how to gain code execution on millions of people and hundreds of popular apps - eva's site

A security researcher discovered vulnerabilities in ToDesktop's build pipeline that could enable malicious code deployment to major tech applications like Cursor, Linear, and Notion Calendar. Through Firebase exploration and CLI analysis, they found ways to hijack the deployment pipeline and access sensitive credentials, potentially affecting millions of users in tech environments.