidents including the Shai-Hulud malware wave.
The Shai-Hulud worm payload infected over 500 packages and leaked numerous secrets this month, prompting measures to address token abuse issues and secure local releases through mandatory 2FA.
GitHub states that these updates will be rolled out “in the near future.”
Event Timeline
❶ September 2025 Phishing attacks compromised popular code packages.
❷ September 2025 The Shai-Hulud worm compromised over 500 packages and many secrets.
❸ Late September 2025 GitHub announces mandatory 2FA and short-lived tokens for npm releases.
Historical Background
npm, operated by GitHub, is the central registry for JavaScript and Node.js packages, used by millions of developers and countless applications. In September 2025, a phishing attack and the Shai-Hulud self-replicating worm infected over 500 packages and leaked secrets, heightening concerns about software supply chain defenses in the npm ecosystem.
Did you know?
The Shai-Hulud attack not only tampered with packages but also exposed many embedded secrets during its spread.
Technical Details
Two-Factor Authentication (2FA):2FA requires a second verification factor (e.g., app code or key) during login or publishing, significantly reducing the risk of password theft and account compromise in the npm release workflow.
Short-Lived Access Tokens:Time-limited, narrowly scoped tokens limit the time and scope of potential abuse from compromised tokens, addressing the issue of overly permissive credentials in the npm ecosystem.
Self-Replicating Malware (Shai-Hulud):A worm-like payload that spreads between packages and projects; in npm, it led to over 500 packages being compromised and secrets leaked, exacerbating supply chain exposure.
Quick Q&A
What changes are happening to npm authentication?GitHub will require 2FA for publishing and shift to short-lived, lower-permission tokens while providing options for secure local releases and extended trusted publishing.
What triggered these npm security updates?Recent supply chain events, particularly the Shai-Hulud self-replicating malware that compromised over 500 packages and exposed keys, along with phishing activities targeting maintainers.
When will the new requirements take effect?GitHub states these changes will come “in the near future,” with a specific timeline to be announced later.
ByteDance and Multikernel Propose Support for Linux Multikernel
Multikernel Technologies has submitted an RFC to the Linux kernel mailing list aimed at allowing multiple independent Linux kernels to run simultaneously on the same machine, each with its own core, processes, and memory while sharing hardware resources.
Additionally, ByteDance has introduced “Parker,” a similar approach aimed at running multiple kernels on the same system simultaneously.
The Multikernel proposal emphasizes inter-kernel communication through a dedicated IPI framework and kernel management via existing kexec infrastructure to start or stop kernel instances without a full reboot.
Historical Background
For a long time, Linux has adopted a monolithic kernel architecture, where most core services run as a single large program in kernel space. The Multikernel proposal builds on existing Linux kexec capabilities — long used for fast kernel switching — by leveraging them to load, track, and manage multiple kernel images in parallel.
Did you know?
Multikernel Technologies has stated that they will release an explanatory video to guide developers on how the system works.
Technical Details
Multikernel Isolation:Each kernel is assigned dedicated CPU cores and manages its own processes and memory, reducing interference between workloads and improving system reliability.
Inter-Kernel IPI:A dedicated IPI framework allows independent kernels to coordinate tasks and exchange data, enabling collaboration when needed while maintaining independence.
kexec-Based Management:Using existing kexec infrastructure, the system can load and control multiple kernel images, starting/stopping them without a full reboot, enhancing flexibility and uptime.
Quick Q&A
Who proposed “Parker,” and what does it do?ByteDance proposed Parker as a way to run multiple Linux kernels simultaneously on the same hardware.
How do multiple kernels communicate in a multikernel design?They use a dedicated inter-processor interrupt (IPI) framework for coordination and information exchange.
Can kernels be started or stopped without rebooting the entire system?Yes, the proposal utilizes existing kexec infrastructure to load, track, and start/stop kernel instances without a full reboot.
OBS Studio 32.0 Adds Plugin Manager, Hybrid MOV
OBS Studio 32.0 has been released, introducing a basic plugin manager, NVIDIA RTX audio upgrades, and hybrid MOV/MP4 recording options.
This update also brings better PipeWire support on Linux, an experimental Metal renderer on Apple Silicon, and optional crash log upload features on Windows and macOS to help developers fix issues faster.
