First, try to use something like Private Internet Access to get a route outside of Xfinity. They seem to do DNS interception and change the IPs of what you want to access. You might be able to get away with editing the /etc/hosts file in the Kali WSL to use 192.99.200.113 for "http.kali.org" and 104.189.102.100 and 104.18.103.100 for "kali.download". If you run nslookup http.kali.org and it comes back 96.118.22.105 they're using parental controls to redirect you to their website to tell you that you are doing something you shouldn't.

My /etc/apt/sources.list:
└─# more sources.list
deb http://http.kali.org/kali kali-rolling main non-free contrib

No VPN and connected to XFinity:

└─# apt update
Ign:1 http://http.kali.org/kali kali-rolling InRelease
Err:2 http://http.kali.org/kali kali-rolling Release
404 Not Found [IP: 96.118.22.105 80]
Reading package lists... Done
E: The repository 'http://http.kali.org/kali kali-rolling Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

└─# nslookup http.kali.org 75.75.75.75
Server: 75.75.75.75
Address: 75.75.75.75#53

Non-authoritative answer:
http.kali.org canonical name = high-xdns.xfinity.com.
high-xdns.xfinity.com canonical name = xdns-high-gslb.gslb2.comcast.com.
Name: xdns-high-gslb.gslb2.comcast.com
Address: 96.118.22.115


Connected to Private Internet Access:

└─# apt update
Get:1 http://kali.download/kali kali-rolling InRelease [30.6 kB]
Get:2 http://kali.download/kali kali-rolling/main amd64 Packages [18.2 MB]
Get:3 http://kali.download/kali kali-rolling/non-free amd64 Packages [206 kB]
Fetched 18.4 MB in 2s (7,613 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
74 packages can be upgraded. Run 'apt list --upgradable' to see them.

└─# nslookup http.kali.org
Server: 10.0.0.243
Address: 10.0.0.243#53

Non-authoritative answer:
http.kali.org canonical name = hebe.kali.org.
Name: hebe.kali.org
Address: 192.99.200.113

If it's past 2022 and you need GPG to import a new key for Kali/apt, perform the below. I had imported a new GPG key first and then used my Private Internet Access VPN, which showed the nslookup results gave different IPs.

Install Ubuntu 20.04LTS, login and get to a command prompt. Navigate to \\wsl$\Ubuntu in file explorer and \\wsl$\kali-linux in a copy of the explorer window. You'll need to copy some files over from the Ubuntu distro in order to update the GPG key for Kali to run updates.

For WSL:

1. navigate to \\wsl$\Ubuntu\usr\lib\x86_86-linux-gnu and copy the following libraries (on the right side). Make sure to sudo ln -s. Right side is filename, the left side is the symlink file.
libsqlite3.so.0 -> libsqlite3.so.0.8.6
libassuan.so.0 -> libassuan.so.0.8.3
libksba.so.8 -> libksba.so.8.11.6
libnpth.so.0 -> libnpth.so.0.1.2
2. copy the \\wsl$\ubuntu\usr\bin\ files to \\wsl$\kali\usr\bin and chmod 755 the files:
gpg*
dirmngr*

3. gpg --keyserver pgpkeys.mit.edu --recv-key ED444FF07D8D0BF6
4. Connect to VPN.
5. sudo apt-get update