A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges.
https://speedify.com/blog/news/speedify-macos-vpn-application-vulnerability/