← Back to Blog
Security Briefing4 min read2026-06-03

Security Briefing, June 3 2026: Microsoft Defender KEV Deadline, Android Zero-Day Patches, GitHub Enterprise RCE Gap, and the Grindr Leak

Today’s common thread is the gap between “a fix exists” and “the fix is actually applied.” Two exploited Defender flaws hit a federal patch deadline, Android closes an in-the-wild bug, a GitHub backend RCE still sits unpatched on most self-hosted instances, and an identity leak reminds everyone that exposed data outlives any single patch cycle.


Top line: meet the CISA KEV deadline for the two Microsoft Defender CVEs, push the June Android update to close the actively exploited Framework bug, patch GitHub Enterprise Server against CVE-2026-3854 if you are in the 88% that has not, and treat the alleged Grindr leak as a credential-rotation and account-takeover problem, not just a privacy headline.


1. Two exploited Microsoft Defender flaws hit a CISA KEV deadline today

CISA added CVE-2026-41091 and CVE-2026-45498 to its Known Exploited Vulnerabilities catalog, with a remediation deadline of June 3, 2026 for federal civilian agencies. CVE-2026-41091 (CVSS 7.8) can let an attacker gain SYSTEM privileges, while CVE-2026-45498 (CVSS 4.0) is a denial-of-service bug affecting Defender. A KEV listing is the clearest signal there is that exploitation is real, not theoretical.


2. Android’s June update closes an actively exploited privilege-escalation bug

Google’s June 2026 Android update addresses 124 vulnerabilities, including a high-severity Framework flaw, CVE-2025-48595 (CVSS 8.4), that is under active exploitation and allows privilege escalation without user interaction. No-interaction escalation is the most dangerous kind because it removes the “don’t tap the link” advice as a control.


3. A GitHub backend RCE is patched upstream but still open on most self-hosted servers

Wiz-disclosed CVE-2026-3854 was a critical remote code execution flaw in GitHub’s internal Git infrastructure: an authenticated user could run arbitrary commands on backend nodes with a single git push, and those nodes had access to millions of public and private repositories. GitHub.com was fixed the day it was reported and found no in-the-wild abuse, but at public disclosure roughly 88% of GitHub Enterprise Server instances were still unpatched.


4. The alleged Grindr leak is an identity and account-takeover problem

A data leak reported on June 3, 2026 allegedly exposes Grindr user passwords and location data. Even unconfirmed, exposed credentials and precise location history are high-impact: passwords get reused across services, and location data creates real-world safety and extortion risk for a sensitive user base.


What security teams should do before lunch

  1. Verify Defender versions and meet the CISA KEV deadline for CVE-2026-41091 and CVE-2026-45498.
  2. Push the June Android update to managed devices to close the exploited Framework bug.
  3. Patch GitHub Enterprise Server against CVE-2026-3854 and isolate backend Git nodes.
  4. Force credential rotation and MFA where the Grindr leak overlaps your users or reused passwords.

Sources


Bottom line: today’s risk is not a lack of fixes — it is patch latency and irreversible exposure. KEV deadlines, mobile updates, and self-hosted backends only protect you once applied, and leaked identity data never gets un-leaked.

Find the patch gaps and exposed surfaces before attackers do

KENSAI helps teams spot unpatched edge software, exposed self-hosted infrastructure, weak identity flows, and reused-credential risk across their attack surface.

Start Free Scan →

Stay sharp.

🗡️ KENSAI Security Team