Awesome Accessories

Which karaoke accessories you need will depend on what kind of system you buy. For example, if you’re buying a portable Bluetooth speaker that doubles as a karaoke machine with traditional microphone inputs, the first thing you’ll need is a good microphone like the Shure SM58 and a cable (or two). If your device offers only quarter-inch inputs, you’ll want to add an XLR to quarter-inch cable or an XLR to quarter-inch adapter.

That’s a great start, but even if your machine comes with built-in wireless mics, there are some good accessories worth considering to raise the experience a notch or two.

A Mic, Stand, Cable (and Adapter)

The Shure SM58 ($109) is the most popular stage mic on Earth for a reason: they’re bulletproof and they sound great. If you need of a mic, we highly recommend picking up the SM58; they’re probably what you’ve used at your local juke joint.

Our favorite mic stands are from the German brand K&M ($83), but you can totally get away with an Amazon Basics Mic Stand ($23) at home. I like colorful microphone cables like these ($12). If you need one, snag a quarter-inch to XLR adapter ($10 for two) so that your mic can plug into every karaoke machine you find.

Shure SM58 Microphone

Photograph: Parker Hall

A Vocal Effects Box

If you want to mess with the way voices actually sound, or to create cool harmony lines with yourself on the fly, we highly recommend the new Antares Headrush VX5 pedal ($299). This thing can make you perfectly in tune, but it can also do things like stack layers of your own voice on top of or below each other. You can even hook up an instrument and play along with tunes and have it match the key of your axe.

Photograph: Parker Hall

A Portable Projector

If you’re not using a TV in your living room, it’s an awesome idea to grab a cheap but quality portable projector. We like the latest small model from Anker ($530), because it is relatively affordable and includes a decent pair of speakers for when you’re watching movies outside and don’t want to hook up a PA.

A Streaming Stick for Casting to Your TV

If you don’t already have a way to cast content from your phone to your TV or projector, we highly recommend any of the latest 4K streaming devices. These all have a way to share stuff from phones to screens, and you can download YouTube or other karaoke apps.

Cool Lights

Ambience is a key part of a good karaoke party. We really love this light from Soundboks ($299), who also make big party speakers. It can sync to your music and is USB-C rechargeable for off-grid vibes.

Photograph: Parker Hall

OpenAI, Anthropic, and Block have cofounded a new open source organization—the Agentic AI Foundation—to promote standards for artificial intelligence agents.

The three companies are also transferring ownership of some widely used agentic technologies over to the foundation. This includes Anthropic’s Model Context Protocol (MCP), which allows agents to connect and interact; OpenAI’s Agents.md, which lets programs and websites specify rules for coding agents; and Goose, a framework for building agents developed by Block. These technologies were already free to use, but through the new foundation it will be possible for others to contribute to their development.

“MCP is used by many companies, but there are others [who don’t use it],” says Nick Cooper, who leads work on the protocol at OpenAI. Cooper says that making MCP an open standard should encourage developers and companies to embrace it and build systems that integrate agentic AI. “That open interoperability—that open standard—really means that companies can talk across providers, and across agentic systems.”

The Agentic AI Foundation is being created under the Linux Foundation, which oversees development of the widely used open source Linux operating system as well as other projects. The foundation provides legal and technological support for the creation of open source foundations. Other companies who have signed on to the AAIF, beyond the three founding members, include Google, Microsoft, AWS, Bloomberg, and Cloudflare.

The new foundation reflects a nascent shift from chat-based AI systems to greater use of programs that take actions on behalf of users. This kind of agentic AI promises a potentially lucrative new paradigm in which AI agents use the web and negotiate with one another to power all sorts of applications. Consumers may, for example, use AI assistants to buy and book things, while businesses use AI agents to manage transactions and customer interactions.

Srinivas Narayanan, chief technology officer of B2B applications at OpenAI, envisions a time when large numbers of AI agents routinely communicate with one another in the course of business. The AI industry working across the same open standards should help ensure that those interactions happen seamlessly. “Open source is going to play a very big role in how AI is shaped and adopted in the real world,” Narayanan says.

