A nasty bug in many of the world’s Linux and Unix operating systems could allow malicious hackers to create a computer worm that wreaks havoc on machines across the globe, security experts say.

The flaw, called Shellshock, is being compared to last spring’s Heartbleed bug because it lets attackers do some nasty stuff—in this case, run unauthorized code—on a large number of Linux computer servers. The flaw lies in Bash, a standard Unix program that’s used to connect with the computer’s operating system.