A judge has ruled that there is a reasonable possibility that Apple illegally paid women less than men, meaning that a class action lawsuit filed on behalf of 12,000 current and former female employees will proceed.Apple admits that the pay disparities exist, but claim that these can be justified by the individual circumstances A long-running controversy for AppleThe issue first came to light back in 2021, when an internal survey organized by members of staff identified a 6% pay disparity between the salaries of male and female employees across technical roles.Around 1,400 technical roles appear in the survey results. The data shows that the median pay for men in mid-level technical roles was 6.25% higher than the median pay of women, and the median pay for white employees in these roles was 5.06% higher than that of non-white employees. Furthermore, the median number of stock grants was 11% later for non-white workers in entry-level and mid-level technical roles than for white workers.Apple responded by stating that it was committed to pay equity but also banned any further internal surveys of this kind.Lawsuit alleging Apple illegally paid women lessA class action lawsuit was filed last year on behalf of 12,000 women who are or were employed by Apple, seeking compensation for underpayment. The suit alleges that the company violated the California Equal Pay Act.Apple attempted to have the case dismissed, admitting that the pay differences existed, but claiming that this was a reflection of individual circumstances rather than a failure to meet its legal requirements for equal pay.However, Arstechnica reports that the judge in the case has rejected this argument, stating that there is sufficient evidence to allow the case to proceed.California Superior Court Judge Ethan P. Schulman filed an order that largely denies Apples motions to strike the class allegations and suspend several class claims []Schulman agreed with employees suing that there was a reasonable possibility that thousands of women in Apples California-based engineering, AppleCare, and marketing divisions experienced similar unequal pay and discrimination as alleged in the complaint.Three specific accusationsWhile nobody is suggesting that the company deliberately set out to pay women less, that is not the bar set by the law. The law requires companies to ensure that they do not have recruitment or appraisal policies or practices which inadvertently lead to this result.Specifically, Apple is accused of three things:Asking for existing salaries, and salary expectations, during recruitmentBasing offers on existing salaries would mean perpetuating existing pay disparities at other companies. Apple ceased to do this after the issue was raised, but does still ask for salary expectations, and it has been established that women are on average less confident than men when it comes to asking for higher salaries.Biased employee appraisalsIts alleged that Apples performance reviews reward men and penalize women for the same behaviors. As an example not specific to Apple, it has sometimes been found that men were praised for assertive behavior while the same actions by women were described as aggressive.Biased talent reviewsApple is also accused of carrying out talent reviews (which appear to differ from individual employee appraisals) which result in men and women of equal talent being awarded unequal pay.Apple will defend the caseApple will fight the case. The company has not responded to this development, but has previously said:Apple has a firm and longstanding commitment to pay equity. Globally, employees of all genders earn the same when engaging in similar work with comparable experience and performance. In the United States, the same is true for employees of all races and ethnicities. We dont ask for salary history during the recruiting process [9to5Mac note: It used to do so]. Our recruiters base offers on Apple employees in similar roles. And every year, we examine the compensation employees receive and ensure that we maintain pay equity.Photo byMina RadonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

The UK government today announced that the Competition and Markets Authority has launched strategic market status investigations into mobile ecosystems, specifically the App Store models of iPhone and Android. The report says it will assess Apples market power, and potential exploitative conduct. This includes options for app distribution to customers, and the terms app developers must agree to to be listed in the App Store in the first place. In summary, this sounds like the UK equivalent of the EUs various enforcements under the umbrella of the Digital Markets Act.The UK investigations include evaluating the amount of competition between the Apple and Google ecosystems, including barriers to entry of rival services. They will also assess whether Apple and Google are abusing their market power of the monopolies of their mobile operating systems, such as what apps are pre-installed on the device and alternative browser choices. It is also assessing the terms that app developers are required to meet in order to be available on the App Store. The deadline for the investigations into both Apple and Googles App Store models is 22nd October 2025, so we have to wait until closer to the end of the year for the results of their findings. Remedies can include fines and interventions of business behavior. In the EU, this saw Apple forced to add support for third-party app marketplaces, web distribution of apps, browser choice screens and other changes. However, they also introduced alternative business terms and fee structures at the same time, which developers like Epic Games and Spotify protest are still unfair. The EU case is ongoing, but you can imagine that Apple will be inclined to try similar strategies in response to the UK Competition and Markets Authority.