RESEARCH
Threat Thursday: May 28th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. Every week, we cover the cybersecurity stories that matter most including what happened, what the impact could be, and what your organization should do about it. Whether you’re overseeing risk management ...
Communicating Risk
Building Trust in Executive Relationships: Lessons from King Lear
A Framework for Establishing the Kind of Trust that Survives Budget Season Imagine the curtain going up and a group of players act out the opening scenes of Shakespeare's King Lear, just for you. An aging king sits in his ...
Your Jokes Were Funny. They Still Didn't Renew.
How MSPs Build the Kind of Client Rapport That Survives a Budget Review You walked out of the meeting feeling good. The handshake was firm, the small talk landed, and you even got a laugh with the printer joke. You ...
Value That Converts: Why Your vCSO Pitch Keeps Getting Pushed to IT
You walked out of that meeting feeling like a closer. Your credentials were on point. You covered the whole stack: EDR, SIEM, MDR, quarterly risk assessments, tabletop exercises, NIST alignment. Your vCSO offering was solid. You even had a phased ...
Dark Web Monitoring & Threat Intelligence
Part 2: Congratulations, Your Password Manager Made the News (Again)
If you caught Part 1 last week, you know the shape of what TeamPCP has been running since December 2024: one supply chain campaign, still expanding, with credentials stolen over a year ago still being spent today. Part 2 is ...
Part 1: Congratulations, Your Password Manager Made the News (Again)
You've probably seen the headlines. Bitwarden compromised. Trivy compromised. Checkmarx tools compromised. A handful of other developer tools before that. Each one got its own news cycle, its own advisory, its own "here's what to do if you're affected" post. ...
Your OSINT Reality Check: Here’s What an Attacker Is Finding in 30 Minutes or Less
Today’s connected, AI-driven digital ecosystem has made it easier than ever to build a professional brand, network with peers, and share ideas with a wider audience. It’s opened doors for businesses that simply didn't exist before: new customers, new partnerships, ...
Human Layer Security
The Invisible Workforce
The Shadow AI Running Inside Your Clients' Environments and How MSPs Can Get Ahead of It It's Monday morning. A client's controller is on the phone. She spent Friday afternoon cleaning up the vendor list inside their accounting platform's new ...
Your AI Agent Visits Websites on Your Behalf. Attackers Are Leaving It Notes.
The last two years of AI adoption inside businesses have followed a pretty consistent pattern. A team tries a tool, it saves them time, word gets around, and suddenly half the company is using something IT didn't approve. Now those ...
The Annual Tradition of Forgetting Everything We Learned About Cybersecurity
Because nothing says “security first” like annual PowerPoint fatigue. Well, it’s that time of year again. Pumpkin-spiced coffee, ghosts and goblins, trees turning colors, and holiday ads airing entirely too early. Oh yeah, and Cybersecurity Awareness Month! I almost forgot. ...
More Articles
This Type of Blame Will Destroy Your MSP Unless You Do This First
It starts the same way every time. Something breaks. A phishing email slips through. An account gets compromised. Ransomware locks up a server. The client panics. Then the questions begin. What happened? How bad is it? And then the one ...
Phishing: The Big, Hairy Problem Nobody Has Solved (Until Now)
Let’s talk about the elephant in the room. Phishing is still the single biggest way attackers get in. IBM just put out their latest report for 2025, and for the first time phishing has officially overtaken stolen credentials as the ...
Your Marketing Sounds Like It Was Written by a Robot—Because It Was
Let’s be honest. You’re slammed with tickets, chasing down weird user issues, and trying not to lose your mind over Janet’s printer—again. So when someone suggests using AI to handle your marketing, it sounds like a miracle. Here’s the problem: ...
The Ice Cream That Cost Him a Client (And Made Him Thousands)
I was having an ice cream cone with the owner of an MSP recently. Yes—ice cream. I’m a fan. Anyway, we’re talking shop, and he drops this bomb on me: “Bruce, your team ran a pen test on one of ...
WARNING: Why Your Clients’ AI Habits Could Become YOUR Legal Nightmare
If you think AI tools like ChatGPT are harmless for your clients, think again. Last week, Sam Altman—the CEO of OpenAI—publicly warned that conversations with ChatGPT are not covered under legal privilege. People using ChatGPT as a “therapist” or “confidant” ...
Stop Handing Hackers the Keys: Why CVSS 8.2 Credential Leaks Just Made Legacy Scanning Obsolete
When two high-risk CVEs (CVE-2025-32353 and CVE-2025-32354) hit last week, the message was loud and clear: the way most MSPs perform security assessments is no longer just outdated—it’s risky. These vulnerabilities revealed that some widely used scanning tools store administrative ...
Tribal Knowledge Will Sink Your MSP: Why “Sorta Documented” Is a Lawsuit Waiting to Happen
There is a silent killer inside most MSPs. It is not ransomware. It is not an unpatched firewall. It is not even a missed backup. It is tribal knowledge. Walk into any MSP and you will see the same thing. ...
Business Risks in 2025: When Tools Fail, What’s Next
Meta Description (≈155 characters): Every tool your business relies on can fail. In 2025, risk assessments and planning for disruptions are essential to protect revenue and reputation. In business, tools are everywhere. They are the systems, services, and partnerships we ...
Is Your Business Ready to Defend Its Cybersecurity Program?
You probably think your business is covered when it comes to cybersecurity. You’ve got IT support. You have tools in place. You’re investing in the right software. But if a regulator, auditor, insurer—or worse, a lawyer—asked you tomorrow to prove ...
Your PSA Won’t Save You From a Breach
I had dinner the other night with one of our partners. Great guy. Smart. Ambitious. Doing all the right things to grow his MSP… except one. He’s rebuilding his PSA. And his RMM. At the same time. Which sounds productive—until ...
Cyber Disasters Are Coming—Will Your Clients Be Ready?
Before the Guadalupe River surged 33 feet in Texas this past July, the alerts were already out. Phones buzzed. Radios screamed. ...
Who’s Going to Pay When the Lawyers Show Up? (Hint: Probably You)
Look, I’ll make this simple. You didn’t build your MSP so some lawyer could come along and tear it to pieces. Or so some regulator could slap you with fines that would make your next quarterly tax bill look like ...
