Over the weekend, Google CEO Sundar Pichai faced a small revolt when he delivered his commencement speech at Stanford University, where he earned his graduate degree in materials science and engineering. About 200 students from the graduating class reportedly walked out, while others loudly booed the tech executive.

The focus of the protest was Google’s defense ties — including Project Nimbus, the controversial $1.2 billion contract, shared with Amazon, to provide cloud and AI services to the Israeli military, as well as its relationship with the U.S. Immigration and Customs Enforcement agency.

Student signs included phrases like “ICE SPIES WITH GOOGLE AI” and “GENOCIDE RUNS ON GOOGLE,” as well as “FREE FREE PALESTINE,” a press release associated with the protest notes. Students also waved Palestinian flags and shouted “free Palestine,” online video of the protest shows.

“We are walking out because we refuse to glorify the corporations that fuel this violence and exercise our power to choose differently,” a statement associated with the protest reads.

The walkout was organized by a number of campus activist groups, including Stanford Students for Justice in Palestine, No Tech for Apartheid, and Tech for Liberation. TechCrunch reached out to Google for comment.

As the war in Gaza has raged, Google’s participation in Nimbus has drawn protests from both inside and outside of the company. In 2024, Google fired 28 workers for protesting the contract, although it has continued to suffer internal dissent over the issue since then. It was also recently criticized by the Electronic Frontier Foundation, which accused it and other companies of “choosing to look the other way” on Israel’s use of their services.

Project Nimbus also enjoys support from Amazon. Microsoft has also been criticized for its support of the Israeli military, although the company restricted the Israeli government’s use of its technology after an investigation found that its cloud services were being used to mass surveil Palestinians.

The student protest also drew criticism from business leaders online. Vinod Khosla, the billionaire co-founder of Sun Microsystems and one of Silicon Valley’s most prominent venture capitalists, posted on X that the protest was “biased, idiotic, short-sighted and very selfish,” adding that it was selfish because the students “ignored the bottom 3 billion people on this planet that could benefit from AI and they are worried about their misinformed selfish self-interest.”

Pichai’s appearance at Stanford is part of a broader pattern. Speakers at college graduation ceremonies around the country have faced boos when they have attempted to get outgoing college students excited about AI. But rarely has student animus been as targeted as it was with Pichai, directed not at AI hype, but at the specific business decisions made by the company he leads. In general, young people seem to believe that AI is threatening their employment opportunities and may be ruining other parts of society as well.

Nintendo is facing a potential incident after a threat actor claimed to have stolen nearly a decade’s worth of internal corporate data and demanded a $2 million ransom to prevent the information from being released publicly.

While the gaming giant has not confirmed the alleged breach, Cybernews researchers reviewing samples of the leaked data say portions of the material appear credible.

“The sample contains HR data, such as pulse surveys and questionnaires about how employees are feeling at work,” researchers noted after examining files published by the threat actor.

Key takeaway from the breach

• A threat actor known as ShadowByte$ claims to have stolen approximately 859MB of Nintendo data and is demanding a $2 million ransom to prevent its release.
• The leaked samples allegedly contain employee names, corporate email addresses, workforce surveys, internal reports, performance metrics, and planning documents.
• Researchers found indicators suggesting portions of the data may be authentic, including employee survey records dating back to 2016 and references to current Nintendo employees.
• It remains unclear whether Nintendo was directly compromised or whether attackers gained access through a third-party provider such as employee engagement platform TinyPulse.
• The incident highlights the growing security risks associated with third-party business applications that store sensitive corporate and workforce data.

Inside the alleged Nintendo data incident

The threat actor, operating under the name ShadowByte$, posted the allegations on a cybercrime forum, claiming to possess approximately 859MB of internal Nintendo data and demanding a $2 million ransom to prevent its release.

According to researchers who reviewed samples published by the actor, the dataset may contain employee names, corporate email addresses, workforce engagement surveys, internal analytics, organizational performance metrics, exported reports, and planning documentation.

Researchers find signs the data may be authentic

While the full scope and authenticity of the alleged breach remain unverified, researchers identified several indicators suggesting that at least portions of the data may be legitimate.

The samples reportedly include employee engagement surveys and workplace feedback records dating back to 2016, supporting the threat actor’s claim that the stolen information spans a ten-year period through 2026.

Researchers also identified references to individuals who appear to still be employed by Nintendo, lending additional credibility to parts of the leaked dataset.

Furthermore, metadata for some exported files reportedly showed creation dates of Jan. 28, 2026, suggesting that at least some records may have been accessed or exported more recently.

