RESEARCH
Threat Thursday: June 4th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. This week's stories have a clear pattern: attackers didn't find obscure entry points or novel techniques but instead went after the things you were already using and already trusting. As always, ...
Communicating Risk
Building Trust in Executive Relationships: Lessons from King Lear
A Framework for Establishing the Kind of Trust that Survives Budget Season Imagine the curtain going up and a group of players act out the opening scenes of Shakespeare's King Lear, just for you. An aging king sits in his ...
Your Jokes Were Funny. They Still Didn't Renew.
How MSPs Build the Kind of Client Rapport That Survives a Budget Review You walked out of the meeting feeling good. The handshake was firm, the small talk landed, and you even got a laugh with the printer joke. You ...
Value That Converts: Why Your vCSO Pitch Keeps Getting Pushed to IT
You walked out of that meeting feeling like a closer. Your credentials were on point. You covered the whole stack: EDR, SIEM, MDR, quarterly risk assessments, tabletop exercises, NIST alignment. Your vCSO offering was solid. You even had a phased ...
Dark Web Monitoring & Threat Intelligence
Part 2: Congratulations, Your Password Manager Made the News (Again)
If you caught Part 1 last week, you know the shape of what TeamPCP has been running since December 2024: one supply chain campaign, still expanding, with credentials stolen over a year ago still being spent today. Part 2 is ...
Part 1: Congratulations, Your Password Manager Made the News (Again)
You've probably seen the headlines. Bitwarden compromised. Trivy compromised. Checkmarx tools compromised. A handful of other developer tools before that. Each one got its own news cycle, its own advisory, its own "here's what to do if you're affected" post. ...
Your OSINT Reality Check: Here’s What an Attacker Is Finding in 30 Minutes or Less
Today’s connected, AI-driven digital ecosystem has made it easier than ever to build a professional brand, network with peers, and share ideas with a wider audience. It’s opened doors for businesses that simply didn't exist before: new customers, new partnerships, ...
Human Layer Security
The Deepfake Was Convincing. So Was My Backpack.
Why Social Engineering Still Works, Why AI is Making it Sharper, and the One Habit that Stops it In early 2024, an employee at Arup, a global engineering firm, joined a video call with several colleagues, including someone who appeared ...
The Invisible Workforce
The Shadow AI Running Inside Your Clients' Environments and How MSPs Can Get Ahead of It It's Monday morning. A client's controller is on the phone. She spent Friday afternoon cleaning up the vendor list inside their accounting platform's new ...
Your AI Agent Visits Websites on Your Behalf. Attackers Are Leaving It Notes.
The last two years of AI adoption inside businesses have followed a pretty consistent pattern. A team tries a tool, it saves them time, word gets around, and suddenly half the company is using something IT didn't approve. Now those ...
More Articles
You’re Going to Universe—But You Left Your Engineer Behind?
I was talking to the CEO of an MSP this week. Sharp guy. He tells me, “Yeah, I’m going to Galactic Universe. So’s my sales guy.” I nodded… and waited. “And your service manager?” I asked. Silence. “No, just us.” ...
Stop Supporting Clients Who Don’t Want to Be Secure
I was on a call with the owner of an MSP the other day. Smart guy. He tells me, “We’ve got our Basic IT solution and our Advanced Security offering split out.” I nodded. That’s exactly how you should do ...
So, You Think Your Security Tools Have You Covered?
An attacker lands in your environment. It’s not ideal—but hey, you’ve done the right things. You’ve got a hardened stack. You’ve even deployed something bulletproof like SentinelOne. You’re sleeping well. Until you read this. There’s a Little Trick to Disable ...
One Lawsuit Away from Bankruptcy—And It’s Not Even Your Breach
I was talking to a lawyer recently—sharp guy, been through the wringer with business litigation. I asked him, “How do you avoid getting sued?” He didn’t even blink. “You don’t.” “If you’re running a business long enough, it’s not a ...
A $925,000 Wake-Up Call: How One MSP Got Dragged Into a Nightmare He Didn’t Cause
If you’ve been in the MSP business long enough, you’ve had this type of “client.” Not really a client. Not really not. The kind who doesn’t want your stack. Doesn’t want to be managed. Doesn’t believe in layered security or ...
You’re Testing Like It’s 2015—And Hackers Love That
I was just on a call with an engineer the other day—smart guy, lots of certifications, clearly well-meaning. We were walking through a penetration test report, and suddenly he hits me with this: “According to NIST, this pen test isn’t ...
Your People Aren’t the Problem. Your Lack of a Plan Is.
I was talking with an MSP CEO last week—let’s call him “Every MSP CEO Ever.” He had just hired a new service desk manager. This one, he told me, was different. This one was going to be successful. I asked, ...
The Clock Is Ticking: Windows 10 Is Dying, and You’re About to Be Buried in Bad Hardware
October 14, 2025. That’s the date Windows 10 joins the graveyard of obsolete operating systems. No patches. No updates. No support. And if your clients are still using it after that? They’re not just behind—they’re exposed. And when it all ...
Why Your Help Desk Is the New Front Line in the War on Data Extortion
You locked down the endpoints. You rolled out MFA. You trained your clients to spot suspicious emails like they were defusing bombs. And yet, here we are. They’re back. The callback phishers. The Luna Moth crew. The so-called “Silent Ransom ...
If You Were the MSP for Marks & Spencer, Would You Still Have a Business?
Last week, Marks & Spencer—a billion-pound British retail giant—made headlines. Not for a new product line. Not for record profits. For getting hacked and running their business on pen and paper. For over a week. The insider reports are brutal: ...
Your Salespeople Are Mission-Driven. Your Engineers Are Coin-Operated. Wait, What?
Let’s talk about the two most misunderstood species in your MSP: the sales rep and the engineer. You pay your sales team on commission. They close a deal? They get a check. Simple. Straightforward. “Coin-operated,” as many of you like ...
Why Your GRC Investment Is Doomed (And What to Do Instead)
Let me guess: you’ve finally pulled the trigger on a shiny new GRC platform. You’ve got dashboards, policy templates, user roles, workflows… and a sinking feeling in your gut that this whole compliance thing is going to fall apart in ...
