Pet projects can be terrific, especially when they come from a legendary musician finally making the album he always had in his head. In the liner notes to Peregrine, drummer Peter Erskine puts it plainly: “This is the album I always wanted to make.”

He is joined by pianist Alan Pasqua, whose résumé includes the New Tony Williams Lifetime, Bob Dylan, and Santana, and bassist Scott Colley, who has worked with Herbie Hancock, Bobby Hutcherson, and Joshua Redman. Together offering a combination of heartfelt originals and choice covers, the group delivers a lush, beautifully recorded analog jazz experience.

Peregrine embraces post-bop to pop sensibilities in a jazz mode, opening with Pasqua’s soulful “Gumbo Time.” They then dive into Keith Jarrett’s title track from his 1978 Impulse Records LP “Bop Be” (the first Jarrett album I ever bought, by the way!). The group transforms some classic pop into compelling jazz voyages in a totally refreshing manner such as on Jimmy Webb’s iconic “Wichita Lineman.” Phoebe Snow’s “Poetry Man” features fine guest vocals by Kate Lamont and additional saxophone and percussion from Bob Shepherd and Brian Kilgore.

Peregrine significantly also pays homage to the recently departed Brian Wilson, covering his gorgeous, iconic composition “God Only Knows.” This performance is particularly special to me not only as a fan of Wilson’s music but because just last year I was utterly blown away by The Julian Shore Trio’s take on another Pet Sounds-era Wilson composition, “Don’t Talk” (found on their brilliant LP Sub Rosa, which I reviewed in case you missed it).

Seriously, between these two tremendously beautiful tracks, I can easily envision a super compelling, poignant jazz tribute album to Brian Wilson being assembled. (Just sayin’ to all you music-industry powers-that-be out there reading this!). 

Perhaps my favorite tune on Peregrine, however, closes the album: a haunting hushed meditation by Erskine called “On The Lake” which beautifully captures the essence of stillness through music. A remarkably understated and beautiful performance, this is very much one of those tracks where less is clearly more.

Produced at Reelsounds Studio in Illinois, album liner notes reveal that the album is likely an all-analog recording, and pretty much captured in first takes. The recording has that kind of energy to it. Accordingly, the vinyl pressing delivers a very warm, rich and welcoming portrait of the band in the studio. 

This music feels fluid, with particularly rich natural presence and decay on Erskine’s sensitive drum and cymbal work — listen for those crips rides and wave-like splashes on “Bop Be”! — and Pasqua’s piano (check out those long held single notes on “Wichita Lineman”). Even though Mr. Erskine is the most well-known member of the group playing arguably the (potentially) loudest instrument, unlike many vintage jazz albums led by drummers (ie. Krupa, Blakey, Jones, etc), Peregrine presents the music as very much a balanced group sound. 

Mastered by Jeff Powell at Takeout vinyl in Memphis, Peregrine is pressed on dark, quiet, perfectly well centered standard weight black vinyl, so the music appears transparently, and naturally out of your speakers. Peregrine is the work of serious music professionals creating music from the heart. Well worth your attention.

An independent release from Hard Wag Records, you can get Peregrine online at Amazon for $27.99.

Mark Smotroff is a deep music enthusiast / collector who has also worked in entertainment oriented marketing communications for decades supporting the likes of DTS, Sega and many others. He reviews vinyl for Analog Planet and has written for Audiophile Review, Sound+Vision, Mix, EQ, etc.  You can learn more about him at LinkedIn.

Looking for the most recent Connections answers? Click here for today’s Connections hints, as well as our daily answers and hints for The New York Times Mini Crossword, Wordle, Connections: Sports Edition and Strands puzzles.

Oof, the purple category in today’s NYT Connections puzzle is a real challenge. Read on for clues and today’s Connections answers.