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of controls to reduce risk while accepting that some attacks will succeed. This methodology relies on detection, response, and recovery capabilities to minimize damage after a breach has already occurred, but it does not prevent the possibility of successful attacks. The good news? Finally, there's a solution that marks a true paradigm shift: with modern authentication technologies, the complete elimination of identity-based threats is now within reach. This groundbreaking advancement moves us beyond the traditional focus on risk reduction, offering organizations a way to fully neutralize this critical threat vector. For the first time, prevention is not just a goalit's a reality, transforming the landscape of identity security.What are Identity-Based Threats?Identity-based threats, such as phishing, stolen or compromised credentials, business email compromise, and social engineering, remain the most significant attack surface in enterprise environments, impacting 90% of organizations [3]. According to IBM's 2024 Cost of a Data Breach Report, phishing, and stolen credentials are the two most prevalent attack vectors, ranked among the most expensive, with an average breach cost of $4.8 million. Attackers using valid credentials can move freely within systems, making this tactic extremely useful for threat actors. The persistence of identity-based threats can be traced back to the fundamental flaws in traditional authentication mechanisms, which rely on shared secrets like passwords, PINs, and recovery questions. These shared secrets are not only outdated but also inherently vulnerable, creating a fertile ground for attackers to exploit. Let's break down the problem:Phishing Attacks: With the rise of AI tools, attackers can easily craft highly convincing traps, tricking users into revealing their credentials through emails, fake websites, and social media messages. No matter how complex or unique a password is, once the user is deceived, the attacker gains access.Verifier Impersonation: Attackers have become adept at impersonating trusted entities, such as login portals or customer support. By mimicking these verifiers, they can intercept credentials without the user ever realizing they've been compromised. This makes the theft not only effective but also invisible, bypassing many traditional defenses.Password Reset Flows: The processes designed to help users regain access after forgetting or compromising a password have become major attack vectors. Attackers exploit social engineering tactics, leveraging bits of information gathered from social media or purchased on the dark web to manipulate these workflows, bypass security measures, and take control of accounts.Device Compromise: Even when advanced mechanisms, such as multi-factor authentication (MFA), are in place, the compromise of a trusted device can undermine identity integrity. Malware or other malicious tools on a user's device can intercept authentication codes or mimic trusted endpoints, rendering these safeguards ineffective.Characteristics of an Access Solution that Eliminates Identity-Based ThreatsLegacy authentication systems are ineffective at preventing identity-based attacks because they rely on security through obscurity. These systems depend on a combination of weak factors, shared secrets, and human decision-making, all of which are prone to exploitation.The true elimination of identity-based threats requires an authentication architecture that makes entire classes of attacks technically impossible. This is achieved through strong cryptographic controls, hardware-backed security measures, and continuous validation to ensure ongoing trustworthiness throughout the authentication process.The following core characteristics define an access solution designed to achieve complete elimination of identity-based threats.Phishing-ResistantModern authentication architectures must be designed to eliminate the risk of credential theft through phishing attacks. To achieve this, they must include: Elimination of Shared Secrets: Remove shared secrets like passwords, PINs, and recovery questions across the authentication process.Cryptographic Binding: Bind credentials cryptographically to authenticated devices, ensuring they cannot be reused elsewhere.Automated Authentication: Implement authentication flows that minimize or eliminate reliance on human decisions, reducing opportunities for deception.Hardware-Backed Credential Storage: Store credentials securely within hardware, making them resistant to extraction or tampering.No Weak Fallbacks: Avoid fallback mechanisms that rely on weaker authentication factors, as these can reintroduce vulnerabilities.By addressing these key areas, phishing-resistant architectures create a robust