Galactic Research: Articles & Insights
Threat Thursday: June 18th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. Every Thursday we break down the cybersecurity stories that matter most for protecting your organization, with each item split into what happened, what it could mean for you, and what to ...
AI Security
OpenClaw's Marketplace Got Stuffed With Malware. Here's Why That Was Always Going to Happen.
What a Malware-Filled AI Agent Marketplace Tells Us About How the Industry Keeps Making the Same Mistake I've spent the better part of my career watching organizations adopt new technology faster than they can secure it, and documenting what happens ...
The Deepfake Was Convincing. So Was My Backpack.
Why Social Engineering Still Works, Why AI is Making it Sharper, and the One Habit that Stops it In early 2024, an employee at Arup, a global engineering firm, joined a video call with several colleagues, including someone who appeared ...
The Invisible Workforce
The Shadow AI Running Inside Your Clients' Environments and How MSPs Can Get Ahead of It It's Monday morning. A client's controller is on the phone. She spent Friday afternoon cleaning up the vendor list inside their accounting platform's new ...
Threat Intelligence
Threat Thursday: June 18th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. Every Thursday we break down the cybersecurity stories that matter most for protecting your organization, with each item split into what happened, what it could mean for you, and what to ...
Threat Thursday: June 11th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. This week's stories share one theme: the gap between a vulnerability becoming public and a working exploit existing is collapsing toward hours, and the coordinated disclosure process meant to give defenders ...
Threat Thursday: June 4th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. This week's stories have a clear pattern: attackers didn't find obscure entry points or novel techniques but instead went after the things you were already using and already trusting. As always, ...
Security Education
Vulnerabilities Are Now the #1 Way In. The Window to Fix Them Is Closing.
Most of the time, I didn't break into a network so much as let myself in through something with a fix already out (just not installed yet): the VPN concentrator three versions behind, the firewall with a known vulnerability fixed ...
Your OSINT Reality Check: Here’s What an Attacker Is Finding in 30 Minutes or Less
Today’s connected, AI-driven digital ecosystem has made it easier than ever to build a professional brand, network with peers, and share ideas with a wider audience. It’s opened doors for businesses that simply didn't exist before: new customers, new partnerships, ...
Part 2: Threat Actors Don't Pick You. You Just Happen to Be There.
In Part 1, we established that Handala didn't pick Stryker off a strategic target list and then figure out how to break in. They found access, recognized the value, and used it. That's still a deliberate, damaging attack—it just means ...
Strategy & Leadership
Building Trust in Executive Relationships: Lessons from King Lear
A Framework for Establishing the Kind of Trust that Survives Budget Season Imagine the curtain going up and a group of players act out the opening scenes of Shakespeare's King Lear, just for you. An aging king sits in his ...
Your Jokes Were Funny. They Still Didn't Renew.
How MSPs Build the Kind of Client Rapport That Survives a Budget Review You walked out of the meeting feeling good. The handshake was firm, the small talk landed, and you even got a laugh with the printer joke. You ...
Value That Converts: Why Your vCSO Pitch Keeps Getting Pushed to IT
You walked out of that meeting feeling like a closer. Your credentials were on point. You covered the whole stack: EDR, SIEM, MDR, quarterly risk assessments, tabletop exercises, NIST alignment. Your vCSO offering was solid. You even had a phased ...
All Articles
“We’re Not Offering Cyber Liability Essentials to Our Clients…”
That’s what one of our MSP partners told me this week. Said it would make it “too easy” for their clients to not invest in real security. I almost choked on my coffee. Listen—I get the logic. You want your ...
“What’s the ROI on Security?” Here’s the Only Answer That Matters
At some point, every MSP hears it. A skeptical client, arms crossed, looking you dead in the eye: “I get it—but what’s the ROI on all this security?” To them, your security stack feels like an insurance policy they hope ...
Wait… Are You Saying Compliance Is Dead?
I got a message today that made me spit out my coffee. It started like this: “From the recent Tuesday webinars, it seems Galactic is moving away from providing compliance as a service…” Hold on. Nope. Not even close. Let ...
The Least Engaged Person on Your Team Is Your Biggest Security Risk
Last week, I flew 81 Galacticos into Nashville. It was our offsite—a day to plan, get sharp, and punch some holes in our own assumptions. We do something at these events called Galactic Shark Tank. It’s exactly what it sounds ...
What AI’s Really Doing in Your Office (And Why You Should Be Terrified)
Let me ask you something you probably don’t want to answer: Do you actually know what your team is doing with AI? Not what they say they’re doing. Not what you hope they’re doing. What they’re really doing—with your company’s ...
What Your Last IT Project Really Cost You
You did the thing every business does: You launched an IT project. Maybe it was a migration. Maybe a new app rollout. Maybe you just “upgraded some systems.” Great. You made the investment. You expected ROI. But here’s the question ...
How Will You Respond When the Letter Shows Up?
Let’s say a breach hits your company. The bad kind. Ransomware, data theft, media buzz—the full circus. Do you have a plan? I’m not talking about the “we have antivirus” plan. I mean playbooks. Protocols. A real, documented incident response ...
Even Cartier Can’t Keep the Hackers Out. What Chance Do You Think You Have?
Cartier just got hit. So did The North Face. Not exactly fly-by-night operations. These are brands with billion-dollar reputations—and hackers still got in. Customer data stolen. Systems compromised. Public announcements trying to minimize the damage. The usual script. And it’s ...
Microsoft Just Extorted You. Here’s What to Do About It.
You don’t have to upgrade to Windows 11. That’s the good news. The bad news? If you don’t, your business is about to enter a slow, painful spiral into cyber vulnerability and operational chaos. Right now, people are calling Microsoft’s ...
You Just Lost Your Phone. Now What?
Let’s be honest. You probably don’t lose things. You don’t misplace your keys. You don’t forget where you parked. And your phone? It’s probably surgically attached to your hand. But here’s the thing—phones get lost. Phones get stolen. And if ...
The Shocking Truth About Your Macs
Let me tell you a story we didn’t expect to write. We’ve been hammering away in our lab, diving deep into the Apple ecosystem—testing, poking, simulating real-world attacks. You know what we found? macOS is tight. The security architecture? Rock ...
The IRS Test: Why Your Cyber Program Needs More Than Just Good Intentions
Think about your cybersecurity the same way you’d think about your books. Everyone says they “take security seriously.” But when the auditors show up—or worse, the breach happens—intentions don’t matter. Proof does. Here’s how I break it down for MSPs ...
