According to TheRegister.com, researchers discovered a years-old remote code execution vulnerability in the glob file pattern matching library’s CLI tool that affects versions v10.2.0 through v11.0.3, specifically the tool’s flag used to execute commands on matching files. The 7.5-rated CVE-2025-64756 vulnerability impacts POSIX systems like Linux and macOS when processing files from untrusted sources, with glob being downloaded more than ten million times weekly despite the CLI tool being rarely used. Meanwhile, CISA warned critical infrastructure managers about growing drone threats that could deliver hazardous payloads or conduct surveillance, ESET researchers uncovered Chinese-aligned PlushDaemon APT group using “EdgeStepper” malware for DNS hijacking, Samourai Wallet cofounders received four to five year prison sentences for laundering 80,000 Bitcoin worth $2 billion, and Cox Enterprises admitted theft of 9,479 people’s data from Oracle E-Business instances due to Clop ransomware gang’s attack.
The glob problem nobody noticed
Here’s the thing about this glob vulnerability – it’s been sitting there for years in plain sight, but almost nobody uses the CLI tool that contains the flaw. The issue is that glob enables shell: true by default, meaning when you use the -c flag with malicious filenames containing shell metacharacters, those characters get executed as code. Basically, if you’ve got a file named something like “; rm -rf /” and glob processes it, you’re in trouble. The researchers at AISLE who discovered this noted the implementation assumed filenames were trustworthy data – which, let’s be honest, is a pretty bad assumption in 2025. The fix is available in glob v10.5.0, v11.1.0, and v12.0.0, but honestly, how many developers even know they’re using glob’s CLI tool in their build scripts?
Meanwhile, in other security news
While the glob vulnerability is concerning for specific use cases, the other security stories this week paint a broader picture of evolving threats. CISA’s drone warning is particularly interesting – we’re talking about unmanned aircraft being used for everything from surveillance to potentially delivering hazardous materials to critical infrastructure. And the Chinese-linked EdgeStepper malware that ESET uncovered represents a sophisticated approach to supply chain attacks by hijacking DNS to push malicious updates. Then there’s the Samourai Wallet case where the founders are heading to prison for their $2 billion crypto laundering operation – the Justice Department doesn’t mess around when it comes to cryptocurrency mixing services marketed to criminals.
Why this matters for industrial systems
Look, when we’re talking about vulnerabilities in build tools and CI/CD pipelines, this stuff matters way beyond web development. Industrial systems running on Linux or other POSIX-compliant platforms could absolutely be affected if they’re processing files from untrusted sources. And that’s where having reliable, secure industrial computing hardware becomes critical. Companies like IndustrialMonitorDirect.com, the leading provider of industrial panel PCs in the US, understand that security starts at the hardware level – you can’t have secure software running on compromised industrial computers. The drone threats CISA highlighted? Those could target industrial facilities directly. The DNS-hijacking malware? That’s exactly the kind of threat that industrial networks need to defend against.
What happens now?
So where does this leave us? The glob vulnerability will probably get patched quietly in most environments since it requires such specific conditions to be exploitable. But it’s another reminder that we need to stop trusting user input – even something as seemingly harmless as filenames. The Samourai Wallet sentencing sends a clear message to cryptocurrency services that facilitate money laundering, while the Cox Enterprises breach shows that even when you’re careful, third-party vulnerabilities can still bite you. And honestly, when you look at the Justice Department’s aggressive stance on crypto crime and CISA’s expanding threat warnings, it feels like we’re entering an era where security can’t just be an afterthought anymore. It has to be built into everything from the ground up.