defense against one of the most prevalent attack vectors.Verifier Impersonation ResistanceRecognizing legitimate links is inherently challenging for users, making it easy for attackers to exploit this weakness. To combat this, Beyond Identity authentication utilizes a Platform Authenticator that verifies the origin of access requests. This approach ensures that only legitimate requests are processed, effectively preventing attacks based on mimicking legitimate sites.To fully resist verifier impersonation, access solutions must incorporate:Strong Origin Binding: Ensure all authentication requests are securely tied to their original source.Cryptographic Verifier Validation: Use cryptographic methods to confirm the identity of the verifier and block unauthorized imposters.Request Integrity: Prevent redirection or manipulation of authentication requests during transmission.Phishing-Resistant Processes: Eliminate verification mechanisms vulnerable to phishing, such as shared secrets or one-time codes.By embedding these measures, organizations can neutralize the risk of attackers impersonating legitimate authentication services.Device Security ComplianceAuthentication involves not only verifying the user but also assessing the security of their device. Beyond Identity stands out as the only Access Management (AM) solution on the market that provides precise, fine-grained access control by evaluating real-time device risk both during authentication and continuously throughout active sessions.A key benefit of a platform authenticator installed on the device is its ability to deliver verified impersonation resistance, ensuring that attackers cannot mimic legitimate authentication services. Another key benefit is its ability to provide real-time posture and risk data directly from the device, such as whether the firewall is enabled, biometrics are active, disk encryption is in place, the assigned user is verified, and more.With the Beyond Identity Platform Authenticator, organizations can guarantee user identity through phishing-resistant authentication while simultaneously enforcing security compliance on the devices requesting access. This ensures that only trusted users operating secure devices are granted access to your environment.Continuous, Risk-Based Access ControlAuthenticating the user and validating device compliance at the point of access is an important first step, but what happens if a user changes their device configurations? Even legitimate users can unknowingly create risks by disabling the firewall, downloading malicious files, or installing software with known vulnerabilities. Continuous evaluation of both device and user risks is essential to ensure that no exploitable device becomes a gateway for bad actors.Beyond Identity addresses this by continuously monitoring for any changes in the user's environment and enforcing automated controls to block access when configuration drift or risky behavior is detected. By integrating signals from the customer's existing security stack (such as EDR, MDM, and ZTNA tools) alongside native telemetry, Beyond Identity transforms risk insights into actionable access decisions. This enables organizations to create policies tailored precisely to their business needs and compliance requirements, ensuring a secure and adaptable approach to access control.Identity Admins and Security Practitioners - Eliminate Identity Attacks in Your OrganizationsYou likely already have an identity solution in place and may even use MFA. The problem is, these systems are still vulnerable, and attackers are well aware of how to exploit them. Identity-based attacks remain a significant threat, targeting these weaknesses to gain access.With Beyond Identity, you can harden your security stack and eliminate these vulnerabilities. Our phishing-resistant authentication solution ensures both user identity and device compliance, providing deterministic, cutting-edge security. Get in touch for a personalized demo to see firsthand how the solution works and understand how we deliver our security guarantees. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

Jan 23, 2025Ravie LakshmananVulnerability / Network SecuritySonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day.The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system."Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands," the company said in an advisory.It's worth noting that CVE-2025-23006 does not affect its Firewall and SMA 100 series products. The flaw has been addressed in version 12.4.3-02854 (platform-hotfix).SonicWall also said that it has been notified of "possible active exploitation" by unspecified threat actors, necessitating that customers apply the fixes as soon as possible to prevent potential attack attempts.The company credited the Microsoft Threat Intelligence Center (MSTIC) with discovering and reporting the security shortcoming."To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC)," the company recommended.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