Historical Background
OBS Studio is a free, open-source, cross-platform recording and live streaming application widely used by creators, supporting plugins and advanced encoding options. Version 32.0 builds on this foundation by introducing the project’s first in-app plugin manager and expanding cross-platform recording and capture capabilities.
Technical Details
Hybrid MOV/MP4 Container:Hybrid MOV/MP4 refers to using the MOV container to house different codecs: OBS 32.0 supports ProRes on macOS and HEVC/H.264 (with PCM audio) across all platforms; the container encapsulates audio/video streams while the codecs compress them.
Metal Renderer (Apple Silicon):Metal is Apple’s low-overhead graphics API; OBS 32.0 introduces experimental Metal renderer support on Apple Silicon to improve rendering performance and efficiency in macOS workflows.
PipeWire Capture (Linux):PipeWire is a Linux multimedia framework for audio/video routing; OBS 32.0 improves PipeWire video capture and format selection, helping to reduce friction in Linux recording setups.
Quick Q&A
Does the new plugin manager include a built-in updater?No; it currently lists and enables/disables installed plugins but cannot update them from within the application.
What codecs does hybrid MOV support?ProRes on macOS and HEVC/H.264 (with PCM audio) across all platforms.
What new features does version 32.0 bring for Linux users?Improved PipeWire video capture and better format selection make recording smoother on Linux systems.
Elementary OS 8.0.2 Released with Linux 6.14
Elementary OS 8.0.2 has been released and is available for download, bringing an updated stack to the Ubuntu-based distribution.
This update includes the Linux 6.14 kernel, updated GPU drivers, general fixes, and better accessibility features.
This is also the last minor update before the next major version expected to be released by the end of 2025.
Historical Background
Elementary OS is built on Ubuntu, combining a curated set of applications with its own design language to provide a consistent desktop experience. The project follows point releases to ensure stability, and 8.0.2 is marked as the last minor update before a larger upgrade cycle resumes at the end of 2025.
Technical Details
Linux 6.14 Kernel:The 6.14 version upgrades the core operating system to a newer kernel, which typically means broader hardware compatibility, security fixes, and performance improvements for supported devices.
GPU Driver Updates:Updated graphics drivers can improve support for new GPUs, resolve rendering issues, and enhance performance for desktop and application workloads.
Accessibility Improvements:Enhancements aimed at improving accessibility can assist users who rely on assistive tools and clearer interactions, aligning with inclusive design goals in modern desktops.
Quick Q&A
What kernel version does elementary OS 8.0.2 include?It includes the Linux 6.14 kernel.
What other changes are there in 8.0.2 besides the kernel?This update adds updated GPU drivers, general fixes, and better accessibility features.
When is the next major version of elementary OS expected to be released?The next major version is expected to be released by the end of 2025.
Larian Releases Native Version of Baldur’s Gate 3 for Steam Deck
Larian Studios has released a native version of Baldur’s Gate 3 for Linux, optimized for the Steam Deck, as part of hotfix patch 34 aimed at improving the handheld experience.
This update also targets performance stability, reducing frame rate drops in busy areas of Chapter 3 (such as the City of Whispering).
While official support is limited to the Steam Deck, Linux desktop users report that the version runs and provides performance boosts in CPU-intensive scenarios.
Event Timeline
❶ 2023 Baldur’s Gate 3 released to players.
❷ September 2025 Hotfix patch 34 adds a native version for Steam Deck.
❸ September 2025 Users share benchmarks of the native version on desktop Linux against Proton, noting an average FPS boost of about 14% in CPU-limited areas.
Historical Background
The Steam Deck runs the Linux-based SteamOS operating system, typically relying on Proton (a compatibility layer) to run Windows games. Baldur’s Gate 3 has been playable on the Deck via Proton since its release, but this update provides a version compiled natively for Linux/SteamOS. The native version can reduce the overhead of compatibility layers, potentially improving CPU-limited performance and responsiveness.
Did you know?
This update specifically targets frame rate drops in the busy area of Chapter 3, the City of Whispering, not just on the Steam Deck but across all platforms.
Technical Details
Native Linux Version:A version compiled for Linux/SteamOS that runs without Proton, aimed at improving performance and integration on the Steam Deck.
Frame Rate Drops:Frame delivery stability briefly drops; hotfix patch 34 specifically aims to reduce such drops in busy areas of Chapter 3 (like the City of Whispering).