The Times has a Connections Bot, like the one for Wordle. Go there after you play to receive a numeric score and to have the program analyze your answers. Players who are registered with the Times Games section can now nerd out by following their progress, including the number of puzzles completed, win rate, number of times they nabbed a perfect score and their win streak.

Read more: Hints, Tips and Strategies to Help You Win at NYT Connections Every Time

Hints for today’s Connections groups

Here are four hints for the groupings in today’s Connections puzzle, ranked from the easiest yellow group to the tough (and sometimes bizarre) purple group.

Yellow group hint: Barn is another one.

Green group hint: Workers’ rights.

Blue group hint: Items for very specific events.

Purple group hint: Take a word, add a letter.

Answers for today’s Connections groups

Yellow group: Farm fixtures.

Green group: Labor protest actions.

Blue group: Objects used in ritual performances.

Purple group: Possessive adjectives plus a letter.

Read more: The One Wordle Hack That Can Save Your Winning Streak

What are today’s Connections answers?

The yellow words in today’s Connections

The theme is farm fixtures. The four answers are coop, pen, shed and stable.

The green words in today’s Connections

The theme is labor protest actions. The four answers are march, picket, rally and strike.

The blue words in today’s Connections

The theme is objects used in ritual performances. The four answers are drum, mask, rattle and staff.

The purple words in today’s Connections

The theme is possessive adjectives plus a letter. The four answers are herb (her), hiss (his), itsy (it) and Mya (my).

The union representing staff at Apple Towson Town Center has announced a public rally for May 27, 2026, protesting against Apple’s treatment of its workers.

Apple Towson is not the only store that Apple has decided to close, but it is the only unionized one. It was the first Apple Store to unionize, and the International Association of Machinists and Aerospace Workers (IAM) Union claims that its members are being discriminated against because of this.

Known as the Machinists’ Union for short, it has now announced a public protest.

“[Elected] officials, “labor allies, and community leaders will hold a #DoRightApple public solidarity rally on Wednesday, May 27,” says the union, “to demand accountability from Apple and support for the nearly 90 IAM Local 4538 members facing job loss.”

Apple has said that it is closing this store, and two others in June 2026, because of changes in the shopping malls where they are based.

“Following the departure of several retailers and declining conditions at Trumbull Mall, the Shops at North County, and Towson Town Center,” said Apple when the closures were announced, “we’ve made the difficult decision to close our stores at these locations.”

Local council members have objected to Apple’s decision to close the store. But the Machinists’ Union is calling out Apple over how it is treating its members differently from staff in the non-unionized stores.

Specifically, Apple has said that staff from those stores can continue in their jobs at other Apple Store locations. For the Towson store, it says those staff are “eligible to apply for open roles at Apple in accordance with the collective bargaining agreement.”

That agreement is the one established between Apple and the union. However, the Machinists’ Union claims that there is no clause in it which would prohibit Apple from relocating its staff.

The Machinists’ Union has previously filed an Unfair Labor Practice charge against Apple with the National Labor Relations Board (NLRB). The NLRB has previously been successful in accusing Apple of illegal union-busting activities.

This public protest rally on May 27 will start at 11 a.m. Eastern at Patriot Plaza, 400 E. Washington Ave., Towson, Md., just over half a mile away from the store. It will be streamed live on the Machinists’ Union’s Facebook page.

The $20B search engine preference deal with Apple was “fair and square,” Google insists in its antitrust appeal against the Department of Justice.

In August 2024, a court ruled that Google was a monopolist in the U.S. Department of Justice’s antitrust lawsuit against Alphabet. One that involved an investigation into Google’s $20 billion deal with Apple to make Google the preferred search engine of Safari.

On May 22, Google filed its appeal against federal rulings that it held illegal monopolies in search and advertising.

The filing posted by Reuters covers many areas, including that Judge Amit Mehta made legal errors in his 2024 ruling. Google doesn’t believe that it had illegally blocked competitors with its search deal, but really, it’s because Apple chose it.

