John Ternus has been talking about focusing on Apple’s core strength of design once he takes over as CEO, and a now a questionable report extrapolates that this means he’ll shake up the design team.
John Ternus is now best known for taking over as Apple CEO from Tim Cook, but as recently as January 2026, he took control of the firm’s design team. Now according to Bloomberg, far from leaving that because of other CEO duties, he is planning to continue working on Apple’s whole design philosophy.
Reportedly, Ternus told staff that under him, Apple will “keep focusing on design, because design is core to what we do in Apple.”
He said that Apple has brought “truly incredible design” to customers, and done so more than any other firm. Ternus claims that the best-designed item that most customers have, is an Apple product.
“We’re going to make sure that stays the case,” he said.
There are no further details, although the report echoes claims from January 2026 that Ternus plans a shakeup of the design teams. What is clear, though, is that this is going to mark a clear difference between Ternus and his predecessor, Tim Cook.
Cook was once criticized by Steve Jobs for not being a product person, in the way that Jobs or Jony Ive would obsess over them. It’s repeatedly been reported that Cook did not often visit the design teams, and now it’s said that Ternus has already devoted a lot of his time to the design division.
The first products to come out under Ternus’s aegis will be the iPhone 18 range in September 2026, the month he officially takes over. It’s said that Apple is aiming to mark the 20th anniversary of the original iPhone with a series of new devices, including a new iPhone Fold, and AirPods with cameras, in 2027.
Even those, though, are already at the testing stage. So while Ternus has been involved with them, it could take a couple of years before Apple releases a device that was made entirely on his watch.
Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft.
A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for ransomware crews, data thieves, and other cybercriminals trying to hide in plain sight.
“The coordinated action took place between 19 and 20 May and targeted the infrastructure behind one of the most widely used VPN services in the cybercrime underground.” reads the press release published by Europol. “The gathered intelligence exposed thousands of users linked to the cybercrime ecosystem and generated operational leads connected to ransomware attacks, fraud schemes, and other serious offences worldwide.”
Authorities seized dozens of servers across 27 countries, arrested the administrator, and carried out a search in Ukraine, cutting off an infrastructure that had been used in a wide range of serious investigations.
The service marketed itself as a privacy-first VPN with no logging and no cooperation with law enforcement, which made it appealing not just to ordinary users but also to threat actors looking to mask their activity. That’s the uncomfortable part of the VPN story: the same tools that help people protect privacy on public Wi-Fi or work securely from home are also useful for criminals who want to conceal their origin, route traffic through different regions, and make attribution harder.
“For years, the service, known as ‘First VPN’, was promoted on Russian-speaking cybercrime forums as a trusted tool for remaining beyond the reach of law enforcement. It offered users anonymous payments, hidden infrastructure, and services designed specifically for criminal use.” continues the press release. “‘First VPN’ had become deeply embedded in the cybercrime ecosystem, appearing in almost every major cybercrime investigation supported by Europol in recent years. Criminals used it to conceal their identities and infrastructure while carrying out ransomware attacks, large-scale fraud, data theft, and other serious offences.”
Europol said the service name kept resurfacing in major cybercrime cases, and Eurojust confirmed that investigators had been building the case for years through a joint effort led by French and Dutch authorities.
What seems to have made this case especially valuable for investigators is that they didn’t just shut the service down, they also got inside its infrastructure before it disappeared. That likely gave them access to user records, connection data, and other evidence that can be used to map criminal activity back to real people and devices.
Authorities dismantled cybercrime infrastructure, including 33 servers and a service based in Ukraine, and seized domains linked to the operation: 1vpns.com, 1vpns.net, 1vpns.org, plus associated onion sites. They also notified users directly and shared information on hundreds of accounts with international partners, which suggests this may lead to follow-on investigations well beyond the VPN itself.
The bigger lesson is simple: privacy tools are not the problem, but criminal operators often rely on the same infrastructure normal users trust. Once that infrastructure is compromised, dismantled, or logged, the illusion of anonymity can disappear very quickly.
“The operation has already generated significant operational results at Europol’s level:
21 Europol-supported investigations advanced through the intelligence obtained.”
83 intelligence packages disseminated;
information linked to 506 users shared internationally;
“For years, cybercriminals saw this VPN service as a gateway to anonymity. They believed it would keep them beyond the reach of law enforcement. This operation proves them wrong. Taking it offline removes a critical layer of protection that criminals depended on to operate, communicate and evade law enforcement.” said Edvardas Šileris, Head of Europol’s European Cybercrime Centre
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
May 21, 2026