As cybersecurity spending grows, so has cybercrime. According to the latest data from the FBI's Internet Crime Complaint Center (IC3), in 2023, a record-breaking 880,418 complaints were filed by the American public, highlighting a significant rise in cybercrime reports compared to previous years.Cyber criminals are refining and scaling their attack methods using artificial intelligence and other tools, so companies must incorporate proactive methods powered by AI, in addition to defensive methods that minimize risks and maximize security.Red teams are an integral part of a proactive security approach that companies can leverage to enhance defenses against adversaries. They play a critical role in determining a companys readiness to prevent cyberattacks by measuring the current security of the target from the threat actors perspective and then recommending improvements designed to prevent harm.While blue teams tend to focus on strengthening defense strategies and responding to incidents, red teams look to identify weaknesses and act in the same manner as an adversary would. By studying the tactics of real-world threat actors and implementing exercises that mimic their attacks, red teams can offer recommendations to help prepare for and disrupt potential threats.Related:Since its inception, the Adobe security red teams value has been felt across the company. By performing active testing using customized toolkits, they can effectively evaluate our preparedness to defend against real-world adversaries and scenarios.Here are the top five strategies I recommend to others looking to implement an effective red team:1. Imitate real-world adversaries: Red teams should be familiar with adversaries and their actions to better understand motivations and possible future scenarios. A global knowledge base like MITRE ATT&CK tracks tactics and techniques based on real-world occurrences and allows companies to gather cataloged and recorded threat intelligence. Reviewing reports from the Cyber Security Review Board can yield ideas on security approaches that are known to be ineffective.2. Replicate hypothetical attack scenarios: Another important capability of red teaming is anticipating and getting ahead of malicious attempts. Simulating techniques by cyber criminals enables red teams to explore theoretical paths that could lead to services or data being compromised.During a simulation, the red team explores hypothetical attacks, such as escalating privileges and moving laterally between systems, which could ultimately cause harm to an organization if the right defenses arent in place. These simulations provide an in-depth understanding while analyzing a myriad of possible attack vectors. After the exercise, the red team should share findings with key stakeholders to enhance controls based on their expertise.Related:3. Develop a customized toolkit: A customized toolkit can help red teams more efficiently perform exercises similar to advanced attackers. These tools may include:Custom exploits that allow the red team to manipulate systems and gain initial access for further attacks. This doesnt necessarily mean identifying completely new vulnerabilities, you can leverage code that an adversary would write to tailor an exploit attempt to be most effective in your environment.Software to effectively communicate with compromised machines (often referred to as Command and Control or C2 for short).Post-exploitation modules that target a companys services and execute them after a system is compromised.Developing these capabilities over time allows teams to stay up to date with the rapidly growing complexity of cyber-attack methods. However, the cost of developing a custom toolkit can be high, so dont let it stop you from using whatever is available from the wider security community for your team to be effective.Related:4. Enhance operations with the help of AI: Because bad actors are using AI, companies benefit from using AI in their own efforts to stay ahead of threats. Red teams can leverage AI tools to better understand the actions of real-world threats. For example, AI can be used to scale the effort of testing defenses, helping red teams get better at discovering and subsequently defending against potential threats. It can save the team time on learning new coding languages and developing tools, since it can help a red teamer to better understand a piece of code more quickly.5. Collaborate with blue teams: Probably the most crucial piece of effective red teaming is the collaboration with blue teams to enhance detection and response capabilities. This allows blue teams to test whether their assumptions of the environment theyre trying to protect hold true. Purple team exercises are joint engagements between red and blue teams. The red team simulates attack actions for the blue team, which then verifies that it detected the attempt, and if not, would have had sufficient logs to detect the actions. The collaboration helps both teams develop more effective threat detection methods.When a company uses red teams to better understand and anticipate adversarial scenarios, they can be more focused and make security investments where they make the most impact. Red teaming is a helpful element of a comprehensive cybersecurity strategy. It should always be integrated with robust technical controls, and a culture that prioritizes security and threat awareness to defend against cyber threats effectively.

In a letter sent today, the acting DHS secretary terminated membership to all advisory boards, including the Cyber Safety Review Board (CSRB) tasked with investigating state-sponsored cyber threats against the US.

