RESEARCH
Threat Thursday: June 4th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. This week's stories have a clear pattern: attackers didn't find obscure entry points or novel techniques but instead went after the things you were already using and already trusting. As always, ...
Communicating Risk
Building Trust in Executive Relationships: Lessons from King Lear
A Framework for Establishing the Kind of Trust that Survives Budget Season Imagine the curtain going up and a group of players act out the opening scenes of Shakespeare's King Lear, just for you. An aging king sits in his ...
Your Jokes Were Funny. They Still Didn't Renew.
How MSPs Build the Kind of Client Rapport That Survives a Budget Review You walked out of the meeting feeling good. The handshake was firm, the small talk landed, and you even got a laugh with the printer joke. You ...
Value That Converts: Why Your vCSO Pitch Keeps Getting Pushed to IT
You walked out of that meeting feeling like a closer. Your credentials were on point. You covered the whole stack: EDR, SIEM, MDR, quarterly risk assessments, tabletop exercises, NIST alignment. Your vCSO offering was solid. You even had a phased ...
Dark Web Monitoring & Threat Intelligence
Part 2: Congratulations, Your Password Manager Made the News (Again)
If you caught Part 1 last week, you know the shape of what TeamPCP has been running since December 2024: one supply chain campaign, still expanding, with credentials stolen over a year ago still being spent today. Part 2 is ...
Part 1: Congratulations, Your Password Manager Made the News (Again)
You've probably seen the headlines. Bitwarden compromised. Trivy compromised. Checkmarx tools compromised. A handful of other developer tools before that. Each one got its own news cycle, its own advisory, its own "here's what to do if you're affected" post. ...
Your OSINT Reality Check: Here’s What an Attacker Is Finding in 30 Minutes or Less
Today’s connected, AI-driven digital ecosystem has made it easier than ever to build a professional brand, network with peers, and share ideas with a wider audience. It’s opened doors for businesses that simply didn't exist before: new customers, new partnerships, ...
Human Layer Security
The Deepfake Was Convincing. So Was My Backpack.
Why Social Engineering Still Works, Why AI is Making it Sharper, and the One Habit that Stops it In early 2024, an employee at Arup, a global engineering firm, joined a video call with several colleagues, including someone who appeared ...
The Invisible Workforce
The Shadow AI Running Inside Your Clients' Environments and How MSPs Can Get Ahead of It It's Monday morning. A client's controller is on the phone. She spent Friday afternoon cleaning up the vendor list inside their accounting platform's new ...
Your AI Agent Visits Websites on Your Behalf. Attackers Are Leaving It Notes.
The last two years of AI adoption inside businesses have followed a pretty consistent pattern. A team tries a tool, it saves them time, word gets around, and suddenly half the company is using something IT didn't approve. Now those ...
More Articles
Why Plaintiff Attorneys Are Watching Your Breaches—And Why You Can’t Hide
Managed Service Providers (MSPs) sit at the heart of their clients’ IT and cybersecurity. But when it comes to data breaches, MSPs often underestimate who’s paying attention. It’s not just regulators and customers—it’s also plaintiff attorneys eager to file class-action ...
The Tale of Two MSPs: Why Buying Every Shiny Security Tool Is Killing Your Business
This week, I’m at a security event. You know the scene: vendor hall packed with shiny solutions, MSP owners wandering the aisles, scratching their heads, trying to figure out what’s “must-have” and what’s just sales smoke. I talked to two ...
Overwhelmed by Alerts? Here’s How MSPs Can Finally Break Free from the Noise
The flood of alerts is killing your team’s focus—and your clients’ security. Default vendor alerts are too noisy. Engineers are drowning in false positives, ignoring real threats, and burning out in the process. If you’re running an MSP, you’ve seen ...
Your Clients Don’t Have a Cyber Playbook—And That Makes You the Scapegoat
Why MSPs Keep Taking the Fall If you are an MSP owner or operator, here is the hard truth. When your client experiences a cyber incident, you are going to be blamed. It doesn’t matter if the breach happened because ...
Part 2: For the Price of Coffee, You Can Avoid Buying a Hacker a Yacht
Last time we looked at why tabletop exercises matter and how they can reveal the cracks MSPs don’t notice until it’s ...
Dropping the Bricks and Picking Up What Matters
Have you ever felt like you’re carrying around a ton of bricks? Not the sturdy, well-stacked kind either. I’m talking about the ones someone tossed into your backpack one by one until you’re hunched over, wondering why your knees suddenly ...
Part 1: For the Price of Coffee, You Can Avoid Buying a Hacker a Yacht
It always starts like a normal day. You grab coffee, drop your lunch in the fridge, skim through tickets and emails, maybe ...
If You Missed the Security Chaos of the ‘90s, You’re in Luck!
We’re all seeing it. AI is changing how we approach nearly every part of business. It’s taking meeting notes, spitting out action items, and building chatbots to handle the flood of internal questions. The potential benefits for busy teams and ...
Shadow IT Just Went Legal—and It's Coming for Your MRR
Earlier this year, a quiet courtroom in the Central District of California made noise the entire cybersecurity industry should be hearing: for the first time ever: a federal judge used the term “Shadow IT” in a legal ruling. And just ...
New State Cyber Rules Are Coming—Will You Be Ready, or Be the One They Blame?
California. New York. Massachusetts. One by one, states are turning up the heat on cybersecurity regulations—and if you're not preparing your clients for what’s coming, you're not just behind. You're exposed. Last week I blogged about upcoming California rules requiring ...
Vibe Hacking: The AI Nightmare Your Clients Aren’t Ready For
Do you have a plan to save your clients from the next big cybercrime wave? Because it’s already here. And it has a name: vibe hacking. Sounds harmless, right? Like something your marketing intern came up with after too much ...
Your Clients Are Already Breaking the AI Rules You Never Wrote
Let’s get real. Your clients are already using AI. They’re excited about how much more “effective” it makes them. Which means they’re doing the one thing you begged them not to do: Uploading PII? Happening. Copy-pasting sensitive client records into ...
