Even though most of a Mac’s battery life is predestined by manufacturing variables out of your control, there are ways to prolong your Mac’s battery life. In some cases, they may not be worth the hassle.

With a smaller battery, most people talk about the best ways to extend both the battery life and overall battery health on iPhone. But your portable Mac is perhaps just as important.

Slowly, Apple has been building out its battery health features with new ones being added as recently as macOS 26.4. Here’s which ones to pay attention to and how they work.

Many of these options can be found in System Settings. The Battery category contains the relevant settings and graphs.

Apple battery settings

Right at the top of the Battery category, you’ll see your battery health. It will tell you in plain text what your battery health is, such as “normal” or “service recommended.”

If you tap the encircled “i,” it breaks it down further to show the battery condition and the maximum capacity. For my 3-year-old MacBook Pro, my battery’s maximum capacity is sitting at 83% and considered normal.

Optimized charging on Mac

If you tap on the “i” next to Charging, you can turn on Optimized Battery Charging. This feature is available on many Apple products, including iPhone, Apple Watch, and AirPods.

Check your battery health from System Settings

The idea is that your device won’t fully charge until you need it. It will keep your device at roughly 80% and then top off at the last minute.

For example, if you pick up your laptop to take to work or class at 7:30 AM, it will charge it to 80% and hold it there overnight, only reaching 100% around 7 AM, so it’s ready when you are. This way, it isn’t keeping the battery at full capacity for an extended period of time.

It’s so seamless that users shouldn’t even notice this happening.

Charge Limit

Another optional user-facing feature is Charge Limit. This does exactly what the name implies and sets a limit on how much your laptop can charge.

Set a charge limit for your Mac

Lithium-ion batteries take the most damage when charged to 100%. Efficiency drops as it tries to top off, creating more heat and degrading the battery faster.

If you limit your battery to 95%, 90%, or 80%, it will stay more efficient, produce less heat, and extend the overall lifespan of the battery.

When you do need to make sure your laptop is topped off, like for a trip, you can disable this charge limit just for the day, at which point it will automatically re-enable.

This feature was introduced to Macs with the recent macOS 26.4 update. For power users, the charge limit can be configured via Shortcuts, too.

High and low-powered chargers

Depending on your portable Mac, you can utilize chargers that offer up to 140W of power. You can still use lower-watt chargers, too.

They’ll just charge your laptop more slowly. Sometimes users aren’t aware of these slower chargers.

A small 5W USB charger won’t adequately charge a Mac

A new feature, again added with macOS 26.4, will alert you to insufficient chargers. If you grab a charger, perhaps meant for your iPhone, and connect it to your Mac, you’ll see an alert in the menu bar.

The slow charging indicator in the menu bar

This subpar charger warning can show in System Settings, too, if you head to the battery settings. Slow charging will be shown graphically as well.

Slow and fast charging can be seen in the battery settings

On the opposite end of the spectrum are fast chargers. For example, using the 140W power adapter that comes with the 16-inch MacBook Pro that yields 50% charge in only 30 minutes.

Users may be concerned about whether it is safe to use fast chargers with their Mac. Fast chargers will, of course, power your device more quickly, but this can significantly increase the heat output and hurt your battery health more.

As a starting point, your Mac will only draw the correct amount of power. It will never draw too much power.

If you have a MacBook Air and connect a 140W brick, that’s OK. Your Mac won’t try to accept 140W and damage your machine in any way — it’s perfectly safe.

MagSafe 3 is a great way to charge your Mac

That also means it isn’t going to perpetually draw 140W of power on a 16-inch MacBook Pro. It will initially ramp up the speed to charge the battery to a certain percentage before slowing down to minimize any damage.

It’s more the heat that is generated that can damage your battery than the wattage. Your Mac monitors its temperatures, so if it is particularly warm out or you’re doing some intensive tasks on your machine, it likely may not be accepting 140W of power even though that’s what you connected.

Higher wattage does cause more heat, which has the potential to do more harm, but honestly, the amount of damage is negligible. My recommendation is just to use the fast charger.

Your Mac can intelligently draw the correct amount of power

If you care a lot about your battery, make sure to use Optimized Charging or turn on the Battery Limit. That will help you more than the fast charger will hurt you.

Plus, fast charging is convenient. Your battery will inevitably fail regardless, and I’d rather make sure I can use my laptop than constantly worry about it.

If it’s any testament, I almost exclusively use a fast charger, and my 2023 16-inch MacBook Pro is still at 83% health after more than two years of use.