In the filing, Google claims that, whether the court believes Google has monopoly power or not, it “did nothing” to harm competition. Google didn’t block rivals to make their own offers, and it didn’t block Apple from choosing a better one either.

There is no evidence that Google’s customers would have chosen a rival, even if those agreements didn’t exist, it continues.

It even pointed to Apple’s conclusion that the Microsoft rival Bing was “inferior” and “horrible at monetizing advertising,”

“Google just prevailed in the marketplace fair and square,” it declares.

Apple could’ve promoted other engines, the filing explains, and that Safari also does list alternative options within its settings. Ultimately, Google says that the court interpreted there to be “exclusivity” when really it was for “sound business reasons” on Apple’s part.

Aiming for a reversal

While Google has managed to escape major injury from the lawsuit, it still has some duties to take care of.

The later ruling was in September 2025, when it was decided that Google didn’t have to sell off Android or Chrome. It was also permitted to continue its $20 billion search deal with Apple.

However, it was decided that Google had to share search data with its competitors.

The appeal is an attempt to go back on this and other remedies that Google was ordered to carry out. Reversing the ruling wouldn’t affect things like the Apple search deal, but it would stop the data-sharing requirement entirely.

A section of the appeal discusses how this applies to rival companies that, to Google, shouldn’t be classed as such. Specifically, companies that deal strictly with AI.

To Google, it has to share data with firms like OpenAI, which is behind ChatGPT, which doesn’t offer its own general search engine. They provide answers that reference what would normally be search results.

Google argues that it is wrong to be forced to supply data to OpenAI as a rival. Generative AI products didn’t really exist in a substantial way at the time, so the court couldn’t incorporate ChatGPT and others as rivals when considering its ruling.

AI companies are already massively succeeding, without any need to “free-ride on Google’s success,” it proposes. As such, Google believes that the data-sharing remedies shouldn’t apply to AI companies that don’t offer a general search engine.

At the time of publication, the court has not responded nor scheduled any further courtroom activity. Based on typical scheduling patterns, the case could continue in late 2026, or even in 2027.

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages.

Security firms StepSecurity, Aikido Security, and Socket warned about the compromise on Friday, warning that attackers had rewritten GitHub tags across four repositories maintained by the Laravel Lang organization rather than publishing entirely new malicious versions.

The affected packages include laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and possibly laravel-lang/actions. The Laravel Lang packages are third-party localization packages and are not part of the official Laravel project.

According to Aikido, the attackers compromised 233 versions across three repositories, while Socket said roughly 700 historical versions may have been impacted. 

What made the attack stand out is that the actual project’s source code was not modified to include malicious code, but instead the attackers abused a GitHub feature that allows tags to point to commits in forks of the same repository.

“Rather than publishing a new malicious version, the attacker rewrote every existing git tag in each repository to point at a new malicious commit,” explained StepSecurity.

“The rewrites started at 22:32 UTC against laravel-lang/lang (the flagship Laravel translations package, with 502 tags) and finished by 00:00 UTC against laravel-lang/actions. All four repositories share the same fake author identity, the same modified files, and the same payload behavior, which makes them almost certainly the work of one actor using one compromised credential with org wide push access.”

This allowed the attackers to publish what appeared to be legitimate release tags for the project, which actually led to malicious commits stored in an attacker-controlled fork of the repository.

When developers installed the package via Composer, it would download the malicious code while it appeared to install legitimate Laravel Lang releases.

Executes a credential-stealer

The researchers found that the malicious releases introduced a malicious file named ‘src/helpers.php’, which was automatically loaded by Composer.

The injected code acted as a dropper that downloaded a second payload from the attacker’s command and control server at flipboxstudio[.]info.

The downloaded PHP payload [VirusTotal] was a large cross-platform credential stealer for Linux, macOS, and Windows that harvests cloud credentials, Kubernetes secrets, Vault tokens, Git credentials, CI/CD secrets, SSH keys, browser data, cryptocurrency wallets, password managers, VPN configurations, and local `.env` configuration files. 

