As we approach the Thanksgiving holiday, the global iGaming industry continues to evolve at full speed — driven by record-breaking online casino revenues in the U.S., tightening regulatory frameworks across Europe, and a new wave of cybersecurity incidents impacting operators and their supply chains. This week’s digest captures the most important developments across Trends & Analytics, Law & Regulation, and Hacks & Data Breaches, helping you stay sharp in a fast-moving environment.
From everyone at ONSEC, we wish you a warm and joyful Thanksgiving — may your week be filled with good food, great company, and zero zero-days. And as a small holiday gift, here is our
New Jersey Online Casinos break monthly record — October iGaming revenue surges ~75.5% MoM. NJ casinos posted a banner month with iGaming revenue jumping sharply, driven largely by a strong outcome at one major operator. Gaming Today
EU illegal online gambling market remains enormous — illegal operators reportedly generated ~€80.6 billion in 2024 gross gaming revenue, representing 71% of total GGR across the region. This massive size of the grey-market highlights both risk and opportunity: regulated operators may benefit from stricter enforcement, but also face strong competition from unlicensed platforms. Tribuna
Michigan Gaming Control Board: October online casino handle hits record highs. Michigan’s October iGaming performance continued to set new records, showing resilience and steady demand in regulated U.S. markets. iGB
EveryMatrix acquires front-end specialist Goma Gaming — pushing platform innovation and UI upgrades across iGaming. The buyout strengthens EveryMatrix’s tech stack, enabling better front-end experiences — a move reflecting increasing competition on user experience. GamblingNews
Vixio Regulatory Intelligence names global regulatory leaders at 2025 Awards — industry emphasises compliance & corporate responsibility. The recent event highlighted growing recognition of compliance performance and corporate governance as central to long-term success in iGaming. European Gaming
Law & Regulation
UK plan to hike remote-gaming taxes rattles operators — may reshape margins significant for major groups. The proposed increases in remote-gaming duty and betting duty (from 2026/2027) prompt concern among listed operators about consumer attrition and profitability pressures. Reuters
Legal tension for prediction-market platforms: Kalshi ruled subject to state gambling laws in Nevada, raising uncertainty for non-traditional gambling formats. The decision increases regulatory risk for operators offering event-contract or prediction services — a red flag for entrants using hybrid models. Financial Times
Regulated-market incumbents in U.K. & EU face growing calls for affordability, safer-gambling and tax/ duty reforms — compliance and reporting burden rising. The environment is shifting toward tighter regulation and higher compliance standards, making due diligence, player-protection and transparent operations more critical. The Guardian
UK government unveils sweeping remote-gaming tax hikes in 2026–2027 budget — remote-gaming duty nearly doubles (from 21% to 40%), and remote sports-betting duty also rises significantly. The increased tax burden could strain margins for operators and push some customers toward unregulated markets, especially smaller operators with less cushion. The Guardian
European regulators from major jurisdictions formalise cross-border cooperation to fight illegal online gambling — joint info-sharing, coordinated enforcement and tighter controls on unlicensed ads and affiliates. This move should strengthen enforcement against grey-market operators and benefit compliant iGaming providers by reducing illicit competition. SigmaPlay
Wider crackdown on illegal EU gambling activity following report by European Casino Association (ECA) & Yield Sec showing €20 bn annual tax revenue loss due to unlicensed operators — triggering renewed regulatory pressure on grey-market sites. The resulting pressure may accelerate license applications, compliance upgrades, and consolidation in the regulated sector. Yogonet
Hacks & Data Breaches
International Game Technology (IGT) reportedly hit by ransomware; ~10 GB data and 21,600 files allegedly exfiltrated by group Qilin. As a major technology provider in lotteries and casinos globally, IGT’s compromise could ripple across many operators relying on its backend or gaming supply — a serious supply-chain warning. TechRadar
Upgraded vigilance after broad industry alert on vendor-supply-chain risk — underscores need for tighter vendor-due-diligence across iGaming stakeholders. The IGT incident adds to a mounting trend: breaches at suppliers can threaten multiple downstream partners, including payment systems, RNG providers, and lotteries. TechRadar
SitusAMC breach affecting major U.S. banks & financial-services clients — a vendor processing loan / finance documents was hacked around November 12, exposing possibly sensitive customer data across institutions including major banks. TechCrunch –Why It Matters: Many iGaming operators rely on third-party finance/payment or document-processing vendors (KYC, payments, compliance). A breach at a vendor like SitusAMC shows how supply-chain exposures outside direct gaming infrastructure can nonetheless compromise sensitive personal or financial data — potentially undermining AML/KYC compliance, user trust, and regulatory standing.
PlushDaemon-linked “EdgeStepper” supply-chain malware campaign — routers and network devices globally infected, enabling credential theft, remote-code execution and long-term infiltration. TechRadarWhy It Matters: iGaming platforms, affiliates, and backend infrastructure often rely on network hardware, VPNs, routers or cloud services. A widespread supply-chain exploit at network-device level raises the risk of persistent undetected access, data exfiltration, or infrastructure sabotage — especially dangerous for platforms handling payments, live gaming streams, or personal data.
SitusAMC breach hits major US banks and vendors — A cyber-attack on financial-services vendor SitusAMC, disclosed Nov 12, 2025, exposed customer and institutional data for several large banks and mortgage firms. Cybernews. Why It Matters: Many operators and payment processors in iGaming rely on third-party financial vendors — a breach at such a vendor can compromise payment and KYC data, increase fraud risk, and attract regulatory scrutiny for any operators using the same vendor ecosystem.
Final words
The week’s developments make one thing clear: iGaming is entering a new phase where growth, regulation, and security must coexist in balance. Markets are expanding, regulators are sharpening their tools, and threat actors continue to target the financial and data-rich ecosystems surrounding online gaming. As 2025 winds down, operators who strengthen their defenses, refine compliance structures, and build resilience into every layer of their platforms will be the ones positioned to win in 2026.
From the ONSEC team — enjoy your holiday, stay vigilant, and stay ahead. ONSEC: Where exploits meet excellence.
is a boutique penetration testing company with over 15 years of experience and more than 450 successful projects completed worldwide. We specialize in securing the iGaming, betting, and gaming industries, delivering tailored expertise and trusted protection.
To keep our clients informed and ahead of emerging threats, we created this newsletter. Here, you’ll find critical updates on industry trends and analytics, law and regulatory changes, and real-world hacks and data breaches. Stay secure with ONSEC!
Leave a comment