Leave your Mac plugged in

Finally, let’s talk about another oft-asked question — is it safe to leave your laptop plugged in?

Maybe you have a new Studio Display XDR and your Mac is always connected to power via Thunderbolt. Could this be bad for your battery to always be taking power?

The short answer is that it is perfectly safe. You can do this, and it will not hurt your battery health.

It’s safe to leave your Mac perpetually plugged in

If you’re looking for a longer answer, Apple essentially bypasses the internal battery when connected like this. It’s called “battery float” when you simultaneously charge and discharge the battery, and it’s obviously not good.

For the last many, many years, Apple has designed its portable machines to run off of that external power directly, reducing the wear and tear on your battery.

The end is the same

For all the worrying, at the end of the day, the result is the same. Your battery will, eventually, need to be replaced.

Batteries are consumables, and no matter how much you baby them, you won’t be able to avoid replacement. Fortunately, Apple makes this fairly easy.

For Apple’s most expensive laptop, battery replacements only cost $249 and get cheaper depending on your model. If you have AppleCare One or AppleCare+, these replacements are free once it drops below 80%.

If you are ambitious enough, you can even replace the battery by yourself and save some money. Apple and third-party sites offer components and tools to get the job done.

Apple’s emphasis on longevity with its products is to be applauded. I think for the average user, Optimized Charging is a great balance of utility and battery health.

The users who want to extend the battery health for as long as possible have their own built-in features. And Apple still is offering official replacements for laptops from nearly a decade ago when they do need replacing.

Battery health can be a bit anxiety-driving, but the tools and support options should come together to put your fears at ease. With some common-sense actions, you should be able to get the most out of your Mac and its battery for years.

With Bluetooth speakers (especially portable ones), battery life is an area that I don’t think gets enough attention.

Considering this a product you’ll be taking with you on your outdoor adventures, you will a) want to make sure it’s fully charged and b) that it lasts for as long as it says it does.

That’s not always the case.

What the brand says on its website and packaging is likely true, but there’s small print that buyers often overlook, resulting in performance that’s not always what you expect.

Is it the brand’s fault for not fully disclosing the details around battery life, or an issue that’s more complicated than just that?

Advertisement

Very hush hush

This has always been an issue for me, but in reviewing a number of Bluetooth speakers from JBL and Marshall, it highlighted the issue more.

Every reviewer has their approach to assessing battery life. Some will take the brand at its word and, in their review, declare the same figure. Others will use the speaker as their main one, and while they’re not totting up the exact hours, they’ll generally monitor how long (over several days) the battery life has lasted before the speaker needs a recharge.

Advertisement

Others will go into more depth but have different approaches. Speaking for myself, I use my own Spotify playlist, which is a library of all the tracks I’ve liked on the service since… forever. I’ll put it on shuffle so (in theory) it should never be the same tracks playing in the same order. There’s nothing scientific about it; I just prefer the variation that, in my head, mimics the different tastes of tracks that people might play on their speakers at any time. You might think that’s nonsense, but it’s my nonsense.

Most of the time I leave this playing at around 50% volume, and check in every hour to see how much battery has been depleted. I do not play the speaker until the battery dies. I’ll then take an average and calculate how much that would be and see if it adds up to the brand’s claimed battery life. Most of the time, it does not.

Advertisement

This is because when brands test battery life, they’re often testing at lower volume. The drivers inside a speaker generate magnetic fields that feed an electrical signal into the drivers, the push and pull motion of the drivers that’s converted into the sound energy that you hear. At higher volumes there’s obviously a greater sense of loudness, more energy being fed into the drivers and therefore more energy used – and vice versa for lower volumes.

So technically speaking, it’s not as if brands are telling a lie. But if you’re like me, you’re playing music at 50% volume, if not higher. When you first turn on a speaker, it’s often at its default level. Rarely have I ever thought of lowering the volume from that point.

So if the volume is set at 50% by default, why bother testing at lower volumes? That I’m not altogether sure of. I could be cynical and say it’s for the marketing, but I suspect the sound has been tuned at a certain volume and then scaled to make sure the drivers offer a similar response across a range of volumes – high and low.

Advertisement

But still, why not just make it clearer that the volume is taken from a specific level?

No universal method

This has become a problem recently has brands seem to have a different approach to calculating the battery life for speakers. They don’t necessarily use a universal method. What JBL does is probably different from Sony, from Marshall, from Sonos, from Bose.

Advertisement

The equipment used is likely different based on what they think their customer base is most likely to use. So what can we do about it?