It might sound like something straight out of the 19th century, but one of the most cutting-edge areas in energy today involves drilling deep underground to hunt for materials that can be burned for energy. The difference is that this time, instead of looking for fossil fuels, the race is on to find natural deposits of hydrogen. Hydrogen is already a key ingredient in the chemical industry and could be used as a greener fuel in industries from aviation and transoceanic shipping to steelmaking. Today, the gas needs to be manufactured, but theres some evidence that there are vast deposits underground. Ive been thinking about underground resources a lot this week, since Ive been reporting a story about a new startup, Addis Energy. The company is looking to use subsurface rocks, and the conditions down there, to produce another useful chemical: ammonia. In an age of lab-produced breakthroughs, it feels like something of a regression to go digging for resources, but looking underground could help meet energy demand while also addressing climate change. Its rare that hydrogen turns up in oil and gas operations, and for decades, the conventional wisdom has been that there arent large deposits of the gas underground. Hydrogen molecules are tiny, after all, so even if the gas was forming there, the assumption was that it would just leak out. However, there have been somewhat accidental discoveries of hydrogen over the decades, in abandoned mines or new well sites. There are reports of wells that spewed colorless gas, or flames that burned gold. And as people have looked more intentionally for hydrogen, theyve started to find it. As it turns out, hydrogen tends to build up in very different rocks from those that host oil and gas deposits. While fossil-fuel prospecting tends to focus on softer rocks, like organic-rich shale, hydrogen seems most plentiful in iron-rich rocks like olivine. The gas forms when chemical reactions at elevated temperature and pressure underground pull water apart. (Theres also likely another mechanism that forms hydrogen underground, called radiolysis, where radioactive elements emit radiation that can split water.) Some research has put the potential amount of hydrogen available at around a trillion tonsplenty to feed our demand for centuries, even if we ramp up use of the gas. The past few years have seen companies spring up around the world to try to locate and tap these resources. Theres an influx in Australia, especially the southern part of the country, which seems to have conditions that are good for making hydrogen. One startup, Koloma, has raised over $350 million to aid its geologic hydrogen exploration. There are so many open questions for this industry, including how much hydrogen is actually going to be accessible and economical to extract. Its not even clear how best to look for the gas today; researchers and companies are borrowing techniques and tools from the oil and gas industry, but there could be better ways. Its also unknown how this could affect climate change. Hydrogen itself may not warm the planet, but it can contribute indirectly to global warming by extending the lifetime of other greenhouse gases. Its also often found with methane, a super-powerful greenhouse gas that could do major harm if it leaks out of operations at a significant level. Theres also the issue of transportation: Hydrogen isnt very dense, and it can be difficult to store and move around. Deposits that are far away from the final customers could face high costs that might make the whole endeavor uneconomical. But this whole area is incredibly exciting, and researchers are working to better understand it. Some are looking to expand the potential pool of resources by pumping water underground to stimulate hydrogen production from rocks that wouldnt naturally produce the gas. Theres something fascinating to me about using the playbook of the oil and gas industry to develop an energy source that could actually help humanity combat climate change. It could be a strategic move to address energy demand, since a lot of expertise has accumulated over the roughly 150 years that weve been digging up fossil fuels. After all, its not digging thats the problemits emissions. Now read the rest of The Spark Related reading This story from Science, published in 2023, is a great deep dive into the world of so-called gold hydrogen. Give it a read for more on the history and geology here. For more on commercial efforts, specifically Koloma, give this piece from Canary Media a read. And for all the details on geologic ammonia and Addis Energy, check out my latest story here. Another thing Donald Trump officially took office on Monday and signed a flurry of executive orders. Here are a few of the most significant ones for climate: Trump announced his intention to once again withdraw from the Paris agreement. After a one-year waiting period, the worlds largest economy will officially leave the major international climate treaty. (New York Times) The president also signed an order that pauses lease sales for offshore wind power projects in federal waters. Its not clear how much the office will be able to slow projects that already have their federal permits. (Associated Press) Another executive order, titled Unleashing American Energy, broadly signals a wide range of climate and energy moves. One section ends the EV mandate. The US government doesnt have any mandates around EVs, but this bit is a signal of the administrations intent to roll back policies and funding that support adoption of these vehicles. There will almost certainly be court battles. (Wired) Another section pauses the disbursement of tens of billions of dollars for climate and energy. The spending was designated by Congress in two of the landmark laws from the Biden administration, the Bipartisan Infrastructure Law and the Inflation Reduction Act. Again, experts say we can likely expect legal fights. (Canary Media)Keeping up with climate The Chinese automaker BYD built more electric vehicles in 2024 than Tesla did. The data signals a global shift to cheaper EVs and the continued dominance of China in the EV market. (Washington Post) A pair of nuclear reactors in South Carolina could get a second chance at life. Construction halted at the VC Summer plant in 2017, $9 billion into the project. Now the sites owner wants to sell. (Wall Street Journal) Existing reactors are more in-demand than ever, as I covered in this story about whats next for nuclear power. (MIT Technology Review) In California, charging depots for electric trucks are increasingly choosing to cobble together their own power rather than waiting years to connect to the grid. These solar- and wind-powered microgrids could help handle broader electricity demand. (Canary Media) Wildfires in Southern California are challenging even wildlife that have adapted to frequent blazes. As fires become more frequent and intense, biologists worry about animals like mountain lions. (Inside Climate News) Experts warn that ash from the California wildfires could be toxic, containing materials like lead and arsenic. (Associated Press) Burning wood for power isnt necessary to help the UK meet its decarbonization goals, according to a new analysis. Biomass is a controversial green power source that critics say contributes to air pollution and harms forests. (The Guardian)

Irvine ranks as the fourth-fastest city for fixed broadband in the US. Here are the ISPs that deliver the best speed and value.

