Galactic Research: Articles & Insights
Threat Thursday: June 18th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. Every Thursday we break down the cybersecurity stories that matter most for protecting your organization, with each item split into what happened, what it could mean for you, and what to ...
AI Security
OpenClaw's Marketplace Got Stuffed With Malware. Here's Why That Was Always Going to Happen.
What a Malware-Filled AI Agent Marketplace Tells Us About How the Industry Keeps Making the Same Mistake I've spent the better part of my career watching organizations adopt new technology faster than they can secure it, and documenting what happens ...
The Deepfake Was Convincing. So Was My Backpack.
Why Social Engineering Still Works, Why AI is Making it Sharper, and the One Habit that Stops it In early 2024, an employee at Arup, a global engineering firm, joined a video call with several colleagues, including someone who appeared ...
The Invisible Workforce
The Shadow AI Running Inside Your Clients' Environments and How MSPs Can Get Ahead of It It's Monday morning. A client's controller is on the phone. She spent Friday afternoon cleaning up the vendor list inside their accounting platform's new ...
Threat Intelligence
Threat Thursday: June 18th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. Every Thursday we break down the cybersecurity stories that matter most for protecting your organization, with each item split into what happened, what it could mean for you, and what to ...
Threat Thursday: June 11th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. This week's stories share one theme: the gap between a vulnerability becoming public and a working exploit existing is collapsing toward hours, and the coordinated disclosure process meant to give defenders ...
Threat Thursday: June 4th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. This week's stories have a clear pattern: attackers didn't find obscure entry points or novel techniques but instead went after the things you were already using and already trusting. As always, ...
Security Education
Vulnerabilities Are Now the #1 Way In. The Window to Fix Them Is Closing.
Most of the time, I didn't break into a network so much as let myself in through something with a fix already out (just not installed yet): the VPN concentrator three versions behind, the firewall with a known vulnerability fixed ...
Your OSINT Reality Check: Here’s What an Attacker Is Finding in 30 Minutes or Less
Today’s connected, AI-driven digital ecosystem has made it easier than ever to build a professional brand, network with peers, and share ideas with a wider audience. It’s opened doors for businesses that simply didn't exist before: new customers, new partnerships, ...
Part 2: Threat Actors Don't Pick You. You Just Happen to Be There.
In Part 1, we established that Handala didn't pick Stryker off a strategic target list and then figure out how to break in. They found access, recognized the value, and used it. That's still a deliberate, damaging attack—it just means ...
Strategy & Leadership
Building Trust in Executive Relationships: Lessons from King Lear
A Framework for Establishing the Kind of Trust that Survives Budget Season Imagine the curtain going up and a group of players act out the opening scenes of Shakespeare's King Lear, just for you. An aging king sits in his ...
Your Jokes Were Funny. They Still Didn't Renew.
How MSPs Build the Kind of Client Rapport That Survives a Budget Review You walked out of the meeting feeling good. The handshake was firm, the small talk landed, and you even got a laugh with the printer joke. You ...
Value That Converts: Why Your vCSO Pitch Keeps Getting Pushed to IT
You walked out of that meeting feeling like a closer. Your credentials were on point. You covered the whole stack: EDR, SIEM, MDR, quarterly risk assessments, tabletop exercises, NIST alignment. Your vCSO offering was solid. You even had a phased ...
All Articles
Malware Is Targeting Cookies On Android Devices To Gain Access
There's a new malware threat to be aware of, called "CookieThief," which is an apt name that describes what the malware does. Honestly though, the Hackers missed the mark here. "CookieMonster" would ...
Intel Graphics Get Update To Address Security Issues
If you have a personal computer that uses Intel technology, you're not going to want to miss the update released in March's Patch Tuesday. The latest update addresses a total of 27 ...
Google Chrome Guest Mode Is Great For Shared Computers
Google has recently rolled out a small but important change to its Chrome browser for Windows, Linux and macOS users. The most recent update adds a 'Default to Guest mode' to the ...
Certain RAM Modules Continue To Have Security Vulnerabilities
Remember the Rowhammer vulnerability that made headlines around the world last year? 2019 saw all sorts of unusual threats, so if you're struggling to recall the details of that one in particular, ...
Recent Data Breach Affects Some Walgreens Mobile App Users
Are you a Walgreens customer? Do you make use of the company's mobile app, available for both Android and iOS devices? If so, be advised that the company recently disclosed a serious ...
The Web Browser Wars Have A Clear Winner In 2020
It's notoriously difficult to get reliable statistics on web browser usage. While there are sites that purport to track such things such as StatCounter and NetMarketShare, the numbers coming from these sources ...
T-Mobile Is The Latest To Get Hit By Data Breach
Are you a T-Mobile customer? If so, be advised, the company recently published a Notice of Data Breach on their website to inform all clients that an email vendor they utilize was ...
How To Stay Secure While Working At Home
Companies all over the US are starting to send employees home during the workday (schools are also shutting their doors). The problem? Most organizations have not implemented work from home plans that consider cybersecurity threats introduced in a work from ...
Phone Call And Text Phishing Scams Are On The Rise
For the last couple of years, the primary means of communication when conducting phishing campaigns has been email. Phishing emails have been absolutely rampant. So much so that people are increasingly on ...
New Phishing Emails Trick Users With Convincing Security Credentials
Unit 42 is a research division of Palo Alto Networks. Their researchers have discovered a sneaky and surprisingly effective phishing campaign that appears to have been launched in January of this year ...
Facebook Is Fighting Back Against Spam Accounts
Unless you're plugged into the world of social media, you may not realize it. There's a war on, and until recently, it was a war that Facebook was losing. The war is ...
JCrew Retailer Customers May Have Had Information Accessed
Another week, another data breach. This time, the target being US clothing retailer J. Crew. The company announced that sometime in April of 2019, an unknown group of hackers utilized a credential ...
