A security researcher discovered vulnerabilities in ToDesktop's build pipeline that could enable malicious code deployment to major tech applications like Cursor, Linear, and Notion Calendar. Through Firebase exploration and CLI analysis, they found ways to hijack the deployment pipeline and access sensitive credentials, potentially affecting millions of users in tech environments.

https://kibty.town/blog/todesktop/

#securityvulnerability #cloudinfrastructure #firebase #electron #devops