The eastern US is the latest place to be hit with intense heat as the world plays a game of hot potato.

In the coming days, New York is expected to see temperatures rise to near 100 degrees Fahrenheit (38 degrees Celsius), but with humidity, it could feel more like 109 degrees Fahrenheit (43 degrees Celsius). Temperatures in other cities ranging from Detroit to Washington, DC, to Boston will see temperatures 20 degrees Fahrenheit above normal as the holiday weekend approaches.

The temperatures won’t be as high as they are in Phoenix. But this isn’t a dry heat; coupled with the humidity, anyone venturing outside is sure to experience roughly the equivalent of hanging out inside a dog’s mouth. Beyond the sheer grossness of hot, humid weather, there are also very serious health concerns.

Humidity hampers sweating—the most powerful tool the human body has to cool off. Sweat removes heat from the body by evaporating into the air, but this becomes less effective in humid conditions, when the atmosphere is already full of vaporized water. “When there’s high humidity, especially in a heat wave, it’s much more difficult for the body to physiologically cool off,” says Richard Allan, a climate scientist at the University of Reading.

The National Weather Service map of warnings is a patchwork of reds and pinks, with the agency raising extreme heat warnings and watches. While daytime highs will be eye-popping, overnight lows will be particularly problematic.

“Several days in a row of hot temperatures with little relief from overnight low temperatures can increase heat stress on the human body,” the NWS warned in its forecast.

That danger was underscored by New York mayor Zohran Mamdani, who wrote in a social post that New Yorkers should come up with a heat plan. First and foremost that means finding access to air conditioning, then checking on neighbors and people with illnesses that may make them susceptible to heat-related health issues.

The blast of extreme heat comes a week after Europe dealt with record-shattering temperatures. (The continent also saw blistering temperatures and high humidity in late May.) Burning fossil fuels has ensured that nearly every heat wave is more intense than it would’ve been in a preindustrial climate.

“The warming from rising greenhouse gases is clearly adding to global temperature, and that adds extra heat to the heat waves,” Allan says. “It promotes moderate heat to become extreme heat … These humid conditions may be more likely to be promoted into a hot, humid heat wave rather than just humid and warm.”

El Niño is another culprit that could be playing a role in this heat wave.

The natural climate phenomenon forms every few years in the tropical Pacific, but it affects weather around the world. That includes helping boost temperatures across the northern tier of the US and parts of Canada. El Niño was declared earlier this month, and it’s expected to be a particularly potent iteration that will only strengthen as summer goes on. With the hottest months still ahead, that means the odds are good that if you missed this chance to feel what it’s like inside a dog’s mouth, you’ll have plenty more chances.

With this funding, European researchers can test how their scientific work could impact society.

Four Irish-based researchers have won Proof of Concept grants from the European Research Council (ERC).

Funding for the first funding round this year is worth more than €27m, and is divided between 182 researchers with ideas that show potential for commercial or societal impact. Each individual grant is worth €150,000.

Some of the chosen ideas include developing 3D-printed ‘bio-inspired’ electronics, a tool to help doctors protect vital parts of the brain during surgery, and an advanced ready-made breast cancer vaccine.

University College Dublin (UCD) researcher Prof Niamh Nowlan received ERC funding to further her work around new treatments for a broad range of paediatric growth disorders.

Nowlan is a professor of biomedical engineering at the UCD School of Mechanical and Materials Engineering and a fellow of the UCD Conway Institute.

Her project, called ‘Grow-Reg’, will attempt to identify specific cell surface markers that aid in the growth of children’s bones, to help develop treatments designed to speed up or slow down growth of one or more bones without systemic drugs or surgeries.

“Advancing basic research closer to patients (especially babies and children) is hugely rewarding and we are excited to get started,” said Nowlan. Grow-Reg builds on a previous ERC-funded project led by Nowlan.

“By creating the foundation for a targeted delivery platform capable of modulating growth plate activity with high anatomical precision, we hope to ultimately enable new treatments for a broad range of paediatric growth disorders, reduce reliance on invasive surgery, and improve the safety and specificity of existing biologic therapies,” she said.

Meanwhile, two University of Galway research projects also succeeded in receiving Proof of Concept grants. Led by systems biomedicine professor Ines Thiele, ‘iChatRD’ aims to develop a user-centred clinical decision support system to diagnose rare and inherited metabolic diseases.

“When exploring avenues for translating our fundamental research on digital metabolic twins into patient-focused applications, we kept encountering a major challenge. The richest clinical information exists as free text – the language of a human, not of a computer,” Thiele said.