The question of openness seems crucial to AI right now. US companies mostly make money by offering access to powerful closed models through application programming interfaces, or APIs. Meta previously released the weights for its best model, Llama, so that anyone could download and run it, although the company has recently signaled a shift to a more closed approach. A number of Chinese AI companies, including DeepSeek, Alibaba, Moonshot AI, and Z.ai, provide strong open source models that have become popular with developers, startups, and AI researchers. Some worry that this picture could give Chinese firms a big strategic advantage over time.

Microsoft has addressed a little shy of 60 newly-designated common vulnerabilities and exposures (CVEs) in the final Patch Tuesday update of a challenging year for defenders, bringing the total volume of flaws fixed this year to over 1,100.

Out of this month’s flaws, three are rated as critical in their severity, one is known to be actively exploited in the wild, and two more are known to have public proofs of concept available, but are not yet being exploited.

The exploited vulnerability, tracked as CVE-2025-62221, affects Windows Cloud Files Mini Filter Driver. It arises as the result a use after free (UAF) condition in which the program references memory after it has been freed up, leading to unpredictable and sometimes dangerous conditions. In this instance, a threat actor can use it to escalate their privilege levels on the victim system.

“While there is no confirmed public PoC for CVE-2025-62221, past research and PoCs for related Cloud Files mini-filter issues suggest attackers already understand the underlying techniques,” said Mike Walters, co-founder and CEO of patch management specialist Action1.

“The real impact of this vulnerability emerges when attackers chain it with other weaknesses. After gaining low-privileged access through phishing, a browser exploit, or an application RCE, they can use CVE-2025-62221 to escalate to SYSTEM and take full control of the host.”

Walters warned that with Cloud Files pretty much ubiquitous, and exploitation confirmed, the risk for defenders was how quickly the flaw will become part of threat actor attack chains. He said that since it only requires low privileges to exploit, users with weak least-privilege practices, or heavily-shared endpoints, may be heading for trouble.

Meanwhile, the two publicly-disclosed vulnerabilities this month are both remote code execution (RCE) issues, one affecting PowerShell – CVE-2025-54100 – and the other affecting GitHub Copilot for Jetbrains – CVE-2205-64671.

The PowerShell vulnerability stems from a command injection flaw that exists in how Windows PowerShell process web content, which an unauthenticated attacker could sue to execute arbitrary code as a user who is allowed to run crafted PowerShell commands. Given PowerShell’s significance and role in offensive tooling, exploitation is likely to be straightforward, and it likely becomes more dangerous as part of a social engineering attack chain against privileged users.

The GitHub Copilot vulnerability, meanwhile, stands out as one of the more interesting flaws being patched this month, according to Immersive senior director of cyber threat research Kev Breen.

“Copilot is the GenAI coding assistant that is used by Microsoft and GitHub [and] this vulnerability specifically refers to the JetBrains extensions,” explained Breen. “The vulnerability states that it’s possible to gain code execution on affected hosts by tricking the LLM [large language model] into running commands that bypass the guardrails and appending instructions in the user’s ‘auto-approve’ settings.

“This can be achieved through ‘Cross Prompt Injection,’ which is where the prompt is modified not by the user but by the LLM agents as they craft their own prompts based on the content of files or data retrieved from a Model Context Protocol (MCP) server that has risen in popularity with agent-based LLMs.”

Breen said that although Microsoft has marked this vulnerability as less-likely-to-be-exploited, if adopting a risk-based approach to patching, the developers whom it targets typically have more privileged access to API keys or other secrets. Therefore, he added, anybody running GitHub Copilot for JetBrains should patch promptly.

Finally, this month’s three critical flaws are all RCE vulnerabilities. Two of them, CVE-2025-62554 and CVE-2025-63557, affect Microsoft Office, and the third, CVE-2025-65272 is to be found in Outlook.