This week’s iGaming landscape shows strong U.S. momentum heading into year-end, with projections pointing toward the first-ever $1 billion month for online casinos and renewed regulatory activity in Michigan as player volumes surge. Market fragmentation across the U.S. remains a defining strategic challenge, while holiday-season acquisition pushes signal intense competition among operators and new platforms. At the same time, a series of high-impact global cyber incidents — including financial-vendor breaches, telecom data leaks, and newly exploited zero-days — highlight growing supply-chain vulnerabilities that directly affect online betting and casino ecosystems.
US online casino revenue likely to hit $1 billion this month — Analysts now predict that the seven U.S. states with legal online casinos will cross the $1 billion monthly-revenue milestone in December 2025, reflecting ongoing growth in regulated iGaming demand. Sports Betting Dime
User activity surge prompts regulatory review in Michigan — With online-casino income rising sharply, the Michigan Gaming Control Board (MGCB) said it will review state gambling rules to ensure compliance and responsible gaming standards. Play USA
US online-casino and sportsbook landscape remains limited: only 7 states allow full online casino play as of December 2025 — The patchwork regulation underscores the value of established regulated states — and the opportunity gap in the majority of U.S. states. CBS Sports
New online casinos and platforms reviewed for U.S. December 2025 market entrants — Industry analysts highlight a wave of bonuses, platform updates, and promos aimed at reactivating players before the end of year, suggesting strong acquisition focus in holiday season. Crossing Broad
Online poker regulation in flux — 2025 marks a turning point for U.S. online poker landscape — Several major states are reconsidering frameworks, which could shift poker from a niche to a core iGaming vertical if regulation expands. Yogonet
Law & Regulation
Michigan Gaming Control Board issues 12 cease-and-desist letters to offshore operators illegally targeting Michigan residents — The enforcement action signals strong regulator commitment to securing licensed markets and reducing grey-market leakage. Michigan
U.S. state-by-state regulation patchwork continues to shape strategic decisions for national operators — With only some states offering full iGaming licenses, operators must balance growth ambitions with compliance complexity and market risk. CBS Sports
Regulators in Michigan schedule a board meeting Dec 9 to discuss implementation of internet gaming & sports-betting acts — Stakeholders anticipate updates on licensing, compliance, and possible expansion of regulated offerings. Michigan
Growth in regulated US markets expected to drive consolidation and licensing activity in 2026 — The tightening of regulation and rising revenue in compliant states makes licensing and M&A a likely trend for operators preparing for next-year expansion. Gaming America
Hacks & Data Breaches
Marquis Software ransomware breach affects banks and credit unions — fintech vendor notifies dozens of institutions of stolen customer data. Source: Reuters Reuters Why it matters for iGaming: If any of those financial institutions or associated payment/verification vendors overlap with payment processors or banking rails used by iGaming platforms, the breach could lead to increased fraud, compromised KYC/AML data, or chargeback risk. This underscores the supply-chain exposure for operators relying on third-party financial services.
Freedom Mobile data breach — personal data (names, phone numbers, birth-dates, addresses, account info) of unspecified customers exposed. Source: SecurityWeek SecurityWeek Why it matters for iGaming: Leaked telecom / personal-data records expand the pool of data that fraudsters might use for account-takeover, identity-theft, or multi-account schemes in iGaming platforms — especially in regions where mobile number + identity data are used for verification or 2FA.
Barts Health NHS Trust breached via zero-day in Oracle E-Business Suite. A ransomware group exploited a previously unknown Oracle EBS vulnerability to compromise systems at one of the UK’s largest healthcare providers. Impact on iGaming: Many operators, vendors, and payment processors also rely on Oracle enterprise infrastructure — meaning the same zero-day could be used to target gaming supply-chain services, KYC processors, back-office systems, or finance modules. Beeping Computer
Critical React Server Components RCE vulnerability (CVE-2025-55182) now actively exploited. A severe remote-code-execution flaw in React Server Components — common in React/Next.js applications — began seeing active attacks after public disclosure on December 3. Impact on iGaming: Modern casino and sportsbook front-ends often run on React-based frameworks; exploitation could enable account compromise, bet manipulation, data theft, or malicious script injection on operator platforms. Bugcrowd
Final Words
As digital gaming matures, operators face a dual mandate: harness accelerating market demand while navigating mounting regulatory expectations and an increasingly hostile cyber environment. The week’s events reinforce the importance of compliance readiness, resilient infrastructure, and rigorous vendor-risk oversight as we move into 2026. ONSEC will continue tracking the threats, trends, and regulatory shifts shaping iGaming’s next phase — keeping your teams informed, secure, and strategically positioned for growth.
is a boutique penetration testing company with over 15 years of experience and more than 450 successful projects completed worldwide. We specialize in securing the iGaming, betting, and gaming industries, delivering tailored expertise and trusted protection.
To keep our clients informed and ahead of emerging threats, we created this newsletter. Here, you’ll find critical updates on industry trends and analytics, law and regulatory changes, and real-world hacks and data breaches. Stay secure with ONSEC!
Leave a comment