“iChatRD bridges this gap by enabling metabolic modelling and natural language work together to suggest candidate diagnoses for inherited metabolic diseases.

“The ERC Proof of Concept grant now helps us take iChatRD into the real world by working directly with clinicians to help shorten the diagnostic odyssey that may burden rare disease patients for years.”

The second Galway project, called ‘GelEV’, will focus on developing technology that could improve regenerative medicine delivery to injured tissue sites. Led by Meadhbh Brennan, the project is engineering a hyaluronic acid hydrogel for better delivery to extracellular vesicles.

University of Limerick also bagged a grant win with a project called ‘Eve Heals’ that hopes to heal diseases affecting the skin using in-vitro engineered living substitutes. The project is led by Dimitrios Zevgolis, who also works across institutes at UCD.

“Many of today’s innovations begin with a researcher asking a fundamental question. These 182 projects show that curiosity-driven science and real-world impact go hand-in-hand,” said Ekaterina Zaharieva, the European commissioner for start-ups, research and innovation.

“With Proof of Concept funding, ERC researchers can test how their discoveries could become new treatments, technologies, services or solutions that benefit people across Europe.”

2026’s first Proof of Concept round invited 15pc more proposals than a year ago, the ERC said. Applications for the second round are open, with a September deadline.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Business Email Compromise (BEC) is often described in the media as merely an email scam, but in reality, it’s part of an organized broad operation. The email itself is only one part of the attack chain. In order to support a successful monetization of email fraud, attackers need to be patient and learn about the procurement process in the organization, and to build or rent an entire infrastructure and operation. 

A single BEC often includes gaining access to their targeted business, gathering raw data, analyzing the mailbox context, building reliable communication channel, accessing t reliable payment infrastructure, orchestrating everything in the right timing, and finding a way to move money after it’s stolen.

Flare researchers sampled and analyzed underground posts related to BEC from the past year; Highlights of the findings include:

• AI-powered BEC is getting popular, reducing the learning time and increasing the scam “quality”.

• Actors are interested mainly in SaaS accounts (such as O365). Corporate leadership and financial employees are the most desired targets.

Advertisement

• There are special call centers designed to apply pressure on a targeted business to finalize the fraudulent payment. 

• Cash-out is the biggest bottleneck of BEC, hackers need to find relevant business bank accounts or cash-out partners which is relatively considered a difficult task. 

BEC Exceeds the Boundaries of Email

BEC begins with access to an organizational mailbox or a business SaaS account. Once in, the threat actors often analyze the account, then study and map the organization, mainly by understanding organizational structure and specifically financial privileges, procurement process, internal conversations, communication with vendors, and invoices.

After everything is collected, the threat actors can attempt to make a fraudulent request.

This is what makes BEC difficult to detect. A suspicious email from an unknown sender is one thing. But a message sent from a compromised mailbox, inside an existing conversation, using real names, real invoice references, and familiar wording is much harder for employees to question.

Unsurprisingly, Flare data shows that threat actors highly value email accounts of employees from the finance department, as they are tools to understand the financial operations.

Inside these accounts, the threat actors are looking for referenced accounts receivable, accounts payable, payrolls, invoices, overdue payments, and customer payment relationships. 

Case Study: Hacker Discussions on BEC

A thread named “Business Email Compromise (BEC) – Experiences & Discussion” created by a threat actor named Bigjack, in January 2026, clearly illustrates how this operation works.

Bigjack described how he is using remote access malware to gain initial access, then compromising company mailboxes and using them to send invoices. The actor’s questions focused less on the technical intrusion and more on the practical fraud aspects based on experience: 

• When to send the invoice

• How to create urgency

• How to ask for a large amount without raising suspicion

Advertisement

• What mailbox information should be reused

• What kind of proof can be provided if questioned

• Which mistakes can ruin the operation

The replies showed how other threat actors view BEC and therel experiences. One threat actor highlighted the significance of intercepting an invoice payment process. Another said that identifying who validates the payment requests and defrauding him is the most important aspect. Other threat actors’ emphasize the significance of cash-out, saying that reliable collaboration and support is the most critical aspect.

This single correspondence clearly depicts the mindset of threat actors regarding BEC. Threat actors learn from experience that they need to fully understand the procurement process (the right timing, the right pressure, the right financial context, and the right receiving account) before they can start sending effective fraudulent invoices.

The Cash-Out Part Is a Bottleneck

Monetization of BEC is nearly impossible without a reliable proper receiving account, so. threat actors connect to mule networks and use cash-out services. This is a hard task because the threat actors need to find a reliable, operational, “clean”, relevant bank account to finalize the fraud.

