SHA-1 collision attacks are now actually practical and a looming danger Research duo showcases first-ever SHA-1 chosen-prefix collision attack May 13, 2019 https://www.zdnet.com/article/sha-1...-now-actually-practical-and-a-looming-danger/ Research paper (PDF): https://eprint.iacr.org/2019/459.pdf
New 'Shambles' Attack Against SHA-1 Shows It’s Finally Time to Ditch It Everyone should have stopped using it years ago January 7, 2020 https://www.tomshardware.com/uk/news/researchers-reveal-new-sha-1-attack SHA-1 is a Shambles SHA-1 is a Shambles - First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust (PDF - 586 KB): https://eprint.iacr.org/2020/014.pdf
Git developers release test code to transition away from aging SHA-1 hashing February 6, 2020 https://portswigger.net/daily-swig/...e-to-transition-away-from-aging-sha-1-hashing
OpenSSH to deprecate SHA-1 logins due to security risk Breaking a SHA-1-generated SSH authentication key now costs roughly $50,000, putting high-profile remote servers at risk of attacks May 27, 2020 https://www.zdnet.com/article/openssh-to-deprecate-sha-1-logins-due-to-security-risk/
Updating the Git protocol for SHA-256 June 19, 2020 https://lwn.net/SubscriberLink/823352/ea717c1e49390505/
Collision avoidance: OpenSSH lays out plans to ditch aging SHA-1 hashing algorithm Security shortcomings have become too severe to ignore September 29, 2020 https://portswigger.net/daily-swig/...-plans-to-ditch-aging-sha-1-hashing-algorithm