This week marks a pivotal moment for the global iGaming industry, as the United Arab Emirates officially enters the regulated online gaming space — opening a tightly controlled but strategically significant market for MENA-facing operators. Across North America, regulators continue to clarify boundaries around sweepstakes and dual-currency gaming models, while U.S. states debate the future of full iGaming legalization. At the same time, mounting cybersecurity signals — from massive credential leaks to active exploitation of widely used web frameworks — highlight the growing operational risks tied to scale, third-party dependencies, and modern front-end architectures.
Trends & Analytics
- New licensed iGaming platform launches in the UAE under federal gaming authority. The United Arab Emirates officially launched Play971, its first regulated online casino and sports betting website, marking a major market entry for MENA-facing iGaming brands. Source: Times of India — UAE launches its first licensed sports wagering and iGaming website
- FanDuel Casino debuts exclusive Love Island Reel Vibes slot across multiple U.S. states. The new exclusive title expands FanDuel’s content portfolio and enhances player engagement across NJ, PA, CT and Ontario, with Michigan expected next.Source: StockTitan — FanDuel Casino debuts Love Island Reel Vibes exclusive online slot
- Gaming News Canada: Ontario and Alberta poker & prediction markets trend discussion. Experts highlight layered opportunities in online poker liquidity, Alberta’s regulatory outlook, and the evolving role of prediction markets. Source: Gaming News Canada — Thoughts and layers on online poker liquidity, the Alberta market, and prediction markets in Canada
- Casino.org identifies top online casinos in Ireland for December 2025. A new ranking highlights leading licensed platforms in Ireland based on game variety, bonuses, and security — underscoring European mobile growth. Source: The Sun — Best online casinos in Ireland Top casino sites | December 2025
- Industry data shows continued iGaming demand in core U.S. states. A recent iGB dashboard update highlights strong online casino and sportsbook KPIs in regulated states, with traffic and retention setting new 2025 benchmarks. Source: iGaming Business — iGB
Law & Regulation
- Brazil Senate approves 15% tax on player deposits, raising concerns about illegal market growth. The new tax on licensed gambling deposits is part of broader fiscal policy but may drive players toward unregulated channels if improperly implemented. Source: iGamingBusiness — Brazil sector warns of illegal gambling rise after Senate plenary approves 15% tax on deposits
- New York Senator calls for iGaming regulation following sweepstakes ban. State lawmakers argue the sweepstakes legislation sets the stage for comprehensive regulated online casino policy in the Empire State. Source: CasinoReports — New York’s Addabbo: The Time Is Now For ‘Serious Discussions’ About Online Casino
- Indiana lawmakers introduce bill to outlaw online sweepstakes gambling platforms. House Bill 1052 targets dual-currency social gaming sites, aligning with a wider crackdown in U.S. states facing sweepstakes legal ambiguity. Source: NewsNet5 — Indiana Introduces Bill to Ban Online Sweepstakes Gambling
- New York City approved three Las Vegas-style resort casinos, a major land-based expansion. The Empire State Gaming Commission granted conditional licences for three major casino projects, expected to drive jobs and revenue while shaping broader iGaming debates. Source: AP News — New York City is getting its first 3 Las Vegas-style casinos
- JOI Gaming fined €400,000 for breach of Dutch marketing rules.
The Dutch gambling regulator Kansspelautoriteit (KSA) imposed a €400,000 fine on JOI Gaming for violations of local advertising and consumer-protection regulations, reinforcing tougher enforcement in Europe. This action highlights rigorous marketing compliance expectations that licensed operators in the EU must meet to avoid sanctions and reputational damage.
Source: Gaming Intelligence
Hacks & Data Breaches
- Pornhub premium user data breach via third-party analytics provider (Mixpanel). Hackers claiming affiliation with ShinyHunters threatened to release nearly 200 million records of Pornhub premium users’ emails and viewing histories after compromising analytics data. Impact on iGaming: Large credential-related datasets like this are valuable to threat actors for credential-stuffing, phishing, social engineering and cross-site account abuse — risks that extend into iGaming, sportsbook accounts, and affiliate dashboards if reused credentials are present. Source: Reuters — https://www.reuters.com/world/americas/hacking-group-shinyhunters-claims-theft-data-users-leading-sex-site-pornhub-2025-12-16/Reuters
- APT exploitation of React2Shell/React server vulnerabilities continues
Active exploitation of server-component vulnerabilities in widely used web frameworks (React/Next.js) was observed, with multiple threat actors weaponising it shortly after disclosure. Impact on iGaming: Many iGaming front-ends, live-casino UIs and sportsbook interfaces run on React/Next.js; active exploitation increases the risk of remote code execution, bet manipulation, data theft, or unauthorized access if left unpatched.
Source: Risky Business — Risky.Biz - Supply-chain attacks remain elevated in 2025, doubling typical incidence rates
Security analysis indicates that supply-chain attacks — compromising trusted third-party components to infiltrate clients — have surged to nearly double their usual rate this year.
Impact on iGaming: iGaming operators rely heavily on third-party platforms for CRM, payments, KYC, analytics and affiliate tech; any breach in that supply chain can cascade into vendor compromise, unauthorized access, or data exfiltration. Source: CyberSentriq — Supply Chain Attacks Surge in 2025 (Oct update) CyberSentriq - FBI confirms 630 M stolen passwords circulating — fueling credential-stuffing threat
The FBI publicly confirmed that over 630 million stolen passwords were recovered from hacker systems; such broad pools are regularly used in automated attack tools.
Impact on iGaming: Credential reuse remains one of the top drivers of account takeover, bonus abuse and wallet compromise on gambling platforms, especially during high-traffic seasonal periods.
Source: Forbes — FBI confirms 630M stolen passwords forbes.com
Final Words
As iGaming expands into new jurisdictions and regulatory frameworks mature, operators must balance growth ambitions with heightened compliance and security expectations. This week’s developments reinforce that success in 2026 will depend not only on market access and content innovation, but also on rigorous vendor oversight, resilient infrastructure, and proactive defense against increasingly sophisticated cyber threats. ONSEC will continue tracking the trends and risks shaping the industry — helping operators stay secure, compliant, and competitive in a rapidly evolving global market.
Leave a comment