A threat actor named neoresu emphasizes that it’s not just the destination bank account, but also the person who validates the payment needs special care. He offered his services and also talked about using a call center to increase the success rate.

Another threat actor named “Capita” claimed to have operated BEC activity for six years in Europe (mainly in Germany, Finland, and Austria) and described using peer-to-peer money movement, and a call center to pressure companies into faster payments.

There are also posts that are looking to recruit money mules for a BEC scheme. Specifically involving business bank accounts, and fast money transfer.

Support Call Centers to Apply Pressure

Several posts also referenced calls as part of the BEC process. In the Bigjack thread, the actor asked when to call after sending the invoice, while another participant claimed to operate a call center used to pressure companies into faster payments.

This matters because BEC is not always email-only fraud. A follow-up call can make the request feel more legitimate and urgent. For defenders, a second channel should not be treated as proof of authenticity if the requester introduced or controlled that channel.

AI-Powered BEC Attacks

Underground discussions indicate that AI is increasingly being adopted to improve the effectiveness and scalability of BEC campaigns.

In the post below by blackhatpakistan, the threat actors describe using AI to generate realistic business correspondence, mimic executive and employee writing styles, and produce context-aware payment requests or invoice fraud emails that blend into legitimate communication.

Rather than relying on a single template, AI enables the creation of thousands of unique email variations, making campaigns more difficult for traditional content-based detection systems to identify.

Dedicated underground tools are also promoted for generating entire email conversation chains, allowing attackers to hijack existing business discussions and inject fraudulent payment requests with a higher degree of authenticity.

Practical Advices for Defenders

Underground discussions clearly show that we must increase BEC defenses.. The security posture should begin way long before the first fraudulent invoice arrives. What we’ve learned from attackers: 

• Attackers target specific personnel in the organization. Defenders must identify the potential targets and apply additional training to leadership, the financial department and whoever takes part in the procurement process.

Advertisement

• Attackers are now using AI-powered artifacts such as emails, invoices, documents, and messages. Defenders need to identify AI-generated content and deep-fake items.

• Attackers leverage dedicated call centers to pressure financial decision-makers and payment approvers into authorizing fraudulent transactions. Defenders should gather intelligence and learn what techniques these centers use to better educate their relevant employees.

• Attackers highlight the significance of specific points in time, waiting for approvers to be on vacation, as well as other tips to improve the success rate of their fraudulent activity. Defenders should learn about these special markers and apply further defense mechanisms during specific periods, such as employee vacations.

Flare helps by giving security teams visibility into these underground markets and by monitoring exposed employee credentials, corporate domains, login portals, SaaS applications, and related indicators across deep and dark web sources.

This allows organizations to detect when their access points appear in credential collections or search-service advertisements, prioritize the most relevant exposures, and respond faster with password resets, session revocation, MFA enforcement, and investigation of possible account misuse.

Learn more by signing up for our free trial.

Sponsored and written by Flare.

X is making it easier for AI assistants like Claude, Cursor, Grok Build, and other MCP-compatible apps to connect directly to the platform through a new hosted MCP server.

On Monday, the Elon Musk-owned social network unveiled a hosted Model Context Protocol (MCP) server that lets AI tools communicate with the X API using a user’s own account permissions.

MCP, for context, is an open standard that defines a common way for AI models to connect to external tools and services. Previously, if developers wanted an AI assistant like Claude or Cursor to access X, they would have to build their own MCP server, host it, connect to the X API, and handle the authentication. Now, X hosts the MCP, and users authenticate with their own X account’s permissions.

This allows developers to save the time spent on integration work to focus on whatever it is they’re actually building.

Developers have long been able to search X, read posts, look up users, analyze conversations and trends, and do more using the platform’s API. The hosted MCP doesn’t add new capabilities on that front; it just makes them easier to expose to AI applications. By doing so, X can position itself as an information network filled with real-time data to retrieve and analyze, rather than just a social hangout.

The move sees X joining a growing number of companies that now offer their own official MCP servers or endpoints, like GitHub, Slack, Notion, Stripe and Salesforce.

Of course, there’s always concern that by removing an infrastructure hurdle, X is opening itself up to more automated posting or spam.

It’s worth noting that the hosted MCP isn’t bypassing X’s API rules, which continue to restrict its use if the company detects spammy behavior.

X also updated its API v2 earlier this year to address the issue of AI-generated spam, particularly programmatic replies to conversations. Plus, it recently updated its API pricing, increasing the cost for publishing posts to $0.015, and posting links to $0.20. The price increases were designed to “curb vectors of misuse,” X said at the time — meaning it’s at least getting more expensive to spam X.