Advertisement

I have no idea.

There’s no incentive for anything to change; there aren’t any repercussions because, technically, the speaker can achieve that battery life – just probably not at the volume you’d normally play it at. If you complain that the battery life is not that good, they’re likely to ask you what volume you’re playing music at.

I should be fair and say that there are times when I’ve used my approach and battery life has been right on the money. But, in general, I think that audio brands should be a little upfront about what their speakers are truly capable of. I want a speaker to last, but it needs to meet the target in the first place.

Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application.

MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a central automation orchestrator to schedule and manage file transfers between different systems, including local servers, cloud storage, and external partners.

Tracked as CVE-2026-4670, the security flaw affects MOVEit Automation versions before 2025.1.5, 2025.0.9, and 2024.1.8. Remote threat actors can exploit it without privileges on the targeted systems in low-complexity attacks that don’t require user interaction.

“We have addressed the vulnerability and the Progress MOVEit Automation team strongly recommends performing an upgrade to the latest version,” the company says in a Thursday advisory. “Upgrading to a patched release, using the full installer, is the only way to remediate this issue. There will be an outage to the system while the upgrade is running.”

The same day, Progress also released security updates to address a high-severity privilege escalation vulnerability (CVE-2026-5174) stemming from an improper input validation weakness in the same software.

According to a Shodan search shared by PwnDefend cybersecurity consultant Daniel Card, over 1,400 MOVEit Automation instances are exposed online, and over a dozen are linked to U.S. local and state government agencies.

However, there is no information regarding how many of these systems have already been secured against CVE-2026-4670 attacks.

While the company has yet to flag these security issues as exploited in the wild, other MoveIT MFT vulnerabilities have been targeted in attacks in recent years.

For instance, the Clop ransomware gang exploited a zero-day in the MOVEit Transfer secure file transfer platform in an extensive series of data theft attacks in 2023 that affected more than 2,100 organizations and over 62 million individuals, according to Emsisoft estimates.

MFT software is an attractive target for ransomware actors, as seen in previous Clop data-theft campaigns targeting security flaws in Accellion FTA, SolarWinds Serv-U, Gladinet CentreStack, GoAnywhere MFT, and Cleo.

Progress Software says its MOVEit MFT solutions are used by more than 3,000 enterprise organizations and over 100,000 users worldwide.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot

Threat actors across underground forums and chat groups are increasingly crafting structured fraud methods aimed at exploiting weaknesses in work processes of financial institutions. Rather than isolated or opportunistic scams, these discussions reflect an organized, process-driven approach that combines stolen identity data, social engineering, and knowledge of financial workflows.

Within these conversations, smaller institutions, particularly small-sized to mid-sized credit unions, are often referenced as more attractive targets due to perceived gaps in verification systems and limited fraud prevention resources.

Flare researchers recently identified a detailed loan fraud method circulating within one such underground group, outlining how attackers can move through credit checks, identity verification, and loan approval processes using stolen identities while avoiding traditional security triggers.

The approach does not rely on exploiting software vulnerabilities, but instead focuses on navigating legitimate onboarding and lending workflows as if the applicant were genuine.

The structure of the post reflects a methodical approach, breaking down the process from identity use to loan approval in a way that can be consistently replicated, pointing to a more organized use of fraud techniques.

A Process Built on Identity, Not Intrusion

At its core, this approach relies on obtaining sufficient personal data to convincingly impersonate a legitimate borrower. This includes identifiers such as names, addresses, dates of birth, and in some cases, credit-related details.

The process is all digitized, and the attacker is using false identity to submit for a loan. This distinction is critical: the attack does not “break the system,” but he exploits the flaws in its design.

A central component of the method is the ability to pass identity verification checks, particularly those based on knowledge-based authentication (KBA). These systems typically rely on questions derived from:

In practice, much of this information can be reconstructed or inferred from: publicly available data, social media profiles, previously leaked datasets, and aggregated identity records. 

This method highlights how attackers can anticipate and prepare for these checks in advance, effectively turning verification into a predictable step rather than a true barrier.

It demonstrates how what was once considered a strong identity control can quickly be learned, adapted to, and ultimately exploited by cybercriminals, who evolve their identity theft tools specifically to collect and bypass these requirements.

The Fraud Workflow – step by step

1. Identity Acquisition
   
   Stolen personal data is obtained, including full identity details and background information sufficient to impersonate a legitimate individual.

2. Credit Profile Assessment
   
   The attacker reviews the victim’s financial profile to determine loan eligibility and likelihood of approval.