The malware also contains regular expression patterns used to extract AWS keys, GitHub tokens, Slack tokens, Stripe secrets, database credentials, JWTs, SSH private keys, and cryptocurrency recovery phrases from files and environment variables. 

On Windows systems, the PHP payload also extracts a base64-encoded executable [VirusTotal] embedded within the file, which is written to the %TEMP% folder as a random .exe filename, and then launched.

BleepingComputer’s analysis of the Windows infostealer shows it is named ‘DebugElevator’ and designed to target Chrome, Brave, and Edge, and extract App-Bound Encryption keys needed to decrypt stored browser credentials.

An embedded PDB path also references the Windows account name ‘Mero’ and contains ‘claude,’ potentially indicating that AI was used to assist in developing the Windows malware.

C:\Users\Mero\OneDrive\Desktop\stuff\claude\Chromium-DebugElevator\x64\Release\DebugChromium.pdb

The researchers say that once the sensitive data has been extracted, the malware encrypts it and sends it back to the C2 server.

Aikido says they reported the incident to Packagist, which responded quickly by removing the malicious versions and temporarily unlisting the affected packages to prevent additional installations.

Developers using Laravel Lang packages are advised to review installed package versions, rotate exposed credentials, inspect systems for indicators of compromise, and, if possible, check for historical outbound connections to flipboxstudio[.]info.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Download Now

Art lovers searching for a meaningful summer project will enjoy the LEGO Ideas Vincent van Gogh The Starry Night set, priced at $136 (was $170). This 2,316-piece model turns the 1889 painting into a three-dimensional display that captures the original’s swirling energy in brick form. The project began as a fan submission on the LEGO Ideas platform. Designer Truman Cheng translated the famous canvas into a build that uses clever layering instead of flat mosaics.

Every stage directs your hands through the painting’s composition, beginning with a peaceful village and a large cypress tree at the bottom. Small details such as rooftops and windows begin to appear. The big black tree begins to rise, using some care to give it true presence. These early stages go quickly enough to keep things exciting without distracting you from paying attention to all of the nuances that make the scenario appear authentic.

LEGO Ideas Vincent Van Gogh The Starry Night – Building Set for Adults, Ages 18+ – Beautifully Detailed…

• Starry Night LEGO – Channel the spirit of Vincent van Gogh to construct a 3D LEGO wall art homage to one of his most beloved paintings: The Starry…
• Vincent Minifigure Display – This detailed home décor set comes with an adjustable display arm for the Van Gogh minifigure holding a paintbrush and…
• Capturing Art Techniques – Capture Van Gogh’s colors and brushstrokes with clever building techniques that mirror the original swirling clouds and…

Once you’ve completed the lower sections, the spotlight moves to the sky. Layers of flat brick plates begin to rise and fan out in repetitive patterns resembling Van Gogh’s thick brush strokes. With each additional row, the arcs of the clouds and stars become deeper, resulting in an amazing three-dimensional texture rather than a simple outline. Fans describe this section as almost meditative because, while the action remains basic, the outcomes become far more amazing with each handful of bricks. The color palette is also spot on for the artwork, so you get the typical mix of blues, yellows, and whites developing gradually, which keeps you going till the end.

The set includes a detailed Vincent van Gogh minifigure. He’s holding a paint brush and palette and stands on an adjustable arm in front of a tiny printed easel displaying a miniature replica of the same artwork. The arm gives the impression that he is either working on the large model or simply inspecting it. That simple touch gives warmth to the entire exhibit, making it feel more personal than just a beautiful piece of decoration.

When all is said and done, the model measures about 12 inches tall, 15 inches wide, and 5 inches deep. You can either place it on a shelf or hang it on the wall with the provided hook. In either case, you’ll have a showcase that makes you want to stop and take a closer look, not just because it’s a really good LEGO model, but also because it looks exactly like the renowned painting.