It's a known fact that using different beans and preparation styles can lead to two vastly different cups of coffee. But at the end of it all, everyone wants that caffeine fix at the start of the day.Now, two preparation styles are all too popular: the traditional drip-style brew and the quick-fix espresso. If you've been wondering which might be the right fit for you, here's a useful breakdown to help you understand how much caffeine you might be consuming and where to draw the line. Espresso packs more caffeine despite its small size Espresso shots may be small but ounce-for-ounce they pack a bigger punch of caffeine than drip coffee. Getty Images Upgrade your inbox Get cnet insider From talking fridges to iPhones, our experts are here to help make the world a little less complicated. The simple answer is that espresso contains more caffeine per ounce than a standard drip coffee, which means you'll get a much bigger burst of energy from sucking down a shot of the stuff.The difference between drip coffee and espresso beans comes down to how each is brewed. Espresso beans are brewed using intense pressure to force out a couple of ounces of concentrated coffee. Drip coffee results from hot water moving through ground beans at the speed of gravity. The slower brewing process creates a more diluted drink, but one that is often consumed in higher volumes.On average, an espresso contains around 63 milligrams of caffeine per ounce.Starbucksserves 75 milligrams of caffeine in each of its .75-ounce espresso shots.Dunkin Donuts claims a hefty 118 milligrams per shot. In comparison, drip coffee ranges from around 12 to 16 milligrams of caffeine per ounce.How much caffeine is in your morning cup is more complex. After all, when was the last time you sipped a thimble-sized cup of java?Caffeine content depends on the volume and style of bean Arabica coffee has roughly half the amount of caffeine as robusta. Tyler Lizenby/CNETThe actual amount of caffeine in an espresso or drip coffee varies depending on the type of bean used. The majority of the coffee sold and consumed around the world is arabica coffee -- regardless of the roast or style -- and is said to contain half the amount of caffeine as the heartier robusta coffee bean. Most brands use arabica beans, but sometimes they'll blend both types together to gain that extra kick of energy.It's also common for lattes and cappuccinos to include two shots of espresso in a 12-ounce drink. You can count on about 126 to 150 milligrams of caffeine if sipping a double shot. Starbucks is an exception since two espresso shots are reserved for 16-ounce Grande and 20-ounce Venti-sized drinks unless you specify otherwise. A 10-ounce drip coffee at most retailers will pack between 180 and 240 milligrams of caffeine. Boy_Anupong/Getty ImagesEspresso is notorious for offering an almost instant jolt, but the amount of caffeine in drip coffee easily overpowers espresso in a single serving. A 10-ouncesmall coffee at Dunkin Donuts jumps to 180 milligrams of caffeine. A robust 12-ounce cup of Starbucks Pike Place roast offers 235 milligrams. Based on how much coffee is served by volume, a cup of coffee has much more caffeine than a couple of shots of espresso in a latte or cappuccino.Comparing caffeine in drip coffee or espresso isn't an exact science, but you should always consider volume to limit or maximize your caffeine allotment.FAQs Does espresso have more caffeine than drip coffee? Espresso has more caffeine per ounce than drip coffee does. Variables such as the bean blend and volume of your drink will alter the precise amount of caffeine you're consuming each time you go back to the coffee pot, which means that a cup of drip coffee will still generally have more caffeine in it than a shot of espresso.Choosing one type of coffee over the other will depend on how quickly you want that jolt of energy, as well as how much you're looking to drink overall. How much caffeine is in lattes and cappucinos? When you order a latte or a cappucino, there are usually two shots of espresso in each product. That means you're imbibing somewhere between 120 and 150 milligrams of caffeine in each drink. Which has more caffeine, espresso or tea? We already know that an espresso has more caffeine per ounce than drip coffee, however this equation changes when you consider a mug of drip coffee. But if you bring an eight ounce cup of black tea into the conversation, a single shot of espresso will still be more potent with its caffeine kick.