Questions remain about the source of the data

Despite these findings, questions remain about how the data was obtained.

Researchers said the available samples do not provide enough evidence to determine whether Nintendo was directly compromised or whether attackers gained access through a third-party service provider that handled employee-related information.

Adding to the uncertainty, ShadowByte$ referenced TinyPulse, an employee engagement platform used by organizations to collect anonymous workforce feedback and measure employee satisfaction.

If accurate, the incident could highlight the ongoing risks associated with third-party vendors that store sensitive corporate data. As organizations increasingly rely on cloud-based business platforms, a compromise involving a trusted provider can expose information across multiple customers.

Nintendo has not publicly confirmed the threat actor’s claims at the time of publication.

Must-read security coverage

How to reduce third-party risk

Although Nintendo has not confirmed the alleged breach, security teams can use the incident as a reminder to review controls surrounding employee and HR-related platforms.

• Conduct regular security assessments of third-party HR, workforce management, and employee engagement vendors to identify and address potential risks.
• Enforce strong access controls, including multi-factor authentication (MFA), least-privilege permissions, and routine user access reviews.
• Monitor HR and SaaS platforms for unauthorized access, unusual activity, and large-scale data exports that could indicate data exfiltration.
• Implement data loss prevention (DLP) controls and encryption to protect sensitive employee information, internal reports, and organizational data.
• Minimize the collection and retention of employee feedback, survey responses, and other sensitive workforce data to reduce potential exposure.
• Establish continuous monitoring of vendor integrations, API connections, and SaaS configurations to detect security gaps and misconfigurations.
• Test incident response plans through tabletop exercises and breach simulations, including scenarios involving third-party vendor compromises.

Together, these measures can help organizations reduce their exposure to third-party risks while building resilience against future incidents.

Editor’s note: This article originally appeared on our sister publication, eSecurityPlanet.

Fox is buying its way deeper into the streaming interface.

The TV corporation is adding another free streaming platform to its roster with the $22 billion purchase of Roku. Announced on June 15, the deal combines Roku, which has 100 million subscribers on its ad-supported The Roku Channel video streaming service, with Fox’s Tubi, another ad-supported service with close to 100 million subscribers.

Fox also gains control of the leader in the smart TV device market, with 32% market share in the US connected TV market ahead of Amazon, Apple, and Samsung, according to Pixalate. This brings in a new revenue stream for Fox, as a key distribution platform for TV shows, movies, and streaming platforms, and could allow them to promote their own programming ahead of rivals.

Roku’s ad platform is the real cash cow

Roku may be best known for its connected TVs and streaming sticks, but those products accounted for less than a quarter of the company’s revenue in 2025.

Amazon, Google, and Xiaomi have flooded the market with cheap streaming sticks — for under $40 — making it hard for Roku to generate consistent revenue. The main segment, which brought in $4.1 billion in 2025, comes primarily from ads sold on The Roku Channel, as well as sponsored placements on the Roku interface.

This is what Fox is paying so much for, as ad-supported streaming platforms have grown rapidly over the last few years. Consumers are looking for cheaper ways to watch TV shows and movies, with Netflix, HBO Max, and Disney+ all introducing cheaper ad-supported subscription tiers. Roku and Tubi compete with YouTube, TikTok, and other freemium video services.

What’s hot at TechRepublic

Roku and Tubi to remain separate… for now

Even though The Roku Channel and Tubi are very similar, Fox has said it will not merge them.

“If you look at Tubi and the Roku channel together, they are incredibly complementary services,” Fox Corporation CEO Lachlan Murdoch said on an investor call, per The Hollywood Reporter. “There’s about a third overlap between the audience, between the two of them, so that they’re not identical audiences. Bringing the two of them together effectively triples the reach of the combined service.”

That said, sentiment can change quickly. When Disney originally acquired most of Hulu, it said the two platforms were complementary, but it has been itching ever since to fully take over Hulu and merge the two to create a streaming powerhouse. The same may happen to The Roku Channel and Tubi over time.

Even though it is unlikely to face the same regulatory heat as the Warner Bros, Netflix, and Paramount buyout drama, especially in the current political climate, there will still be a period for both sides to file antitrust and competition filings. With Roku holding a dominant position as a streaming distributor, Fox may need to sign agreements allowing rivals to be featured on the platform and to retain some access to Roku’s physical remote control buttons.

Fox expects to close the deal in the first half of 2027.

Related reading: Google made a similarly massive bet on cybersecurity earlier this year, agreeing to acquire cloud security firm Wiz for $32 billion in the largest tech deal in Israeli history.