3. Verification Preparation (KBA Readiness)
   
   Additional personal details are gathered to anticipate and correctly answer identity verification questions.

4. Target Selection
   
   Small- to mid-sized credit unions are selected based on perceived weaker verification processes and lower fraud detection maturity.

Advertisement

5. Loan Application Submission
   
   A loan application is submitted using the stolen identity, ensuring consistency across all provided data.

6. Identity Verification Passed
   
   KBA and standard checks are successfully completed, establishing legitimacy.

7. Loan Approval and Fund Release
   
   The institution approves the loan and releases funds through standard channels.

8. Fund Movement and Cash-Out
   
   Funds are transferred to controlled accounts, moved through intermediaries, and withdrawn or converted to complete monetization.

Why Small/Mid Credit Unions Are More Targeted

One of the more notable aspects of the method is its focus on smaller financial institutions. Rather than targeting large banks or highly secured fintech platforms, the approach explicitly leans toward small-sized to mid-sized credit unions, which are perceived as:

• More reliant on traditional identity verification methods 

• Less equipped with advanced behavioral fraud detection 

• More likely to prioritize customer accessibility over strict controls 

While not universally true, this perception alone is enough to influence attacker behavior, driving targeting decisions toward institutions believed to offer a higher success rate.

Recent industry reporting supports this trend. In auto lending alone, fraud exposure is projected to reach $9.2 billion in 2025, with smaller and regional lenders facing increasing pressure from organized fraud schemes.

Cash-Out and Monetization

Once a loan is approved, the operation shifts into its most critical phase – turning access into money. At this point, the attacker has already done the hard part: passing identity checks and establishing trust under a stolen identity. From the institution’s perspective, the process appears legitimate, and funds are released through standard channels just as they would be for a real customer.

The focus then moves to speed and separation. Rather than leaving funds in place, they are quickly moved away from the originating account, often through intermediary accounts that create distance from the source.

This stage overlaps with broader fraud ecosystems, where access to additional accounts and financial channels enables funds to be routed, split, or repositioned to reduce traceability.

What makes this phase particularly effective (and difficult to detect) is that each step mirrors normal financial behavior. Transfers, withdrawals, and account activity are not inherently suspicious on their own.

Instead, the risk lies in how these actions are chained together within a compressed timeframe, allowing attackers to complete the cash-out before detection systems or manual reviews can intervene.

Who is Most at Risk?

The method provides indirect insight into which individuals and institutions are most frequently targeted for identity theft.

• Individuals with Established Credit Histories – Attackers benefit from targeting individuals with strong or stable credit profiles, increasing the likelihood of loan approval.

• Digitally Exposed Individuals – Those with a significant online presence may inadvertently expose personal details that can assist in passing verification checks.

• Customers of Smaller Financial Institutions – Users of small-sized to mid-sized credit unions may face increased exposure if their institutions rely on less advanced fraud detection systems.

This loan scam method offers a clear example of how financial fraud is evolving. Instead of targeting systems directly, attackers are increasingly targeting the processes that surround them, leveraging identity, predictability, and trust to achieve their goals.

As these approaches become more structured and accessible, the line between legitimate activity and fraud continues to blur, making detection more complex and requiring a more adaptive defensive approach.

Learn more by signing up for our free trial.

Sponsored and written by Flare.

Lego and Star Wars have a long history together, and it’s clear that the relationship is as strong as ever. I got to play with the new Lego Star Wars Smart Play sets and, despite being a little gimmicky, they are a whole heap of fun.

The X-Wing build was a lot of fun, and I did get a kick out of the smart brick and the noise it makes. As you fly the X-Wing around, R2-D2 screams, and you can shoot lasers at the press of a button. 

It doesn’t add any bulk to the build either, just a simple brick that has a good volume and several accelerometers to add to the fun. One of the little buildings that comes in the box is an Empire laser turret that makes crashing sounds if you tip it over. It makes me giggle every time I do it.

The X-wing itself uses the brick to great effect. It makes all the movement noises as you fly around, but if you press the red button on top, it moves the brick forward, triggering the accelerometer and making the laser “pew pew” sound. Then, as it moves back into place, the NFC reads the R2-D2 tag and makes its noises as well. It really does work very well.

Overall, the $90 cost of the X-wing feels like a decent deal. The Smart Brick is not tied to the set you have, so it can be used in other sets eventually, and you get the X-wing and three mini sets to play with, too. Plus R2-D2, Leia and Luke minifigs that all make fun noises when they are near the brick.