UK set to pile pressure on Apple and Google app store dominance, as fresh investigation launchedCampaign group says excessive profits cost UK users 4bn a year.Image credit: Adobe / Apple / Google / Eurogamer News by Tom Phillips Editor-in-Chief Published on Jan. 23, 2025 The UK's Competition and Markets Authority (CMA) is investigating further action against mobile giants Apple and Google, as part of a fresh push to potentially limit their app store dominance.Today, the CMA launched its new investigation and announced its first step: a consultation on whether to designate the two companies as having key Stategic Market Status (SMS). This label would grant the authority fresh powers to intervene in how Apple and Google's mobile operating systems and app stores are run, using powers granted by last year's Digital Markets, Competition and Consumer Act.For now, the CMA has begun an "invitation to comment" phase, which lasts until 12th February. This involves seeking responses from individuals, groups and businesses on their views of how Apple and Google's mobile ecosystems are run. The CMA's conditions for labelling a company as an SNS rest on whether it meets at least one of three conditions: having a UK turnover of more than 1bn (or a global turnover of 25bn), having "substantial and entrenched market power", and having "a position of strategic significance" that sees it able to substantially influence how other firms behave.Eurogamer has contacted Apple and Google for comment.The Coalition for App Fairness, a group backed by Fortnite maker Epic Games, as well as the companies behind Spotify, Tinder and Checkatrade, responded positively to today's news."We welcome today's consultation from the CMA, the first step in ensuring Apple and Google are finally held accountable for their market dominance," reads a statement from the Coalition for App Fairness sent to Eurogamer. "Extensive CMA investigations have revealed the real harm being caused by these monopolistic practices - excess profits made by Apple and Google in mobile app ecosystems are costing UK consumers 4bn a year. "We look forward to working with the CMA to deliver strong, clear rules that will finally require these gatekeepers to play fair, creating genuine competition that benefits everyone."Epic Games launched its own mobile app store last year worldwide on Android devices, and on iOS in the European Union - where legislation forces Apple to allow competing app stores to operate. The company behind Fortnite is keen to gain its own foothold on both platforms after being kicked off both the Apple App Store and Google Play previously for deliberately breaking their store terms - something which company boss Tim Sweeney said had cost Epic Games around $1bn and has consistently complained that it must jump through hoops on both Apple and Google ecosystems, as it attempts to launch a rival shop front that disrupts their dominance.Earlier this month, the CMA first announced plans to investigate whether Google, which it says accounts for more than 90 percent of all search queries within the UK, should be labelled with SMS status for its search and search advertising services.If the CMA decides either company should be designated with SMS status, the authority states that it will be able to "guide the behaviour" of each firm, "tackling conduct that could undermine fair competition, or exploit people and businesses". Direct action could be taken through "Pro-Competition Interventions", which allow the CMA to "address specific competition problems arising from a firm's market power in a particular digital activity".In other words, the CMA could have the legal power to tell Apple it must allow rival app stores on iPhone, as in the European Union.Last year, the CMA closed an earlier, long-running investigation into Apple's app store based on powers granted by the UK's older Competition Act. At the time, the authority highlighted the potential for a speedier investigation under the newer DMCC, which would allow it to address issues "in a more timely, holistic, and flexible manner". The CMA now expects to have reached a decision on Apple and Google's SMS status within nine months.