Quick Q&A
Is the native Linux version officially supported on desktop Linux?No — Larian’s FAQ states that only Steam Deck is officially supported, but users report it can also run on desktop Linux.
What performance changes have users observed?One user found that the native version provided an average FPS boost of about 14% in CPU-intensive scenarios compared to Proton, while performance in GPU-limited scenarios remained similar; the hotfix also reduced frame rate drops in busy areas of Chapter 3 across all platforms.
Zorin OS 18 Beta Open for Public Testing
Zorin OS has released the 18 beta for public testing, introducing a refreshed desktop design, smarter tiling, tighter OneDrive integration through online accounts, and an upgrade to the Linux 6.14 kernel, bringing hardware and performance improvements.
This version will receive long-term support until April 2029.
This release also targets Windows migration users, as Windows 10 will cease support on October 14, 2025.
Event Timeline
❶ September 2025 Zorin OS 18 beta released for public testing.
❷ October 14, 2025 Windows 10 officially ceases support.
Historical Background
Zorin OS has long positioned itself as an accessible, Ubuntu-based distribution aimed at making users coming from Windows or macOS feel at home. The release of the Zorin OS 18 beta coincides with the impending end of support for Windows 10 on October 14, 2025, which may prompt many users to consider alternative operating systems.
Did you know?
The Zorin OS 18 beta debuts a floating panel layout and rounded windows, bringing a lighter, more modern look.
Technical Details
Linux Kernel 6.14:This kernel brings updated hardware support, faster encryption performance, and CPU-specific optimizations for modern AMD and Intel processors, enhancing responsiveness and compatibility.
Online Account Integration:Linking Microsoft OneDrive through online accounts allows cloud files to be displayed directly in the file application, simplifying setup for users migrating from the Windows ecosystem.
Desktop User Experience Changes:Floating panels, rounded corners, lighter themes, and smoother animations aim to simplify navigation and visual clarity for the system and core applications.
Quick Q&A
What kernel does Zorin OS 18 beta use?It uses the Linux 6.14 kernel, featuring hardware and performance enhancements.
How long will Zorin OS 18 be supported?This version will receive long-term support until April 2029.
Why is this beta timely for Windows users?Windows 10 will cease support on October 14, 2025, prompting some users to evaluate alternatives.
Malicious Rust Crate Steals Crypto Keys, 8,424 Downloads
Cybersecurity researchers have reported two malicious Rust crates — faster_log and async_println — on crates.io that impersonate legitimate logging libraries and attempt to steal Solana and Ethereum wallet keys from source code.
These packages were published on May 25, 2025, by accounts using the aliases rustguruman and dumbnbased, with a total of 8,424 downloads.
This incident highlights the software supply chain risks developers face when integrating third-party crates.
Event Timeline
❶ May 25, 2025 Malicious crates faster_log and async_println published on crates.io.
❷ September 2025 Total downloads reported at 8,424.
Historical Background
Open-source package registries like crates.io allow community contributions, fostering innovation but also creating opportunities for malicious uploads if maintainers do not conduct thorough reviews. Attackers repeatedly exploit typos or similar naming across ecosystems (e.g., npm, PyPI) to trick developers into installing harmful packages, making dependency hygiene and verification critical practices.
Did you know?
Both malicious crates were uploaded on the same day (May 25, 2025) by accounts using the aliases rustguruman and dumbnbased.
Technical Details
Rust Crate:A Rust crate is a Rust code package distributed via crates.io; using third-party crates can accelerate development, but if a crate is compromised or malicious, it introduces supply chain risks.
Impersonation / Typos:Attackers use names similar to legitimate libraries (like fast_log) to gain developers’ trust, a common supply chain technique for spreading malicious code.
Wallet Key Theft:These crates attempt to locate and steal Solana and Ethereum wallet keys from source code, threatening direct asset theft if secrets are stored in repositories or configuration files.
Quick Q&A
Which crates were flagged as malicious, and what were their targets?These packages are faster_log and async_println, which attempt to steal Solana and Ethereum wallet keys from source code repositories.
How many downloads occurred, and when were these packages published?These two packages had a total of 8,424 downloads and were published on May 25, 2025, by accounts using the aliases rustguruman and dumbnbased.