This week in iGaming, performance and pressure are rising together: operators are sharpening their 2026 profitability narratives, while regulators and courts keep redrawing the boundary between traditional sportsbooks and prediction-market “event contracts.” Meanwhile, the security backdrop remains unforgiving—Patch Tuesday volume, actively exploited vulnerabilities, and payment-provider disruption all reinforce that uptime, trust, and fraud loss are now tightly coupled to response speed. Bonus at the end: ONSEC’s short PDF “The $25 Million Video Call: Why Deepfake Fraud Will Crush Unprepared iGaming” breaks down how deepfakes are already being used against finance and VIP workflows—and what controls actually stop them.
Trends & Analytics
- New Jersey posts double-digit iGaming growth in January. Online casino performance again did heavy lifting for the state’s overall gambling revenue picture.
Source: iGaming Business — New Jersey gambling revenue rises on iGaming growth in January (iGB) - New York sports betting handle slips YoY in January. Handle dipped slightly versus January 2025, while revenue landed at its lowest since October 2025—useful signal for hold/seasonality expectations.
Source: iGaming Business — New York sports betting handle dips from a year ago in January (iGB) - DraftKings issues cautious 2026 guidance amid prediction-markets pressure. Management framed prediction markets as a major growth lane, but conservative outlook spooked investors and raised “cannibalization” questions.
Source: iGaming Business — DraftKings 2026 guidance cautious as US prediction markets make inroads (iGB) - BetMGM targets Brazil scale via a Grupo Globo JV. Exec commentary underscored how local distribution and brand reach are central to hitting market-share ambitions in newly regulated growth markets.
Source: iGaming Business — BetMGM on track for 10% Brazil market share with Grupo Globo JV (iGB) - Giannis Antetokounmpo takes an equity stake in Kalshi—another sign prediction markets are converging with gambling attention. The move highlights how “sports-adjacent financial products” are competing for mindshare (and potentially wallet share) alongside sportsbooks.
Source: iGaming Business — Will Giannis stake in prediction market Kalshi be a first or a last? (iGB)
Law & Regulation
- California approves new card-room blackjack/player-dealer regulations. The rule change landed as a significant blow to the card-room sector—watch for downstream impacts on local ecosystems and policy fights.
Source: iGaming Business — California card room changes by state deliver fierce blow to industry (iGB) - Virginia iCasino bills survive key votes (with shifting dynamics). The legislative progress keeps Virginia on the shortlist of 2026 “next wave” iCasino states to monitor.
Source: iGaming Business — Virginia online casino bills survive Senate, House vote flips (iGB) - South Dakota advances an online sports betting ballot question. The Senate passage keeps the “voter route” alive and signals continued appetite for expansion frameworks.
Source: iGaming Business — Online SD sports betting resolution passes Senate (iGB) - Polymarket hit with a Dutch penalty order from Kansspelautoriteit. The Netherlands treated the product as gambling requiring a licence, threatening fines if operations don’t stop.
Source: iGaming Business — Polymarket faces Dutch penalty over illegal operations (iGB) - Tabcorp fined for illegal online in-play betting breaches (Australia). Regulators emphasized that reliance on third-party providers doesn’t outsource compliance responsibility.
Source: Inside Asian Gaming — Tabcorp fined AU$158,400 for taking illegal in-play sports bets (IAG)
3) Hacks & Data Breaches
- Microsoft Patch Tuesday: six actively exploited zero-days (Feb 2026). For iGaming, this is a reminder to patch endpoints + back-office servers fast—unpatched fleets become the easiest foothold for extortion and data theft.
Source: Malwarebytes — February 2026 Patch Tuesday includes six actively exploited zero-days (Malwarebytes) - Google patches Chrome zero-day exploited in the wild (Feb 16). Browser exploitation is still a practical route to session theft and account compromise—especially for trading/risk/affiliate/admin users.
Source: BleepingComputer — Google patches first Chrome zero-day exploited in attacks this year (BleepingComputer) - Windows 11 Notepad Markdown-link RCE patched (Feb 12). Seemingly “small” client-side bugs can become a low-friction malware path through social engineering (files shared internally or by vendors).
Source: TechRadar — Microsoft patches Windows 11 Notepad security flaw (TechRadar) - BeyondTrust Remote Support: critical RCE now exploited in attacks. Remote-support tooling is high-value in iGaming ops; compromise can cascade into privileged access across environments.
Source: BleepingComputer — Critical BeyondTrust RCE flaw now exploited in attacks, patch now (BleepingComputer) - Apple fixes a zero-day used in “extremely sophisticated” attacks (Feb 12). Mobile/admin device compromise remains a serious risk for executives and high-privilege staff who approve payments, manage vendors, or access operator dashboards.
Source: TechRadar — Apple fixes dangerous zero-day flaw affecting macOS, iOS and more (TechRadar)
Final Words
2026 advantage will go to operators who treat regulatory clarity and security readiness as revenue defense. With actively exploited zero-days hitting endpoints and browsers, and with remote-support tooling and mobile devices remaining high-value targets, the gap between “patched” and “protected” can become an outage, fraud spike, or compliance incident fast. If you want a practical readout of where attackers can pivot in your environment—front-end/APIs, cashier and payment flows, KYC/CRM integrations, affiliate panels, admin access, and third-party/vendor exposure—ONSEC can help with iGaming-focused penetration testing and a prioritized remediation plan your engineering team can execute quickly.
Leave a comment